urlscan.io logo urlscan.io
SecurityTrails logo

app.staging.creditglory.com Open in urlscan Pro
159.89.91.183  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://staging.creditglory.com/
Effective URL: https://app.staging.creditglory.com/admins/sign_in
Submission: On July 24 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 14 HTTP transactions. The main IP is 159.89.91.183, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is app.staging.creditglory.com.
TLS certificate: Issued by R10 on July 23rd 2024. Valid for: 3 months.
This is the only time app.staging.creditglory.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 10 159.89.91.183 14061 (DIGITALOC...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
14 4
Apex Domain
Subdomains		 Transfer
10 creditglory.com
staging.creditglory.com
app.staging.creditglory.com
478 KB
1 googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 567
93 KB
1 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1950
10 KB
0 sentry.io Failed
sentry.io Failed
14 4
Domain Requested by
9 app.staging.creditglory.com app.staging.creditglory.com
1 maps.googleapis.com app.staging.creditglory.com
maps.googleapis.com
1 use.fontawesome.com app.staging.creditglory.com
1 staging.creditglory.com 1 redirects
0 sentry.io Failed maps.googleapis.com
app.staging.creditglory.com
14 5

This site contains no links.

Subject Issuer Validity Valid
app.staging.creditglory.com
R10		 2024-07-23 -
2024-10-21		 3 months crt.sh
use.fontawesome.com
Cloudflare Inc ECC CA-3		 2023-10-12 -
2024-10-10		 a year crt.sh
upload.video.google.com
WR2		 2024-07-01 -
2024-09-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://app.staging.creditglory.com/admins/sign_in
Frame ID: EE1FBC08EC73AADD6B3E2AAD474BA5AD
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Credit Glory

Page URL History Show full URLs

  1. https://staging.creditglory.com/ HTTP 302
    https://app.staging.creditglory.com/admins/sign_in Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

14
Requests

79 %
HTTPS

67 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

579 kB
Transfer

2114 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://staging.creditglory.com/ HTTP 302
    https://app.staging.creditglory.com/admins/sign_in Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request sign_in
app.staging.creditglory.com/admins/
Redirect Chain
  • https://staging.creditglory.com/
  • https://app.staging.creditglory.com/admins/sign_in
4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.staging.creditglory.com/admins/sign_in
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.89.91.183 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
12f935151729e99fcd1252ee110de9dfe3432677fc58270d07ab97bca33496a0
Security Headers
Name Value
Content-Security-Policy default-src *; child-src 'self' https://creditglory.s3.amazonaws.com https://creditglory-test.s3.amazonaws.com https://creditglory-development.s3.amazonaws.com https://creditglory-staging.s3.amazonaws.com https://*.creditglory.com https://www.smartcredit.com https://player.vimeo.com; connect-src 'self' https://*.authorize.net api.zippopotam.us https://*.google-analytics.com https://*.google.com https://*.doubleclick.net https://gtm.creditglory.com player.vimeo.com; font-src * data: 'unsafe-inline'; frame-ancestors 'self' https://flex.twilio.com https://crm.creditglory.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com player.vimeo.com https: data:; style-src * 'unsafe-inline'; report-uri https://sentry.io/api/5219874/security/?sentry_key=5f2c764011ab45028a283129bd9bc6a8
Strict-Transport-Security max-age=631138519 max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM flex.twilio.com
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control
max-age=0, private, must-revalidate
content-encoding
gzip
content-security-policy
default-src *; child-src 'self' https://creditglory.s3.amazonaws.com https://creditglory-test.s3.amazonaws.com https://creditglory-development.s3.amazonaws.com https://creditglory-staging.s3.amazonaws.com https://*.creditglory.com https://www.smartcredit.com https://player.vimeo.com; connect-src 'self' https://*.authorize.net api.zippopotam.us https://*.google-analytics.com https://*.google.com https://*.doubleclick.net https://gtm.creditglory.com player.vimeo.com; font-src * data: 'unsafe-inline'; frame-ancestors 'self' https://flex.twilio.com https://crm.creditglory.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com player.vimeo.com https: data:; style-src * 'unsafe-inline'; report-uri https://sentry.io/api/5219874/security/?sentry_key=5f2c764011ab45028a283129bd9bc6a8
content-type
text/html; charset=utf-8
date
Wed, 24 Jul 2024 13:07:21 GMT
etag
W/"12f935151729e99fcd1252ee110de9df"
server
nginx/1.18.0 (Ubuntu)
strict-transport-security
max-age=631138519 max-age=15768000
vary
Origin
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
ALLOW-FROM flex.twilio.com
x-permitted-cross-domain-policies
none
x-request-id
120e098b-700e-4cef-bb3a-2bb148eaecf9
x-runtime
0.199117
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache
content-security-policy
default-src *; child-src 'self' https://creditglory.s3.amazonaws.com https://creditglory-test.s3.amazonaws.com https://creditglory-development.s3.amazonaws.com https://creditglory-staging.s3.amazonaws.com https://*.creditglory.com https://www.smartcredit.com https://player.vimeo.com; connect-src 'self' https://*.authorize.net api.zippopotam.us https://*.google-analytics.com https://*.google.com https://*.doubleclick.net https://gtm.creditglory.com player.vimeo.com; font-src * data: 'unsafe-inline'; frame-ancestors 'self' https://flex.twilio.com https://crm.creditglory.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com player.vimeo.com https: data:; style-src * 'unsafe-inline'; report-uri https://sentry.io/api/5219874/security/?sentry_key=5f2c764011ab45028a283129bd9bc6a8
content-type
text/html; charset=utf-8
date
Wed, 24 Jul 2024 13:07:21 GMT
location
https://app.staging.creditglory.com/admins/sign_in
server
nginx/1.18.0 (Ubuntu)
strict-transport-security
max-age=631138519 max-age=15768000
vary
Origin
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
ALLOW-FROM flex.twilio.com
x-permitted-cross-domain-policies
none
x-request-id
9e08b2d7-175a-4251-963c-1a8614f1b3be
x-runtime
0.006389
x-xss-protection
1; mode=block
runtime-b2a8cec4eecb02825364.js
app.staging.creditglory.com/packs/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.staging.creditglory.com/packs/js/runtime-b2a8cec4eecb02825364.js
Requested by
Host: app.staging.creditglory.com
URL: https://app.staging.creditglory.com/admins/sign_in
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.89.91.183 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
4646ec4c5c8b55dff422634b538ea29f55c1235403bb235dcb1a5e2dda1b4612
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://app.staging.creditglory.com/admins/sign_in
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 13:07:21 GMT
content-encoding
gzip
strict-transport-security
max-age=15768000
last-modified
Mon, 04 Dec 2023 11:36:52 GMT
server
nginx/1.18.0 (Ubuntu)
etag
"656db9d4-363"
content-type
application/javascript
cache-control
max-age=315360000
content-length
867
expires
Thu, 31 Dec 2037 23:55:55 GMT
368-1bf77a2b1aa74dca26e8.js
app.staging.creditglory.com/packs/js/ 		155 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.staging.creditglory.com/packs/js/368-1bf77a2b1aa74dca26e8.js
Requested by
Host: app.staging.creditglory.com
URL: https://app.staging.creditglory.com/admins/sign_in
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.89.91.183 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
70e9458d1d96d106f58a3a5a0895ceb6da36d8a36ae641c539b8518ae027abdd
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://app.staging.creditglory.com/admins/sign_in
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 13:07:21 GMT
content-encoding
gzip
strict-transport-security
max-age=15768000
last-modified
Mon, 04 Dec 2023 11:36:52 GMT
server
nginx/1.18.0 (Ubuntu)
etag
"656db9d4-a1fb"
content-type
application/javascript
cache-control
max-age=315360000
content-length
41467
expires
Thu, 31 Dec 2037 23:55:55 GMT
142-ec5523716385cd018d82.js
app.staging.creditglory.com/packs/js/ 		240 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.staging.creditglory.com/packs/js/142-ec5523716385cd018d82.js
Requested by
Host: app.staging.creditglory.com
URL: https://app.staging.creditglory.com/admins/sign_in
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.89.91.183 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
7d9fafd9c258486db444243060559ea75ccadcd3fa737505d22311eb4289f682
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://app.staging.creditglory.com/admins/sign_in
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 13:07:22 GMT
content-encoding
gzip
strict-transport-security
max-age=15768000
last-modified
Mon, 04 Dec 2023 11:36:52 GMT
server
nginx/1.18.0 (Ubuntu)
etag
"656db9d4-dc96"
content-type
application/javascript
cache-control
max-age=315360000
content-length
56470
expires
Thu, 31 Dec 2037 23:55:55 GMT
504-a9aaf1decd698a386447.js
app.staging.creditglory.com/packs/js/ 		26 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.staging.creditglory.com/packs/js/504-a9aaf1decd698a386447.js
Requested by
Host: app.staging.creditglory.com
URL: https://app.staging.creditglory.com/admins/sign_in
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.89.91.183 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
4a522f32a576e8b7370c9dd9c71d3bb7ee63ba9b96350798c5204978ab065b77
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://app.staging.creditglory.com/admins/sign_in
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 13:07:22 GMT
content-encoding
gzip
strict-transport-security
max-age=15768000
last-modified
Mon, 04 Dec 2023 11:36:52 GMT
server
nginx/1.18.0 (Ubuntu)
etag
"656db9d4-e21"
content-type
application/javascript
cache-control
max-age=315360000
content-length
3617
expires
Thu, 31 Dec 2037 23:55:55 GMT
application-e3f7c3a6dac9926f979b.js
app.staging.creditglory.com/packs/js/ 		239 B
419 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.staging.creditglory.com/packs/js/application-e3f7c3a6dac9926f979b.js
Requested by
Host: app.staging.creditglory.com
URL: https://app.staging.creditglory.com/admins/sign_in
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.89.91.183 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
6ec234caa5e380462dcedf4b230d7928d1d0cb036fee569799b7770b2fc9c8eb
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://app.staging.creditglory.com/admins/sign_in
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 13:07:22 GMT
content-encoding
gzip
strict-transport-security
max-age=15768000
last-modified
Mon, 04 Dec 2023 11:36:52 GMT
server
nginx/1.18.0 (Ubuntu)
etag
"656db9d4-bd"
content-type
application/javascript
cache-control
max-age=315360000
content-length
189
expires
Thu, 31 Dec 2037 23:55:55 GMT
application-91f70302a2e9829e1957a2e10f4865e72e13651c9fbcbc0ac5a97a7bbbdd88de.js
app.staging.creditglory.com/assets/ 		1 MB
316 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.staging.creditglory.com/assets/application-91f70302a2e9829e1957a2e10f4865e72e13651c9fbcbc0ac5a97a7bbbdd88de.js
Requested by
Host: app.staging.creditglory.com
URL: https://app.staging.creditglory.com/admins/sign_in
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.89.91.183 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
1d8ae2f61f56e4deccc055d077a2688fa7f6fe8c9c86310e27073801bd08c532
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://app.staging.creditglory.com/admins/sign_in
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 13:07:21 GMT
content-encoding
gzip
strict-transport-security
max-age=15768000
last-modified
Wed, 02 Aug 2023 12:32:37 GMT
server
nginx/1.18.0 (Ubuntu)
etag
"64ca4ce5-4ef64"
content-type
application/javascript
cache-control
max-age=315360000
content-length
323428
expires
Thu, 31 Dec 2037 23:55:55 GMT
application-4ab941405f94f67bdb25bf13903c266b03aa4b00d1531a3c0abf640457ab8a6c.css
app.staging.creditglory.com/assets/ 		289 KB
53 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.staging.creditglory.com/assets/application-4ab941405f94f67bdb25bf13903c266b03aa4b00d1531a3c0abf640457ab8a6c.css
Requested by
Host: app.staging.creditglory.com
URL: https://app.staging.creditglory.com/admins/sign_in
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.89.91.183 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
ab67d21eef488d1cfb5f62ef9fab7d6d948e2de00aad7929679c30d274f20d5c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://app.staging.creditglory.com/admins/sign_in
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 13:07:21 GMT
content-encoding
gzip
strict-transport-security
max-age=15768000
last-modified
Thu, 29 Dec 2022 14:57:25 GMT
server
nginx/1.18.0 (Ubuntu)
etag
"63adaad5-d173"
content-type
text/css
cache-control
max-age=315360000
content-length
53619
expires
Thu, 31 Dec 2037 23:55:55 GMT
all.css
use.fontawesome.com/releases/v5.1.0/css/ 		45 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.1.0/css/all.css
Requested by
Host: app.staging.creditglory.com
URL: https://app.staging.creditglory.com/admins/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:1b98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce91e2144ea27f82292ef2c87c5d9e1d0b9994df63836130293865aca18fc550

Request headers

Referer
https://app.staging.creditglory.com/
Origin
https://app.staging.creditglory.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 13:07:22 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 22 Sep 2023 01:44:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"826c57385f3d35cfed5478ba7b1f5c03"
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=olISnvzhYtj7tbI1LtYri0bqUdodDSRCJmTWnvkU9Vl%2FT0GmW5BGEh1mNlUQTWjM1WrearJry4NDj8PvJdCwUNYAlEvECcu3s4b3Y0xf6GAhgg2uIIKIQIjvd9PSkWjvItZ%2BUdoWDC%2BDjczm2om%2BXOnc"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
8a8421fd5e1b9189-FRA
alt-svc
h3=":443"; ma=86400
js
maps.googleapis.com/maps/api/ 		279 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyAnNLB6MDHG8M72EVPomPLc4WKb9J-oWCQ&libraries=places
Requested by
Host: app.staging.creditglory.com
URL: https://app.staging.creditglory.com/admins/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
5dbb9502c31eb2509c7f0da3e417094f763a730804e22973261f2e06ab106545
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://app.staging.creditglory.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 13:07:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Accept-Language, Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
94642
x-xss-protection
0
/
sentry.io/api/5219874/security/ 		0
0
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		0
0
/
sentry.io/api/5219874/security/ 		0
0
normal_lzey92v913xko355ciavztjkvdgi7lwq-041d764def3a12998fd09904df4ca9b7d5bf23996c3395293af7385cf4149a3a.jpg
app.staging.creditglory.com/assets/lander/ 		2 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://app.staging.creditglory.com/assets/lander/normal_lzey92v913xko355ciavztjkvdgi7lwq-041d764def3a12998fd09904df4ca9b7d5bf23996c3395293af7385cf4149a3a.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.89.91.183 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
84c1d36faa6ba57677b30cc19c527cc6269825924eed7dacafbb58be7fab195b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://app.staging.creditglory.com/admins/sign_in
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 13:07:22 GMT
strict-transport-security
max-age=15768000
last-modified
Tue, 06 Apr 2021 09:26:29 GMT
server
nginx/1.18.0 (Ubuntu)
etag
"606c2945-964"
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
content-length
2404
expires
Thu, 31 Dec 2037 23:55:55 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sentry.io
URL
https://sentry.io/api/5219874/security/?sentry_key=5f2c764011ab45028a283129bd9bc6a8
Domain
maps.googleapis.com
URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Domain
sentry.io
URL
https://sentry.io/api/5219874/security/?sentry_key=5f2c764011ab45028a283129bd9bc6a8

Verdicts & Comments Add Verdict or Comment

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| dean_addEvent function| removeEvent function| handleEvent function| fixEvent function| _possibleConstructorReturn function| _inherits function| _classCallCheck function| __guard__ function| __guardMethod__ function| filterTable function| displayAccountHistoryEntryModal function| lockUnlock function| toggleDisputeItemSelection function| setLetterTemplate function| toggleGlobalDisputeItemSelection function| generateDisputeLetter function| autoSelectPlan function| processDisputeLetterTemplateAutomation function| disputeItemAutomationOn function| disputeItemSelect2AutomationOff function| disputeItemAutomationOff function| disputeDocsAutomationBadgeOff function| autoConnectDocumentToDispute function| preselectedActivePlanSetupId function| debounce function| updateSmsOptIn function| navigateToCreditReportLink function| stopPropagation number| _timer function| forEach function| _createClass function| Emitter function| Dropzone function| without function| camelize function| detectVerticalSquash function| drawImageIOSFix function| ExifRestore function| contentLoaded function| setUpMithrilCSRF object| Signup function| $ function| jQuery object| Intercooler function| Popper object| bootstrap function| moment function| Pikaday function| daterangepicker object| ko function| ArticleEditor object| sorttable function| updateHiddenClientDocumentFields function| toggleDisputablePersonalInfo function| openCreateDisputeItemModal function| openUpdateDisputeItemModal function| selectDisputableNode function| markDisputedItems function| generateDisputeItems function| updateDisputeItem function| sendPaymentDataToAnet object| ScoreTracker object| CreditReport function| showAllClientNavCreditReports function| editDisputeLetterFile function| createAdditionalFaxNumberField function| createAdditionalAddressField function| updateDisputeLetterFile function| deleteField object| DisputeLetterFileUpload function| searchClients function| useMessageTemplate object| pubsub function| m object| mithrilApp function| Cleave object| ActionCable object| App object| Highcharts object| CreditBureauNames object| google object| litHtmlVersions object| module$exports$mapsapi$geometry$spherical object| litElementVersions object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView object| webpackChunkcredit_glory function| clearImmediate function| setImmediate function| flatpickr

2 Cookies

Domain/Path Name / Value
staging.creditglory.com/ Name: _credit_glory_session
Value: 05YFoChn6Sp8mmdNAFpXyKfBSmupPeFaQ6Ovb9AsWdxHBCqwYuNPT5%2FEyZ7PFfy%2FaFmd5em7zpJHpy56KIu1JfumB2%2Blk%2BCzkk3s5bl21YNUjacb%2BFXM478Yj2tyvyOGp6JnQ2mJjvQy3vJ94Y64zaNP6Or9YHfrZf%2Br%2FhzX2%2B7A249ZMQu0RXghPjrKOwDqHi4JCN0nJVs4W9PGplYHsa%2BBymqKuIKzBWNSXgn1QRNkZvbnUSODz7OzxuSc%2FvZLdJJvEs3vruftbJo%2FofPbmsrxu7VSK%2FhMMA%2Fe%2FTZvQuUkBuErMkMsB%2Bv4Zc90ZLuJDS7YVY8hyzRsjH6PA5s0KawniLyvCVLL5oQdyCMyXaLMY1fUzSxezBfP20HsGxA%2FCI2pLXBxqYAS--4h5ntylmB3fcRmdo--wHNlR6Jme3YrxPrVD%2BcPjg%3D%3D
app.staging.creditglory.com/ Name: _credit_glory_session
Value: YniepPNrq3iiQonGRYVyWpQKK2wX4rGQ5ykBg9wDm%2BZ3zHJcUWWMpLqHmu%2FEq%2FojV6bDj6MMdRpd%2BnFV6bUJCMX7CpSCYzH4tIcteezA43ItNTBQV7Bvdg7CJrV%2BBnrMEL%2BuV0egLlrAvT7mujCvCEq%2FnMbfG8%2FZ730cH6XPNp4BxDqYqyO%2FJyqGVn%2F5dxgbPg8%2Fr3XWhyLB2AwSqf%2FsO8HoDKZdKLtx4S%2Fc426akZZYQLyP4yR7mC3vAEcumQ0L9boawjBspVb1mMwg5CPtjWhoBjR8QFrrjKnlmfI%3D--%2Bdh5QoU8U8ypcMmD--gJHF2U8ert6lRoIkqIrH7A%3D%3D

2 Console Messages

Source Level URL
Text
security error URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyAnNLB6MDHG8M72EVPomPLc4WKb9J-oWCQ&libraries=places(Line 416)
Message:
Refused to connect to 'https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.authorize.net api.zippopotam.us https://*.google-analytics.com https://*.google.com https://*.doubleclick.net https://gtm.creditglory.com player.vimeo.com".
security error URL: https://app.staging.creditglory.com/admins/sign_in
Message:
Refused to load media from 'data:audio/mpeg;base64,//OExAAAAAAAAAAAAEluZm8AAAAHAAAABAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/P39/f39/f39/f39/f39/f39/f39/f39/f3+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/AAAAAAAAAAAAAAAAAAAAAAAAAAAAJAa/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//MUxAAAAANIAAAAAExBTUUzLjk2LjFV//MUxAsAAANIAAAAAFVVVVVVVVVVVVVV//MUxBYAAANIAAAAAFVVVVVVVVVVVVVV//MUxCEAAANIAAAAAFVVVVVVVVVVVVVV' because it violates the following Content Security Policy directive: "default-src *". Note that 'media-src' was not explicitly set, so 'default-src' is used as a fallback. Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'data:' must be added explicitly.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src *; child-src 'self' https://creditglory.s3.amazonaws.com https://creditglory-test.s3.amazonaws.com https://creditglory-development.s3.amazonaws.com https://creditglory-staging.s3.amazonaws.com https://*.creditglory.com https://www.smartcredit.com https://player.vimeo.com; connect-src 'self' https://*.authorize.net api.zippopotam.us https://*.google-analytics.com https://*.google.com https://*.doubleclick.net https://gtm.creditglory.com player.vimeo.com; font-src * data: 'unsafe-inline'; frame-ancestors 'self' https://flex.twilio.com https://crm.creditglory.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com player.vimeo.com https: data:; style-src * 'unsafe-inline'; report-uri https://sentry.io/api/5219874/security/?sentry_key=5f2c764011ab45028a283129bd9bc6a8
Strict-Transport-Security max-age=631138519 max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM flex.twilio.com
X-Xss-Protection 1; mode=block