urlscan.io logo urlscan.io
SecurityTrails logo

mellowmassage.bamboohr.com Open in urlscan Pro
2606:4700::6811:f670  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mellowmassage.bamboohr.com/
Effective URL: https://mellowmassage.bamboohr.com/login.php
Submission: On October 08 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 3 domains to perform 19 HTTP transactions. The main IP is 2606:4700::6811:f670, located in United States and belongs to CLOUDFLARENET, US. The main domain is mellowmassage.bamboohr.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 3rd 2024. Valid for: 10 months.
This is the only time mellowmassage.bamboohr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 14 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:244... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 18.67.65.71 16509 (AMAZON-02)
19 5
Apex Domain
Subdomains		 Transfer
19 bamboohr.com
mellowmassage.bamboohr.com
resources.bamboohr.com — Cisco Umbrella Rank: 42066
images7.bamboohr.com — Cisco Umbrella Rank: 55101
staticfe.bamboohr.com — Cisco Umbrella Rank: 46453
4 MB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 220
2 KB
0 cloudflareinsights.com Failed
static.cloudflareinsights.com Failed
19 3
Domain Requested by
9 resources.bamboohr.com mellowmassage.bamboohr.com
5 mellowmassage.bamboohr.com 2 redirects resources.bamboohr.com
mellowmassage.bamboohr.com
4 staticfe.bamboohr.com resources.bamboohr.com
1 cdnjs.cloudflare.com mellowmassage.bamboohr.com
1 images7.bamboohr.com mellowmassage.bamboohr.com
0 static.cloudflareinsights.com Failed mellowmassage.bamboohr.com
19 6

This site contains links to these domains. Also see Links.

Domain
www.bamboohr.com
Subject Issuer Validity Valid
bamboohr.com
Cloudflare Inc ECC CA-3		 2024-03-03 -
2024-12-31		 10 months crt.sh
*.bamboohr.com
Amazon RSA 2048 M02		 2024-04-09 -
2025-05-07		 a year crt.sh
cdnjs.cloudflare.com
WE1		 2024-09-28 -
2024-12-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://mellowmassage.bamboohr.com/login.php
Frame ID: 51B2989E7F0CBDEEF077A40502FE87F5
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login – Mellow Massage

Page URL History Show full URLs

  1. https://mellowmassage.bamboohr.com/ HTTP 302
    https://mellowmassage.bamboohr.com/home/ HTTP 302
    https://mellowmassage.bamboohr.com/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

19
Requests

95 %
HTTPS

75 %
IPv6

3
Domains

6
Subdomains

5
IPs

1
Countries

4567 kB
Transfer

14888 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mellowmassage.bamboohr.com/ HTTP 302
    https://mellowmassage.bamboohr.com/home/ HTTP 302
    https://mellowmassage.bamboohr.com/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
mellowmassage.bamboohr.com/
Redirect Chain
  • https://mellowmassage.bamboohr.com/
  • https://mellowmassage.bamboohr.com/home/
  • https://mellowmassage.bamboohr.com/login.php
53 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mellowmassage.bamboohr.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f670 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f54e4da5d44b853ed90d5f58203d02671fa9b98ea936842b817af13ecd2e6561
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: https://*.bamboohr.com https://*.bamboohr.co.uk *.cloudfront.net d24d2g0g8l15q8.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://*.facebook.com https://*.linkedin.com https://*.segment.io https://*.small-improvements.com https://api.rollbar.com https://app.bamboohr.co.uk https://bam.nr-data.net https://connect.facebook.net *.algolianet.com *.algolia.net embedwistia-a.akamaihd.net app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com pendo-static-5734959405072384.storage.googleapis.com https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://example.com https://www.google-analytics.com https://payments.subscriptionplatform.com https://s-static.ak.facebook.com themes.googleusercontent.com https://wufoo.com https://*.wufoo.com https://www.google.com https://tagmanager.google.com https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://portal-2.flatfile.io https://*.zuora.com https://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com wss://*.pusher.com https://*.checkr.com https://accounts.google.com https://login.microsoftonline.com https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; script-src 'self' *.bamboohr.com *.bamboohr.co.uk data: blob: about https://*.bamboohr.com https://cdn.api.twitter.com https://connect.facebook.net https://bam.nr-data.net *.cloudfront.net d24d2g0g8l15q8.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://accounts.google.com https://login.microsoftonline.com *.newrelic.com http://*.newrelic.com https://fast.wistia.net https://fast.wistia.com get.bamboohr.com *.algolianet.com *.algolia.net app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5734959405072384.storage.googleapis.com https://pi.pardot.com https://www.my1login.com https://app.onelogin.com https://ajax.googleapis.com http://ajax.googleapis.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://wufoo.com https://*.wufoo.com https://*.linkedin.com https://bat.bing.com/bat.js https://www.googleadservices.com/pagead/conversion_async.js https://s.adroll.com/j/roundtrip.js https://*.segment.com https://*.segment.io https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://*.zuora.com https://*.pusher.com wss://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com https://*.checkr.com https://cdn.merge.dev https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://portal-2.flatfile.io https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; img-src * data: blob: ; report-uri /ajax/parse_csp_report.php ; worker-src 'self' data: blob: ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
cf-ray
8cf5986e3a3d423d-EWR
content-encoding
gzip
content-security-policy
default-src 'self' data: blob: https://*.bamboohr.com https://*.bamboohr.co.uk *.cloudfront.net d24d2g0g8l15q8.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://*.facebook.com https://*.linkedin.com https://*.segment.io https://*.small-improvements.com https://api.rollbar.com https://app.bamboohr.co.uk https://bam.nr-data.net https://connect.facebook.net *.algolianet.com *.algolia.net embedwistia-a.akamaihd.net app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com pendo-static-5734959405072384.storage.googleapis.com https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://example.com https://www.google-analytics.com https://payments.subscriptionplatform.com https://s-static.ak.facebook.com themes.googleusercontent.com https://wufoo.com https://*.wufoo.com https://www.google.com https://tagmanager.google.com https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://portal-2.flatfile.io https://*.zuora.com https://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com wss://*.pusher.com https://*.checkr.com https://accounts.google.com https://login.microsoftonline.com https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; script-src 'self' *.bamboohr.com *.bamboohr.co.uk data: blob: about https://*.bamboohr.com https://cdn.api.twitter.com https://connect.facebook.net https://bam.nr-data.net *.cloudfront.net d24d2g0g8l15q8.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://accounts.google.com https://login.microsoftonline.com *.newrelic.com http://*.newrelic.com https://fast.wistia.net https://fast.wistia.com get.bamboohr.com *.algolianet.com *.algolia.net app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5734959405072384.storage.googleapis.com https://pi.pardot.com https://www.my1login.com https://app.onelogin.com https://ajax.googleapis.com http://ajax.googleapis.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://wufoo.com https://*.wufoo.com https://*.linkedin.com https://bat.bing.com/bat.js https://www.googleadservices.com/pagead/conversion_async.js https://s.adroll.com/j/roundtrip.js https://*.segment.com https://*.segment.io https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://*.zuora.com https://*.pusher.com wss://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com https://*.checkr.com https://cdn.merge.dev https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://portal-2.flatfile.io https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; img-src * data: blob: ; report-uri /ajax/parse_csp_report.php ; worker-src 'self' data: blob: ;
content-type
text/html; charset=UTF-8
date
Tue, 08 Oct 2024 10:54:53 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding Authorization,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8cf5986cf912423d-EWR
content-security-policy
default-src 'self' data: blob: https://*.bamboohr.com https://*.bamboohr.co.uk *.cloudfront.net d24d2g0g8l15q8.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://*.facebook.com https://*.linkedin.com https://*.segment.io https://*.small-improvements.com https://api.rollbar.com https://app.bamboohr.co.uk https://bam.nr-data.net https://connect.facebook.net *.algolianet.com *.algolia.net embedwistia-a.akamaihd.net app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com pendo-static-5734959405072384.storage.googleapis.com https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://example.com https://www.google-analytics.com https://payments.subscriptionplatform.com https://s-static.ak.facebook.com themes.googleusercontent.com https://wufoo.com https://*.wufoo.com https://www.google.com https://tagmanager.google.com https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://portal-2.flatfile.io https://*.zuora.com https://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com wss://*.pusher.com https://*.checkr.com https://accounts.google.com https://login.microsoftonline.com https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; script-src 'self' *.bamboohr.com *.bamboohr.co.uk data: blob: about https://*.bamboohr.com https://cdn.api.twitter.com https://connect.facebook.net https://bam.nr-data.net *.cloudfront.net d24d2g0g8l15q8.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://accounts.google.com https://login.microsoftonline.com *.newrelic.com http://*.newrelic.com https://fast.wistia.net https://fast.wistia.com get.bamboohr.com *.algolianet.com *.algolia.net app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5734959405072384.storage.googleapis.com https://pi.pardot.com https://www.my1login.com https://app.onelogin.com https://ajax.googleapis.com http://ajax.googleapis.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://wufoo.com https://*.wufoo.com https://*.linkedin.com https://bat.bing.com/bat.js https://www.googleadservices.com/pagead/conversion_async.js https://s.adroll.com/j/roundtrip.js https://*.segment.com https://*.segment.io https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://*.zuora.com https://*.pusher.com wss://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com https://*.checkr.com https://cdn.merge.dev https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://portal-2.flatfile.io https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; img-src * data: blob: ; report-uri /ajax/parse_csp_report.php ; worker-src 'self' data: blob: ;
content-security-policy-report-only
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=rosGjNiP6a8t9uTGwhmccahVNDr6iaMvOkWYfpc7T1g-1728384893-1.0.1.1-868H9uTjvu2X1mmt.A.olGaBXv2YrFzJn_OvNnDckGHF.7hOEiWY4fZPMV.afDXD1Beazf2muBRSmTTjyGE0diog0n75c.VBK4Qgv51KDxsIPdR9ftsWKBKQ8Fdm7TKGlCQYudMaR9T_YIslXqv4VNv6H6GdEbl83cZzxj.1TMg; report-to cf-csp-endpoint
content-type
text/html; charset=UTF-8
date
Tue, 08 Oct 2024 10:54:53 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
/login.php
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=rosGjNiP6a8t9uTGwhmccahVNDr6iaMvOkWYfpc7T1g-1728384893-1.0.1.1-868H9uTjvu2X1mmt.A.olGaBXv2YrFzJn_OvNnDckGHF.7hOEiWY4fZPMV.afDXD1Beazf2muBRSmTTjyGE0diog0n75c.VBK4Qgv51KDxsIPdR9ftsWKBKQ8Fdm7TKGlCQYudMaR9T_YIslXqv4VNv6H6GdEbl83cZzxj.1TMg"}],"group":"cf-csp-endpoint","max_age":86400}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Authorization,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
global.aee455a7.dist.css
resources.bamboohr.com/css/ 		499 KB
106 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://resources.bamboohr.com/css/global.aee455a7.dist.css
Requested by
Host: mellowmassage.bamboohr.com
URL: https://mellowmassage.bamboohr.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f670 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1d50ae1c4ffb41d8d16c91585bdd144d6d4310537b7728618447e757ea6a2fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mellowmassage.bamboohr.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
content-encoding
gzip
cf-cache-status
HIT
age
278726
x-content-type-options
nosniff
cf-ray
8cf598703bf6423d-EWR
expires
Wed, 08 Oct 2025 10:54:53 GMT
access-control-allow-origin
*
date
Tue, 08 Oct 2024 10:54:53 GMT
content-type
text/css
last-modified
Fri, 27 Sep 2024 21:38:50 GMT
vary
Accept-Encoding, User-Agent
server
cloudflare
global-jade.cee4fc5d.dist.css
resources.bamboohr.com/css/ 		232 KB
40 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://resources.bamboohr.com/css/global-jade.cee4fc5d.dist.css
Requested by
Host: mellowmassage.bamboohr.com
URL: https://mellowmassage.bamboohr.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f670 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2932ba5ed1630340be741ed22c211126bc5ba6227c3b5a71a87ebf1b3432384
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mellowmassage.bamboohr.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
content-encoding
gzip
cf-cache-status
HIT
age
262435
x-content-type-options
nosniff
cf-ray
8cf598704bf8423d-EWR
expires
Wed, 08 Oct 2025 10:54:53 GMT
access-control-allow-origin
*
date
Tue, 08 Oct 2024 10:54:53 GMT
content-type
text/css
last-modified
Thu, 03 Oct 2024 15:31:31 GMT
vary
Accept-Encoding, User-Agent
server
cloudflare
login.33e976ff.dist.css
resources.bamboohr.com/css/ 		78 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://resources.bamboohr.com/css/login.33e976ff.dist.css
Requested by
Host: mellowmassage.bamboohr.com
URL: https://mellowmassage.bamboohr.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f670 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84461f51bbf6104041daf7b99485074210b81a81fe5d9d7f7a88f4d7f0d645c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mellowmassage.bamboohr.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
content-encoding
gzip
cf-cache-status
HIT
age
315520
x-content-type-options
nosniff
cf-ray
8cf598704bfa423d-EWR
expires
Wed, 08 Oct 2025 10:54:53 GMT
access-control-allow-origin
*
date
Tue, 08 Oct 2024 10:54:53 GMT
content-type
text/css
last-modified
Fri, 04 Oct 2024 18:03:57 GMT
vary
Accept-Encoding, User-Agent
server
cloudflare
vendor.b6da0018.dist.js
resources.bamboohr.com/js/ 		10 MB
3 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.bamboohr.com/js/vendor.b6da0018.dist.js
Requested by
Host: mellowmassage.bamboohr.com
URL: https://mellowmassage.bamboohr.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f670 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe98bd34f7701935eee72e361c1d0a001ffd7167c129ff8eda870f310e6c42d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mellowmassage.bamboohr.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=259200
content-encoding
gzip
cf-cache-status
HIT
age
45882
x-content-type-options
nosniff
cf-ray
8cf598704bfb423d-EWR
expires
Fri, 11 Oct 2024 10:54:53 GMT
access-control-allow-origin
*
date
Tue, 08 Oct 2024 10:54:53 GMT
content-type
text/javascript
last-modified
Mon, 07 Oct 2024 21:49:11 GMT
vary
Accept-Encoding, User-Agent
server
cloudflare
common.c3b711c8.dist.js
resources.bamboohr.com/js/ 		1 MB
461 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.bamboohr.com/js/common.c3b711c8.dist.js
Requested by
Host: mellowmassage.bamboohr.com
URL: https://mellowmassage.bamboohr.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f670 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a23a377660d30540fbedf828a7b52d2edf818f38db12d071886b8790de33666
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mellowmassage.bamboohr.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=259200
content-encoding
gzip
cf-cache-status
HIT
age
2540
x-content-type-options
nosniff
cf-ray
8cf598704bfe423d-EWR
expires
Fri, 11 Oct 2024 10:54:53 GMT
access-control-allow-origin
*
date
Tue, 08 Oct 2024 10:54:53 GMT
content-type
text/javascript
last-modified
Mon, 07 Oct 2024 22:34:33 GMT
vary
Accept-Encoding, User-Agent
server
cloudflare
head.f4d0fda2.dist.js
resources.bamboohr.com/js/ 		438 KB
156 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.bamboohr.com/js/head.f4d0fda2.dist.js
Requested by
Host: mellowmassage.bamboohr.com
URL: https://mellowmassage.bamboohr.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f670 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
35ae98410988cd7c1229b857324d76179bca0f9bb2d60d2d3875c6c76ce5717d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mellowmassage.bamboohr.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
content-encoding
gzip
cf-cache-status
HIT
age
1003605
x-content-type-options
nosniff
cf-ray
8cf598704bfc423d-EWR
expires
Wed, 08 Oct 2025 10:54:53 GMT
access-control-allow-origin
*
date
Tue, 08 Oct 2024 10:54:53 GMT
content-type
text/javascript
last-modified
Thu, 26 Sep 2024 19:19:25 GMT
vary
Accept-Encoding, User-Agent
server
cloudflare
cropped.jpg
images7.bamboohr.com/474096/logos/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images7.bamboohr.com/474096/logos/cropped.jpg?v=28
Requested by
Host: mellowmassage.bamboohr.com
URL: https://mellowmassage.bamboohr.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:244d:e800:2:53a3:f700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0fbe66bed49c7a98dfec2ca2517cc73b417729617c23886bc3f7b53aa6471e3a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mellowmassage.bamboohr.com/

Response headers

cache-control
max-age=2592000
x-amz-version-id
II036p6A1BTz.zwlCqehlCB9XOWaUOfP
etag
"8ab10f14828654b8ad6ac8d8ce1fe180"
via
1.1 1ffcb4016d0c1224c9505d74a866e6a8.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
content-length
16816
x-amz-cf-id
vghLNsLJBCJtaBGQl9tOR5k45I1LqeSGxaXdTlsVfGSO1hqWzBp5hQ==
date
Tue, 08 Oct 2024 10:54:54 GMT
content-type
application/octet-stream
last-modified
Thu, 22 Sep 2022 20:16:21 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P2
x-amz-server-side-encryption
AES256
jstz.min.js
cdnjs.cloudflare.com/ajax/libs/jstimezonedetect/1.0.4/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jstimezonedetect/1.0.4/jstz.min.js
Requested by
Host: mellowmassage.bamboohr.com
URL: https://mellowmassage.bamboohr.com/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
538f30288aa121eb73b8f5408eaf086bd42ae067460dc99bb859f4a18950bae0
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mellowmassage.bamboohr.com/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5eb03ece-14dc"
age
932042
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BmIJkBq0ngJgJsmSrIJBEJ46UwIBtULFb2ZfgD1CxWG1GGoq9%2Ff3rbps%2FTHOegLwuhZUTcOTgtOxVY8UFJNzZMQCrb5vUlWJzsLXVGyP7rR1J1f%2Br8M%2BzmJQC5Y%2BFO4rGUHQVqtu8F3Wz%2Fr9JuETLalF"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sun, 28 Sep 2025 10:54:53 GMT
date
Tue, 08 Oct 2024 10:54:53 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 04 May 2020 16:11:58 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8cf598700f1078dc-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
1595
server
cloudflare
login.33e976ff.dist.js
resources.bamboohr.com/js/ 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.bamboohr.com/js/login.33e976ff.dist.js
Requested by
Host: mellowmassage.bamboohr.com
URL: https://mellowmassage.bamboohr.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f670 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3afdbff739d3754cb7185493aeb5206b9d7428142b078ea02fb2d1ec8d3b8d83
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mellowmassage.bamboohr.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
content-encoding
gzip
cf-cache-status
HIT
age
574722
x-content-type-options
nosniff
cf-ray
8cf59870dc69423d-EWR
expires
Wed, 08 Oct 2025 10:54:53 GMT
access-control-allow-origin
*
date
Tue, 08 Oct 2024 10:54:53 GMT
content-type
text/javascript
last-modified
Tue, 01 Oct 2024 17:59:49 GMT
vary
Accept-Encoding, User-Agent
server
cloudflare
print.css
resources.bamboohr.com/24.1007.162400-9326226/css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://resources.bamboohr.com/24.1007.162400-9326226/css/print.css?cb=788696a3
Requested by
Host: mellowmassage.bamboohr.com
URL: https://mellowmassage.bamboohr.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f670 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2c28bb0e5fd965c2dfd2b46f0fe08a9fb5ea7d3669ddcff4fa4098f50945b6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mellowmassage.bamboohr.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=259200
content-encoding
gzip
cf-cache-status
HIT
age
42582
x-content-type-options
nosniff
cf-ray
8cf59872cdf6423d-EWR
expires
Fri, 11 Oct 2024 10:54:53 GMT
access-control-allow-origin
*
date
Tue, 08 Oct 2024 10:54:53 GMT
content-type
text/css
last-modified
Mon, 07 Oct 2024 22:23:57 GMT
vary
Accept-Encoding, User-Agent
server
cloudflare
i18n.php
mellowmassage.bamboohr.com/js/locale/ 		739 KB
148 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mellowmassage.bamboohr.com/js/locale/i18n.php?lang=en-US&ns=translation+moment
Requested by
Host: resources.bamboohr.com
URL: https://resources.bamboohr.com/js/vendor.b6da0018.dist.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f670 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20699c861adb219153da4c73398ad39ac7147a212107064acaaafa9ff57ac766
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: https://*.bamboohr.com https://*.bamboohr.co.uk *.cloudfront.net d24d2g0g8l15q8.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://*.facebook.com https://*.linkedin.com https://*.segment.io https://*.small-improvements.com https://api.rollbar.com https://app.bamboohr.co.uk https://bam.nr-data.net https://connect.facebook.net *.algolianet.com *.algolia.net embedwistia-a.akamaihd.net app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com pendo-static-5734959405072384.storage.googleapis.com https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://example.com https://www.google-analytics.com https://payments.subscriptionplatform.com https://s-static.ak.facebook.com themes.googleusercontent.com https://wufoo.com https://*.wufoo.com https://www.google.com https://tagmanager.google.com https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://portal-2.flatfile.io https://*.zuora.com https://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com wss://*.pusher.com https://*.checkr.com https://accounts.google.com https://login.microsoftonline.com https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; script-src 'self' *.bamboohr.com *.bamboohr.co.uk data: blob: about https://*.bamboohr.com https://cdn.api.twitter.com https://connect.facebook.net https://bam.nr-data.net *.cloudfront.net d24d2g0g8l15q8.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://accounts.google.com https://login.microsoftonline.com *.newrelic.com http://*.newrelic.com https://fast.wistia.net https://fast.wistia.com get.bamboohr.com *.algolianet.com *.algolia.net app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5734959405072384.storage.googleapis.com https://pi.pardot.com https://www.my1login.com https://app.onelogin.com https://ajax.googleapis.com http://ajax.googleapis.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://wufoo.com https://*.wufoo.com https://*.linkedin.com https://bat.bing.com/bat.js https://www.googleadservices.com/pagead/conversion_async.js https://s.adroll.com/j/roundtrip.js https://*.segment.com https://*.segment.io https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://*.zuora.com https://*.pusher.com wss://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com https://*.checkr.com https://cdn.merge.dev https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://portal-2.flatfile.io https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; img-src * data: blob: ; report-uri /ajax/parse_csp_report.php ; worker-src 'self' data: blob: ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mellowmassage.bamboohr.com/login.php
X-Requested-With
XMLHttpRequest

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' data: blob: https://*.bamboohr.com https://*.bamboohr.co.uk *.cloudfront.net d24d2g0g8l15q8.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://*.facebook.com https://*.linkedin.com https://*.segment.io https://*.small-improvements.com https://api.rollbar.com https://app.bamboohr.co.uk https://bam.nr-data.net https://connect.facebook.net *.algolianet.com *.algolia.net embedwistia-a.akamaihd.net app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com pendo-static-5734959405072384.storage.googleapis.com https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://example.com https://www.google-analytics.com https://payments.subscriptionplatform.com https://s-static.ak.facebook.com themes.googleusercontent.com https://wufoo.com https://*.wufoo.com https://www.google.com https://tagmanager.google.com https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://portal-2.flatfile.io https://*.zuora.com https://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com wss://*.pusher.com https://*.checkr.com https://accounts.google.com https://login.microsoftonline.com https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; script-src 'self' *.bamboohr.com *.bamboohr.co.uk data: blob: about https://*.bamboohr.com https://cdn.api.twitter.com https://connect.facebook.net https://bam.nr-data.net *.cloudfront.net d24d2g0g8l15q8.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://accounts.google.com https://login.microsoftonline.com *.newrelic.com http://*.newrelic.com https://fast.wistia.net https://fast.wistia.com get.bamboohr.com *.algolianet.com *.algolia.net app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5734959405072384.storage.googleapis.com https://pi.pardot.com https://www.my1login.com https://app.onelogin.com https://ajax.googleapis.com http://ajax.googleapis.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://wufoo.com https://*.wufoo.com https://*.linkedin.com https://bat.bing.com/bat.js https://www.googleadservices.com/pagead/conversion_async.js https://s.adroll.com/j/roundtrip.js https://*.segment.com https://*.segment.io https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://*.zuora.com https://*.pusher.com wss://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com https://*.checkr.com https://cdn.merge.dev https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://portal-2.flatfile.io https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; img-src * data: blob: ; report-uri /ajax/parse_csp_report.php ; worker-src 'self' data: blob: ;
cache-control
public,max-age=300,must-revalidate
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"19d14670130056a1cab6d16331aaa143"
x-content-type-options
nosniff
cf-ray
8cf59876087f423d-EWR
date
Tue, 08 Oct 2024 10:54:54 GMT
content-type
application/json
vary
Authorization,User-Agent
server
cloudflare
sprite_7128ba14.svg
staticfe.bamboohr.com/assets/icons/ 		1007 KB
329 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://staticfe.bamboohr.com/assets/icons/sprite_7128ba14.svg
Requested by
Host: resources.bamboohr.com
URL: https://resources.bamboohr.com/js/vendor.b6da0018.dist.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-71.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d8de1de30be1b3fbee61154d5584754b39f3a822f595abf68164766bc0d71570

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://mellowmassage.bamboohr.com/

Response headers

access-control-max-age
3000
access-control-expose-headers
ETag
content-encoding
br
etag
W/"7128ba148ac26dce5102ee96fee21280"
x-amz-version-id
aAc7iXKUoEeIlPtnp0HJHiOvOg1YRiSw
access-control-allow-methods
PUT, POST, GET, HEAD
x-cache
Miss from cloudfront
x-amz-cf-id
Kq7Kx6g9SX_SOTaHeVBtfQufQGlygi4fD0zoVIYrI2BA88F-p0uTfQ==
date
Tue, 08 Oct 2024 10:54:56 GMT
content-type
image/svg+xml
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified
Thu, 06 Jun 2024 14:36:43 GMT
x-amz-replication-status
COMPLETED
via
1.1 bfba2464a75a65b0c6568afe15f68b4c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
IAD89-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
Lato-Semibold.woff2
staticfe.bamboohr.com/resources/fonts/ 		27 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://staticfe.bamboohr.com/resources/fonts/Lato-Semibold.woff2
Requested by
Host: resources.bamboohr.com
URL: https://resources.bamboohr.com/css/global-jade.cee4fc5d.dist.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-71.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9aa097c08a7ec2f1ab6ee35e48f8fce68d0abd7dc05a91d73920ea5838cba464

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://mellowmassage.bamboohr.com
Referer
https://resources.bamboohr.com/

Response headers

access-control-max-age
3000
access-control-expose-headers
ETag
etag
"d7b1982fb24eee607db99951b3dc7d5a"
x-amz-version-id
Xl7jZubWZsQTPKsL4CQY66ZZmrNyWLn_
access-control-allow-methods
PUT, POST, GET, HEAD
x-cache
Miss from cloudfront
x-amz-cf-id
hXQg3WL9Y9RzHcJ7NzTxPytiv_STw6VrT1QfnH2-n8V_qE-Ap-ZR2w==
date
Tue, 08 Oct 2024 10:54:56 GMT
content-type
font/woff2
vary
Origin
last-modified
Mon, 20 Nov 2023 23:35:19 GMT
x-amz-replication-status
COMPLETED
via
1.1 bfba2464a75a65b0c6568afe15f68b4c.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
27852
x-amz-cf-pop
IAD89-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
Lato-Regular.woff2
staticfe.bamboohr.com/resources/fonts/ 		27 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://staticfe.bamboohr.com/resources/fonts/Lato-Regular.woff2
Requested by
Host: resources.bamboohr.com
URL: https://resources.bamboohr.com/css/global-jade.cee4fc5d.dist.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-71.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3454cd4b63c4ebea45cf074e8a8131f9f1e1b9edf471370cb2b918c857c721a4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://mellowmassage.bamboohr.com
Referer
https://resources.bamboohr.com/

Response headers

access-control-max-age
3000
access-control-expose-headers
ETag
etag
"283e6e5e913f19a18d6440c0d1ff7a5e"
x-amz-version-id
xwRrHRKRvOsm5OfpcCvCVxkRSwWDiGiq
access-control-allow-methods
PUT, POST, GET, HEAD
x-cache
Miss from cloudfront
x-amz-cf-id
glvE-JwWsUb-VF5FEjNo7BOEJqAuNt_ERaMh1PG-NpF5ZZW4sk8FfA==
date
Tue, 08 Oct 2024 10:54:56 GMT
content-type
font/woff2
vary
Origin
last-modified
Mon, 20 Nov 2023 23:35:19 GMT
x-amz-replication-status
COMPLETED
via
1.1 bfba2464a75a65b0c6568afe15f68b4c.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
27968
x-amz-cf-pop
IAD89-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
Lato-Heavy.woff2
staticfe.bamboohr.com/resources/fonts/ 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://staticfe.bamboohr.com/resources/fonts/Lato-Heavy.woff2
Requested by
Host: resources.bamboohr.com
URL: https://resources.bamboohr.com/css/global-jade.cee4fc5d.dist.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-71.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b4ffe8f087515c5af83a5ec69467f6805a6abf433f64c0f6ea6d8e2eeb853adf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://mellowmassage.bamboohr.com
Referer
https://resources.bamboohr.com/

Response headers

access-control-max-age
3000
access-control-expose-headers
ETag
etag
"791b93c8d31fb7d00186519228412081"
x-amz-version-id
PujqqjFdRPKPxaDp3YhiyFtV_sBkug2O
access-control-allow-methods
PUT, POST, GET, HEAD
x-cache
Miss from cloudfront
x-amz-cf-id
b3peixiv0FGnwCW-kfsSTd1YdeM7BW1wh6FPSLV6p-Uy1phuvFbm6Q==
date
Tue, 08 Oct 2024 10:54:56 GMT
content-type
font/woff2
vary
Origin
last-modified
Mon, 20 Nov 2023 23:35:19 GMT
x-amz-replication-status
COMPLETED
via
1.1 bfba2464a75a65b0c6568afe15f68b4c.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
28412
x-amz-cf-pop
IAD89-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
parse_csp_report.php
mellowmassage.bamboohr.com/ajax/ 		0
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://mellowmassage.bamboohr.com/ajax/parse_csp_report.php
Requested by
Host: mellowmassage.bamboohr.com
URL: https://mellowmassage.bamboohr.com/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f670 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: https://*.bamboohr.com https://*.bamboohr.co.uk *.cloudfront.net d24d2g0g8l15q8.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://*.facebook.com https://*.linkedin.com https://*.segment.io https://*.small-improvements.com https://api.rollbar.com https://app.bamboohr.co.uk https://bam.nr-data.net https://connect.facebook.net *.algolianet.com *.algolia.net embedwistia-a.akamaihd.net app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com pendo-static-5734959405072384.storage.googleapis.com https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://example.com https://www.google-analytics.com https://payments.subscriptionplatform.com https://s-static.ak.facebook.com themes.googleusercontent.com https://wufoo.com https://*.wufoo.com https://www.google.com https://tagmanager.google.com https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://portal-2.flatfile.io https://*.zuora.com https://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com wss://*.pusher.com https://*.checkr.com https://accounts.google.com https://login.microsoftonline.com https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; script-src 'self' *.bamboohr.com *.bamboohr.co.uk data: blob: about https://*.bamboohr.com https://cdn.api.twitter.com https://connect.facebook.net https://bam.nr-data.net *.cloudfront.net d24d2g0g8l15q8.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://accounts.google.com https://login.microsoftonline.com *.newrelic.com http://*.newrelic.com https://fast.wistia.net https://fast.wistia.com get.bamboohr.com *.algolianet.com *.algolia.net app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5734959405072384.storage.googleapis.com https://pi.pardot.com https://www.my1login.com https://app.onelogin.com https://ajax.googleapis.com http://ajax.googleapis.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://wufoo.com https://*.wufoo.com https://*.linkedin.com https://bat.bing.com/bat.js https://www.googleadservices.com/pagead/conversion_async.js https://s.adroll.com/j/roundtrip.js https://*.segment.com https://*.segment.io https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://*.zuora.com https://*.pusher.com wss://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com https://*.checkr.com https://cdn.merge.dev https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://portal-2.flatfile.io https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; img-src * data: blob: ; report-uri /ajax/parse_csp_report.php ; worker-src 'self' data: blob: ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/csp-report
Referer
https://mellowmassage.bamboohr.com/login.php

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' data: blob: https://*.bamboohr.com https://*.bamboohr.co.uk *.cloudfront.net d24d2g0g8l15q8.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://*.facebook.com https://*.linkedin.com https://*.segment.io https://*.small-improvements.com https://api.rollbar.com https://app.bamboohr.co.uk https://bam.nr-data.net https://connect.facebook.net *.algolianet.com *.algolia.net embedwistia-a.akamaihd.net app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com pendo-static-5734959405072384.storage.googleapis.com https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://example.com https://www.google-analytics.com https://payments.subscriptionplatform.com https://s-static.ak.facebook.com themes.googleusercontent.com https://wufoo.com https://*.wufoo.com https://www.google.com https://tagmanager.google.com https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://portal-2.flatfile.io https://*.zuora.com https://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com wss://*.pusher.com https://*.checkr.com https://accounts.google.com https://login.microsoftonline.com https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; script-src 'self' *.bamboohr.com *.bamboohr.co.uk data: blob: about https://*.bamboohr.com https://cdn.api.twitter.com https://connect.facebook.net https://bam.nr-data.net *.cloudfront.net d24d2g0g8l15q8.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://accounts.google.com https://login.microsoftonline.com *.newrelic.com http://*.newrelic.com https://fast.wistia.net https://fast.wistia.com get.bamboohr.com *.algolianet.com *.algolia.net app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5734959405072384.storage.googleapis.com https://pi.pardot.com https://www.my1login.com https://app.onelogin.com https://ajax.googleapis.com http://ajax.googleapis.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://wufoo.com https://*.wufoo.com https://*.linkedin.com https://bat.bing.com/bat.js https://www.googleadservices.com/pagead/conversion_async.js https://s.adroll.com/j/roundtrip.js https://*.segment.com https://*.segment.io https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://*.zuora.com https://*.pusher.com wss://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com https://*.checkr.com https://cdn.merge.dev https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://portal-2.flatfile.io https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; img-src * data: blob: ; report-uri /ajax/parse_csp_report.php ; worker-src 'self' data: blob: ;
content-encoding
gzip
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
cf-ray
8cf5987c4f36423d-EWR
date
Tue, 08 Oct 2024 10:54:55 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding, Authorization,User-Agent
server
cloudflare
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/ 		0
0
truncated
/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
text/plain
favicon.ico
resources.bamboohr.com/24.1007.162400-9326226/images/ 		5 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://resources.bamboohr.com/24.1007.162400-9326226/images/favicon.ico?cb=e417804e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f670 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53d0eab083065df51ffe6e234a43fbe5e7270a6198ff7cd8663723be620b3c03
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mellowmassage.bamboohr.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800
content-encoding
gzip
cf-cache-status
HIT
age
42587
x-content-type-options
nosniff
cf-ray
8cf5987d7864423d-EWR
expires
Tue, 15 Oct 2024 10:54:55 GMT
access-control-allow-origin
*
date
Tue, 08 Oct 2024 10:54:55 GMT
content-type
image/x-icon
last-modified
Mon, 07 Oct 2024 22:23:57 GMT
vary
User-Agent, Accept-Encoding
server
cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
static.cloudflareinsights.com
URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunk object| BambooHR string| GLOBAL_DATEPICKER_MASK function| clearImmediate function| setImmediate object| DD_RUM function| Res function| res function| $ function| jQuery function| DP_jQuery_1728384894224 function| _ function| moment function| sprintf object| React object| ReactDom number| 2f1acc6c3a606b082e5eef5e54414ffb object| DD_LOGS function| getStylesFromString function| mergeStyleStrings function| IMask function| setMessage function| closeMessage object| jQuery05412919043181408 function| attachCSRFTokens function| attachCSRFInput function| microTemplate object| jstz object| loginErrors object| bambooAlert

2 Cookies

Domain/Path Name / Value
.bamboohr.com/ Name: _cfuvid
Value: vLnX1sgAMXXiakmJTqyImUMnZgeaM6xMapnJlTfN7Qo-1728384892944-0.0.1.1-604800000
mellowmassage.bamboohr.com/ Name: PHPSESSID
Value: %2Cg%2CcvfC7d5gEngTKT74-ynqzmzkXlIdB

1 Console Messages

Source Level URL
Text
security error URL: https://mellowmassage.bamboohr.com/login.php
Message:
Refused to load the script 'https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015' because it violates the following Content Security Policy directive: "script-src 'self' *.bamboohr.com *.bamboohr.co.uk data: blob: about https://*.bamboohr.com https://cdn.api.twitter.com https://connect.facebook.net https://bam.nr-data.net *.cloudfront.net d24d2g0g8l15q8.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://accounts.google.com https://login.microsoftonline.com *.newrelic.com http://*.newrelic.com https://fast.wistia.net https://fast.wistia.com get.bamboohr.com *.algolianet.com *.algolia.net app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5734959405072384.storage.googleapis.com https://pi.pardot.com https://www.my1login.com https://app.onelogin.com https://ajax.googleapis.com http://ajax.googleapis.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://wufoo.com https://*.wufoo.com https://*.linkedin.com https://bat.bing.com/bat.js https://www.googleadservices.com/pagead/conversion_async.js https://s.adroll.com/j/roundtrip.js https://*.segment.com https://*.segment.io https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://*.zuora.com https://*.pusher.com wss://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com https://*.checkr.com https://cdn.merge.dev https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://portal-2.flatfile.io https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: blob: https://*.bamboohr.com https://*.bamboohr.co.uk *.cloudfront.net d24d2g0g8l15q8.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://*.facebook.com https://*.linkedin.com https://*.segment.io https://*.small-improvements.com https://api.rollbar.com https://app.bamboohr.co.uk https://bam.nr-data.net https://connect.facebook.net *.algolianet.com *.algolia.net embedwistia-a.akamaihd.net app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com pendo-static-5734959405072384.storage.googleapis.com https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://example.com https://www.google-analytics.com https://payments.subscriptionplatform.com https://s-static.ak.facebook.com themes.googleusercontent.com https://wufoo.com https://*.wufoo.com https://www.google.com https://tagmanager.google.com https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://portal-2.flatfile.io https://*.zuora.com https://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com wss://*.pusher.com https://*.checkr.com https://accounts.google.com https://login.microsoftonline.com https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; script-src 'self' *.bamboohr.com *.bamboohr.co.uk data: blob: about https://*.bamboohr.com https://cdn.api.twitter.com https://connect.facebook.net https://bam.nr-data.net *.cloudfront.net d24d2g0g8l15q8.cloudfront.net dwc7c3b4xwlvf.cloudfront.net d3lfqt3qfgn8k7.cloudfront.net d1h5lrfdup83bf.cloudfront.net d2z5bglz9ff013.cloudfront.net d6rj0pc050pw5.cloudfront.net df8ckbxqap8g7.cloudfront.net dbmdctpg7vrzn.cloudfront.net d28wuos6rv4976.cloudfront.net d1r9mt3fn8flr0.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://accounts.google.com https://login.microsoftonline.com *.newrelic.com http://*.newrelic.com https://fast.wistia.net https://fast.wistia.com get.bamboohr.com *.algolianet.com *.algolia.net app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5734959405072384.storage.googleapis.com https://pi.pardot.com https://www.my1login.com https://app.onelogin.com https://ajax.googleapis.com http://ajax.googleapis.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://wufoo.com https://*.wufoo.com https://*.linkedin.com https://bat.bing.com/bat.js https://www.googleadservices.com/pagead/conversion_async.js https://s.adroll.com/j/roundtrip.js https://*.segment.com https://*.segment.io https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://*.zuora.com https://*.pusher.com wss://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com https://*.checkr.com https://cdn.merge.dev https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://portal-2.flatfile.io https://*.typeform.com https://app.cronofy.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; img-src * data: blob: ; report-uri /ajax/parse_csp_report.php ; worker-src 'self' data: blob: ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
images7.bamboohr.com
mellowmassage.bamboohr.com
resources.bamboohr.com
static.cloudflareinsights.com
staticfe.bamboohr.com
static.cloudflareinsights.com
18.67.65.71
2600:9000:244d:e800:2:53a3:f700:93a1
2606:4700::6811:190e
2606:4700::6811:f670
0fbe66bed49c7a98dfec2ca2517cc73b417729617c23886bc3f7b53aa6471e3a
20699c861adb219153da4c73398ad39ac7147a212107064acaaafa9ff57ac766
3454cd4b63c4ebea45cf074e8a8131f9f1e1b9edf471370cb2b918c857c721a4
35ae98410988cd7c1229b857324d76179bca0f9bb2d60d2d3875c6c76ce5717d
3a23a377660d30540fbedf828a7b52d2edf818f38db12d071886b8790de33666
3afdbff739d3754cb7185493aeb5206b9d7428142b078ea02fb2d1ec8d3b8d83
538f30288aa121eb73b8f5408eaf086bd42ae067460dc99bb859f4a18950bae0
53d0eab083065df51ffe6e234a43fbe5e7270a6198ff7cd8663723be620b3c03
84461f51bbf6104041daf7b99485074210b81a81fe5d9d7f7a88f4d7f0d645c6
9aa097c08a7ec2f1ab6ee35e48f8fce68d0abd7dc05a91d73920ea5838cba464
a2932ba5ed1630340be741ed22c211126bc5ba6227c3b5a71a87ebf1b3432384
b4ffe8f087515c5af83a5ec69467f6805a6abf433f64c0f6ea6d8e2eeb853adf
d8de1de30be1b3fbee61154d5584754b39f3a822f595abf68164766bc0d71570
e2c28bb0e5fd965c2dfd2b46f0fe08a9fb5ea7d3669ddcff4fa4098f50945b6e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1d50ae1c4ffb41d8d16c91585bdd144d6d4310537b7728618447e757ea6a2fb
f54e4da5d44b853ed90d5f58203d02671fa9b98ea936842b817af13ecd2e6561
fe98bd34f7701935eee72e361c1d0a001ffd7167c129ff8eda870f310e6c42d1