Submitted URL: http://www.payload.co/
Effective URL: https://payload.co/
Submission: On March 09 via api from US — Scanned from DE

Summary

This website contacted 8 IPs in 2 countries across 7 domains to perform 44 HTTP transactions. The main IP is 34.67.112.186, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is payload.co. The Cisco Umbrella rank of the primary domain is 999399.
TLS certificate: Issued by R3 on February 19th 2022. Valid for: 3 months.
This is the only time payload.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
18 payload.co
www.payload.co
payload.co — Cisco Umbrella Rank: 999399
351 KB
16 fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1590
ka-p.fontawesome.com — Cisco Umbrella Rank: 3853
221 KB
4 gstatic.com
fonts.gstatic.com
91 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
20 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
2 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 194
18 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 54
37 KB
44 7
Domain Requested by
17 payload.co payload.co
15 ka-p.fontawesome.com kit.fontawesome.com
payload.co
4 fonts.gstatic.com fonts.googleapis.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 fonts.googleapis.com payload.co
1 kit.fontawesome.com payload.co
1 cdnjs.cloudflare.com payload.co
1 www.googletagmanager.com payload.co
1 www.payload.co 1 redirects
44 9

This site contains links to these domains. Also see Links.

Domain
keybox.payload.co
docs.payload.co
github.com
status.payload.co
store.payload.co
Subject Issuer Validity Valid
*.payload.co
R3
2022-02-19 -
2022-05-20
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-09-21 -
2022-09-20
a year crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1
2021-12-01 -
2023-01-01
a year crt.sh
*.gstatic.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh

This page contains 1 frames:

Primary Page: https://payload.co/
Frame ID: 86B12F6B0F94DC5466C451D3E6AAEBFA
Requests: 47 HTTP requests in this frame

Screenshot

Page Title

Payload

Page URL History Show full URLs

  1. http://www.payload.co/ HTTP 301
    https://payload.co/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • kit\.fontawesome\.com/([0-9a-z]+).js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googleapis\.com/.+webfont

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

44
Requests

98 %
HTTPS

88 %
IPv6

7
Domains

9
Subdomains

8
IPs

2
Countries

739 kB
Transfer

2171 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.payload.co/ HTTP 301
    https://payload.co/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
payload.co/
Redirect Chain
  • http://www.payload.co/
  • https://payload.co/
41 KB
10 KB
Document
General
Full URL
https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
fa8d6f11df7052117180c0317aa7d241eb62358185f658b0794f72617524fef8
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx/1.19.1
date
Wed, 09 Mar 2022 03:40:20 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
last-modified
Tue, 08 Mar 2022 13:19:48 GMT
cache-control
no-cache, no-store, must-revalidate
expires
Wed, 09 Mar 2022 15:40:20 GMT
etag
W/"1646745588.0-41960-1926959258"
pragma
no-cache
x-frame-options
SAMEORIGIN
x-xss-protection
1
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip

Redirect headers

Date
Wed, 09 Mar 2022 03:40:20 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Wed, 09 Mar 2022 04:40:20 GMT
Location
https://payload.co/
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mZ0KRqeiTgDyK6hl8tAvjw1PgQ0k4uF1whYoCXszvRPfuqu8xZXVch%2BKTu%2BhklejF%2BZc69XConKiac9WleHYsUQMCv3p1Cjg5aZoh6ZiCegL8jGMGVMPq0wPhr9c35InANI3ed0KGU%2BjDZ2isw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
6e90c9e3eec49131-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
js
www.googletagmanager.com/gtag/
92 KB
37 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-136139266-1
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3a20bd7cda265730eadbedc5a70ad8b52401dd79727ed9de851fffe0823531ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36954
x-xss-protection
0
last-modified
Wed, 09 Mar 2022 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 09 Mar 2022 03:40:21 GMT
landing_page.min.css
payload.co/lib/css/
232 KB
32 KB
Stylesheet
General
Full URL
https://payload.co/lib/css/landing_page.min.css
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
4ab87beee96ae21efbd10216e3687ed54c821e37ccfd59ef3e2f930010183bbf
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 08 Mar 2022 13:19:48 GMT
server
nginx/1.19.1
etag
W/"1646745588.0-237691-2193692136"
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding
x-xss-protection
1
expires
Wed, 09 Mar 2022 15:40:20 GMT
landing_page.min.css
payload.co/css/
24 KB
7 KB
Stylesheet
General
Full URL
https://payload.co/css/landing_page.min.css
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
4df913454fe339290d0b4051c3d9913e35b32af2c34463854185d1d3e42c6daf
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 08 Mar 2022 13:19:48 GMT
server
nginx/1.19.1
etag
W/"1646745588.0-24366-808653954"
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding
x-xss-protection
1
expires
Wed, 09 Mar 2022 15:40:20 GMT
css
fonts.googleapis.com/
26 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
53bff42130f5bff8f3a92e259f20357ad8b46271cb9daa75a9485d401aeaa77f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Mar 2022 02:24:15 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Mar 2022 03:40:21 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Mar 2022 03:40:21 GMT
css
fonts.googleapis.com/
3 KB
533 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Lato:100,300,400,700,900
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
926cedcd93b6feb903eb8fc6e6dda2f7a10e819198eaf9a9db4eb4a635d9f08a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Mar 2022 02:32:00 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 09 Mar 2022 03:40:21 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Mar 2022 03:40:21 GMT
materialdesignicons.min.css
cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/3.0.39/css/
126 KB
18 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/3.0.39/css/materialdesignicons.min.css
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aaa26a4ac399c70b0f7e6d431e32f0e68a51aff05e5632be15a0f61afa31ec34
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:20 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
750810
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
18116
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:04:00 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03cf0-1f9ce"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VM2qnUxcqU1x3uN4UUXu42b84DmijseT4LLOUFX1P71zfnd8SWH292yLWiQEXKQQ%2B26fANUxto25n6%2F%2FqmQcOaKuCT1K4FB7YFawsxCsV3d%2Fc6DVnaFyX1qJ3laieWUaWHUQ5S1tDb7uexiy3Jv9VWfG"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6e90c9e6fabe5b3e-FRA
expires
Mon, 27 Feb 2023 03:40:20 GMT
02d3253cfb.js
kit.fontawesome.com/
11 KB
4 KB
Script
General
Full URL
https://kit.fontawesome.com/02d3253cfb.js
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54b07e9219f3bbd71b3f352893ce01f4d2d24eaa6d28d3ba0afd1d0907e29b95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://payload.co/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:20 GMT
content-encoding
gzip
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-allow-methods
GET, OPTIONS
content-type
text/javascript
access-control-allow-origin
*
access-control-max-age
3000
cache-control
max-age=60, public, must-revalidate
strict-transport-security
max-age=31536000; preload
cf-ray
6e90c9e6feda928f-FRA
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
FtqZWO2x4Uw95s0erT9h
emv.svg
payload.co/img/
4 KB
2 KB
Image
General
Full URL
https://payload.co/img/emv.svg
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
7ea47d029df789dba5d3048419f895840b36b45087d1a96a4b1accd06b060f59
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
last-modified
Tue, 08 Mar 2022 13:12:22 GMT
server
nginx/1.19.1
etag
W/"1646745142.0-3948-1687226505"
vary
Accept-Encoding
content-type
image/svg+xml; charset=utf-8
cache-control
public, max-age=43200
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
expires
Wed, 09 Mar 2022 15:40:21 GMT
visa.svg
payload.co/lib/img/
1 KB
2 KB
Image
General
Full URL
https://payload.co/lib/img/visa.svg
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
52743e9957faf04644fdde6b9cecde4b51387f23c4f65a41f7d769cf422b5332
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
last-modified
Tue, 08 Mar 2022 13:15:00 GMT
server
nginx/1.19.1
etag
W/"1646745300.0-1383-2480736858"
vary
Accept-Encoding
content-type
image/svg+xml; charset=utf-8
cache-control
public, max-age=43200
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
expires
Wed, 09 Mar 2022 15:40:21 GMT
amex.svg
payload.co/lib/img/
5 KB
3 KB
Image
General
Full URL
https://payload.co/lib/img/amex.svg
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
eaa31998980b868c1ec136efe03f03e6437ccae24b99549539a6ce3077237f11
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
last-modified
Tue, 08 Mar 2022 13:14:56 GMT
server
nginx/1.19.1
etag
W/"1646745296.0-4734-2473593426"
vary
Accept-Encoding
content-type
image/svg+xml; charset=utf-8
cache-control
public, max-age=43200
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
expires
Wed, 09 Mar 2022 15:40:21 GMT
mastercard.svg
payload.co/lib/img/
3 KB
2 KB
Image
General
Full URL
https://payload.co/lib/img/mastercard.svg
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
d3d09ebf1c76e16650bad22b267bd1ed2c48440ffb16027e8d8b7f5fb441407b
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
last-modified
Tue, 08 Mar 2022 13:14:59 GMT
server
nginx/1.19.1
etag
W/"1646745299.0-3246-3678604493"
vary
Accept-Encoding
content-type
image/svg+xml; charset=utf-8
cache-control
public, max-age=43200
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
expires
Wed, 09 Mar 2022 15:40:21 GMT
landing_page.min.js
payload.co/lib/js/
765 KB
231 KB
Script
General
Full URL
https://payload.co/lib/js/landing_page.min.js
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
1e32996b58563c9c4710f3f2c1c1c4c9f8f46703b09ef48b04039354d74c1a82
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 08 Mar 2022 13:19:48 GMT
server
nginx/1.19.1
etag
W/"1646745588.0-783182-1452152080"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding
x-xss-protection
1
expires
Wed, 09 Mar 2022 15:40:21 GMT
landing_page.min.js
payload.co/js/
41 KB
15 KB
Script
General
Full URL
https://payload.co/js/landing_page.min.js
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
7e72110ec6b09019073497a388985c335a534996f51eecca18c8d68ed222654c
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 08 Mar 2022 13:19:48 GMT
server
nginx/1.19.1
etag
W/"1646745588.0-41734-114037674"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding
x-xss-protection
1
expires
Wed, 09 Mar 2022 15:40:21 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-136139266-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
328
date
Wed, 09 Mar 2022 03:34:53 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 09 Mar 2022 05:34:53 GMT
pro.min.css
ka-p.fontawesome.com/releases/v5.15.4/css/
315 KB
53 KB
Fetch
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=02d3253cfb
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/02d3253cfb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
"610ae215-d3b2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e86ff9928f-FRA
content-length
54194
pro-v4-shims.min.css
ka-p.fontawesome.com/releases/v5.15.4/css/
26 KB
4 KB
Fetch
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=02d3253cfb
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/02d3253cfb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
"610ae215-1062"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e86ff8928f-FRA
content-length
4194
pro-v4-font-face.min.css
ka-p.fontawesome.com/releases/v5.15.4/css/
27 KB
3 KB
Fetch
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=02d3253cfb
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/02d3253cfb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
"610ae215-a2b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e86ffa928f-FRA
content-length
2603
logo.png
payload.co/img/
10 KB
11 KB
Image
General
Full URL
https://payload.co/img/logo.png
Requested by
Host: payload.co
URL: https://payload.co/css/landing_page.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
52fa9822bfbc175ff06f2c0c1b32131c58bdbdb0d46bf9bdf3edfae4d3513f34
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/css/landing_page.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
last-modified
Tue, 08 Mar 2022 13:12:22 GMT
server
nginx/1.19.1
etag
"1646745142.0-9890-1838811367"
strict-transport-security
max-age=15724800; includeSubDomains
content-type
image/png
cache-control
public, max-age=43200
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
content-length
9890
expires
Wed, 09 Mar 2022 15:40:21 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v22/
23 KB
23 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v22/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:100,300,400,700,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 19:31:18 GMT
x-content-type-options
nosniff
age
547743
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23040
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:21:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 02 Mar 2023 19:31:18 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v22/
23 KB
23 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:100,300,400,700,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 19:30:55 GMT
x-content-type-options
nosniff
age
547766
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23580
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:14:03 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 02 Mar 2023 19:30:55 GMT
electrical-circuit.svg
payload.co/img/
18 KB
5 KB
Image
General
Full URL
https://payload.co/img/electrical-circuit.svg
Requested by
Host: payload.co
URL: https://payload.co/css/landing_page.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
b796a6035694f0e6e2e139e20ea9f11449b1e00e566b7c790dde15562bbab384
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/css/landing_page.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
last-modified
Tue, 08 Mar 2022 13:12:22 GMT
server
nginx/1.19.1
etag
W/"1646745142.0-18876-345247353"
vary
Accept-Encoding
content-type
image/svg+xml; charset=utf-8
cache-control
public, max-age=43200
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
expires
Wed, 09 Mar 2022 15:40:21 GMT
hexagon-outline.svg
payload.co/img/
2 KB
2 KB
Image
General
Full URL
https://payload.co/img/hexagon-outline.svg
Requested by
Host: payload.co
URL: https://payload.co/css/landing_page.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
72a2d1bd822327da155f047ec055a6bca01f09d7015f35100c668c6ebf45dccc
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/css/landing_page.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
last-modified
Tue, 08 Mar 2022 13:12:22 GMT
server
nginx/1.19.1
etag
W/"1646745142.0-2397-3941862744"
vary
Accept-Encoding
content-type
image/svg+xml; charset=utf-8
cache-control
public, max-age=43200
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
expires
Wed, 09 Mar 2022 15:40:21 GMT
hexagon-hero.svg
payload.co/img/
2 KB
2 KB
Image
General
Full URL
https://payload.co/img/hexagon-hero.svg
Requested by
Host: payload.co
URL: https://payload.co/css/landing_page.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
8c99a1dadddef3251cfb1e5391aca4fc20d0c9465f26f866ac3a4e341a58631b
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/css/landing_page.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
last-modified
Tue, 08 Mar 2022 13:12:22 GMT
server
nginx/1.19.1
etag
W/"1646745142.0-2380-3272150022"
vary
Accept-Encoding
content-type
image/svg+xml; charset=utf-8
cache-control
public, max-age=43200
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
expires
Wed, 09 Mar 2022 15:40:21 GMT
hexagon.svg
payload.co/img/
2 KB
2 KB
Image
General
Full URL
https://payload.co/img/hexagon.svg
Requested by
Host: payload.co
URL: https://payload.co/css/landing_page.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
c4cd67b5e27a761d981c2e194a7cf9533e3b8939dace07799ecf232a6eba21c3
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/css/landing_page.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
last-modified
Tue, 08 Mar 2022 13:12:22 GMT
server
nginx/1.19.1
etag
W/"1646745142.0-2374-2335771179"
vary
Accept-Encoding
content-type
image/svg+xml; charset=utf-8
cache-control
public, max-age=43200
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
expires
Wed, 09 Mar 2022 15:40:21 GMT
hexagon-black.svg
payload.co/img/
2 KB
2 KB
Image
General
Full URL
https://payload.co/img/hexagon-black.svg
Requested by
Host: payload.co
URL: https://payload.co/css/landing_page.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
e09e34b2bbb418a3e5a39add2b8a5b4de784052ac454691a34d105da5415e22f
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/css/landing_page.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
last-modified
Tue, 08 Mar 2022 13:12:22 GMT
server
nginx/1.19.1
etag
W/"1646745142.0-2394-3471510613"
vary
Accept-Encoding
content-type
image/svg+xml; charset=utf-8
cache-control
public, max-age=43200
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
expires
Wed, 09 Mar 2022 15:40:21 GMT
phone-checkout.svg
payload.co/img/
62 KB
16 KB
Image
General
Full URL
https://payload.co/img/phone-checkout.svg
Requested by
Host: payload.co
URL: https://payload.co/css/landing_page.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
ca68de2468d506f51a5917a2bd155cca83bc2e40b978c81ca60d02b907273236
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/css/landing_page.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
last-modified
Tue, 08 Mar 2022 13:12:22 GMT
server
nginx/1.19.1
etag
W/"1646745142.0-63605-3694660830"
vary
Accept-Encoding
content-type
image/svg+xml; charset=utf-8
cache-control
public, max-age=43200
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
expires
Wed, 09 Mar 2022 15:40:21 GMT
ipad-code.svg
payload.co/img/
34 KB
5 KB
Image
General
Full URL
https://payload.co/img/ipad-code.svg
Requested by
Host: payload.co
URL: https://payload.co/css/landing_page.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.67.112.186 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.67.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
f4bea26327d8f32410e1b2d2586b9a94d3ddd867f00fa63cd9321b0c3d8e6704
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://payload.co/css/landing_page.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
content-encoding
gzip
last-modified
Tue, 08 Mar 2022 13:12:22 GMT
server
nginx/1.19.1
etag
W/"1646745142.0-35067-2654145191"
vary
Accept-Encoding
content-type
image/svg+xml; charset=utf-8
cache-control
public, max-age=43200
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
strict-transport-security
max-age=15724800; includeSubDomains
expires
Wed, 09 Mar 2022 15:40:21 GMT
S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v22/
23 KB
23 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v22/S6u9w4BMUTPHh7USSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:100,300,400,700,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 19:31:18 GMT
x-content-type-options
nosniff
age
547743
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23236
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:18:07 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 02 Mar 2023 19:31:18 GMT
S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v22/
22 KB
22 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v22/S6u9w4BMUTPHh50XSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:100,300,400,700,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 19:48:01 GMT
x-content-type-options
nosniff
age
546740
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22504
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:12:50 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 02 Mar 2023 19:48:01 GMT
pro-fa-duotone-900-5.11.1.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/
13 KB
13 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-duotone-900-5.11.1.woff2
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31aca58fb9458f78e89b4c8b304e83fd2795e9527e4123a9df6d90c1070f2c49

Request headers

Referer
https://payload.co/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:58:29 GMT
server
cloudflare
etag
"610ae355-330c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e9388c928f-FRA
content-length
13068
pro-fa-duotone-900-5.12.1.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/
1 KB
2 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-duotone-900-5.12.1.woff2
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ddf4bc016e3ad2d721f2c082e8ddad23612d63d23f71e197422d930ffb8df3b

Request headers

Referer
https://payload.co/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:58:29 GMT
server
cloudflare
etag
"610ae355-5cc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e9388e928f-FRA
content-length
1484
pro-fa-brands-400-5.0.0.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/
37 KB
37 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-brands-400-5.0.0.woff2
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49fd3e0c64f247cf56cb828bc37b88cf139df6e5c7bb4c3a4507f740e9a52c17

Request headers

Referer
https://payload.co/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:58:25 GMT
server
cloudflare
etag
"610ae351-93a4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e9388f928f-FRA
content-length
37796
pro-fa-duotone-900-5.0.0.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/
27 KB
28 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-duotone-900-5.0.0.woff2
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f931c30f48b2240d4eba1be47c045c70545573713c19833a5573e0dad05a613

Request headers

Referer
https://payload.co/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:58:27 GMT
server
cloudflare
etag
"610ae353-6dc4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e93898928f-FRA
content-length
28100
pro-fa-duotone-900-5.0.13.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/
8 KB
8 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-duotone-900-5.0.13.woff2
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
828f65c6b308416be8076b92fe0511921c1d710121902678995c651e12a7a3af

Request headers

Referer
https://payload.co/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:58:28 GMT
server
cloudflare
etag
"610ae354-1eb4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e938a1928f-FRA
content-length
7860
pro-fa-duotone-900-5.5.0.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/
9 KB
9 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-duotone-900-5.5.0.woff2
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afb10edcdff581a4bbd288030c370ec4a69dd23c221b45acbcab14100d6cad43

Request headers

Referer
https://payload.co/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:58:30 GMT
server
cloudflare
etag
"610ae356-22c4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e938a3928f-FRA
content-length
8900
pro-fa-duotone-900-5.0.5.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/
3 KB
4 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-duotone-900-5.0.5.woff2
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
913b53dabfca10a9762867ed5ab47f7af52f2050faf2bc30619f7a1b3345341d

Request headers

Referer
https://payload.co/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:58:28 GMT
server
cloudflare
etag
"610ae354-dd4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e938a4928f-FRA
content-length
3540
pro-fa-duotone-900-5.2.0.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/
12 KB
12 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-duotone-900-5.2.0.woff2
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31d6ce4804e555ee3f3ecda5e7ef390576dfb114c9c4b1c248ac241e1555c93f

Request headers

Referer
https://payload.co/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:58:30 GMT
server
cloudflare
etag
"610ae356-2ee4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e938a6928f-FRA
content-length
12004
pro-fa-duotone-900-5.10.2.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/
20 KB
20 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-duotone-900-5.10.2.woff2
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b78fbbfd0b841db3ec9038287c62a7314466ee0cb785cff6daa785ee2531342

Request headers

Referer
https://payload.co/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:58:28 GMT
server
cloudflare
etag
"610ae354-4f14"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e948ad928f-FRA
content-length
20244
pro-fa-duotone-900-5.6.0.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/
10 KB
10 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-duotone-900-5.6.0.woff2
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6a2be4c2a6c16583c53076e2940f2b21b3d0c682bf66a87088e9f4d9ca91419

Request headers

Referer
https://payload.co/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:58:30 GMT
server
cloudflare
etag
"610ae356-28c8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e948b0928f-FRA
content-length
10440
pro-fa-duotone-900-5.3.0.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/
11 KB
11 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-duotone-900-5.3.0.woff2
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e947b006f327b7b137afaa96d55e934a3c1bb617afa2b85bcbf54ca99bd7b561

Request headers

Referer
https://payload.co/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:58:30 GMT
server
cloudflare
etag
"610ae356-2b5c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e948b1928f-FRA
content-length
11100
pro-fa-duotone-900-5.0.11.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/
4 KB
4 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-duotone-900-5.0.11.woff2
Requested by
Host: payload.co
URL: https://payload.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95f2e919f8b1a4dedbce317db32729dc45cea5a8fff72d78eb4b84084cfa3806

Request headers

Referer
https://payload.co/
Origin
https://payload.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 03:40:21 GMT
cf-cache-status
MISS
last-modified
Wed, 04 Aug 2021 18:58:28 GMT
server
cloudflare
etag
"610ae354-10b8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6e90c9e948b2928f-FRA
content-length
4280
collect
www.google-analytics.com/j/
1 B
202 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=552150291&t=pageview&_s=1&dl=https%3A%2F%2Fpayload.co%2F&ul=en-us&de=UTF-8&dt=Payload&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1363030358&gjid=1108716903&cid=1936163755.1646797221&tid=UA-136139266-1&_gid=1510098295.1646797221&_r=1&gtm=2ou370&z=1195136905
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://payload.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 09 Mar 2022 03:40:21 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://payload.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/
87 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f02a1991536045f3807bad97d5d53e0190efc21fe711229a41b94499a5f65ebb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
75 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a0edd774025ea92b247e69f5d43e693e78728b3db1b3ed10631e059281a711e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
37 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/gif
0bbd1e2e-e0b7-4c10-99ac-baf1361d5482
https://payload.co/
57 B
0
Other
General
Full URL
blob:https://payload.co/0bbd1e2e-e0b7-4c10-99ac-baf1361d5482
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9df481966523947a54dfd988b0be4c879040d972abd6fad44c9b07e6a62b1ebb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Length
57
Content-Type
application/javascript

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| FontAwesomeKitConfig object| gaplugins object| gaGlobal object| gaData function| ScrollReveal object| $jscomp function| $ function| jQuery function| FormSerializer function| Popper object| bootstrap function| Sugar function| WOW object| Handlebars object| intlTelInputGlobals function| define function| require object| ace object| _self object| Prism function| recaptcha object| sr

4 Cookies

Domain/Path Name / Value
.payload.co/ Name: access-token
Value: 3d80GQ60wfIv1hAh3aeB6
.payload.co/ Name: _ga
Value: GA1.2.1936163755.1646797221
.payload.co/ Name: _gid
Value: GA1.2.1510098295.1646797221
.payload.co/ Name: _gat_gtag_UA_136139266_1
Value: 1

1 Console Messages

Source Level URL
Text
worker error URL: blob:https://payload.co/0bbd1e2e-e0b7-4c10-99ac-baf1361d5482
Message:
Uncaught NetworkError: Failed to execute 'importScripts' on 'WorkerGlobalScope': The script at 'https://payload.co/worker-javascript.js' failed to load.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' payload.co pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdn.3dsintegrator.com cdnjs.cloudflare.com img3.forte.net browser.sentry-cdn.com *.fontawesome.com cdn.plaid.com; img-src 'self' data: payload.co gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com; default-src 'self' payload.co *.payload.co *.payload.co fonts.gstatic.com cdnjs.cloudflare.com cdn.plaid.com; style-src 'self' 'unsafe-inline' payload.co fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' ws: wss: payload.co *.payload.co *.payload.co *.3dsintegrator.com www.google-analytics.com *.ingest.sentry.io *.fontawesome.com; report-uri /csp_report; worker-src 'self' blob:; frame-src 'self' payload.co www.google.com acs.3dsintegrator.com *.3dsintegrator.com *.visa.com *.cardinalcommerce.com secure4.arcot.com pay.google.com cdn.plaid.com; font-src 'self' data: payload.co fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
ka-p.fontawesome.com
kit.fontawesome.com
payload.co
www.google-analytics.com
www.googletagmanager.com
www.payload.co
2606:4700:3031::6815:1637
2606:4700::6810:125e
2606:4700::6812:1734
2a00:1450:4001:801::200e
2a00:1450:4001:803::2008
2a00:1450:4001:812::2003
2a00:1450:4001:812::200a
34.67.112.186
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429
1b78fbbfd0b841db3ec9038287c62a7314466ee0cb785cff6daa785ee2531342
1e32996b58563c9c4710f3f2c1c1c4c9f8f46703b09ef48b04039354d74c1a82
2f931c30f48b2240d4eba1be47c045c70545573713c19833a5573e0dad05a613
31aca58fb9458f78e89b4c8b304e83fd2795e9527e4123a9df6d90c1070f2c49
31d6ce4804e555ee3f3ecda5e7ef390576dfb114c9c4b1c248ac241e1555c93f
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d
3a0edd774025ea92b247e69f5d43e693e78728b3db1b3ed10631e059281a711e
3a20bd7cda265730eadbedc5a70ad8b52401dd79727ed9de851fffe0823531ab
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6
49fd3e0c64f247cf56cb828bc37b88cf139df6e5c7bb4c3a4507f740e9a52c17
4ab87beee96ae21efbd10216e3687ed54c821e37ccfd59ef3e2f930010183bbf
4df913454fe339290d0b4051c3d9913e35b32af2c34463854185d1d3e42c6daf
52743e9957faf04644fdde6b9cecde4b51387f23c4f65a41f7d769cf422b5332
52fa9822bfbc175ff06f2c0c1b32131c58bdbdb0d46bf9bdf3edfae4d3513f34
53bff42130f5bff8f3a92e259f20357ad8b46271cb9daa75a9485d401aeaa77f
54b07e9219f3bbd71b3f352893ce01f4d2d24eaa6d28d3ba0afd1d0907e29b95
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ddf4bc016e3ad2d721f2c082e8ddad23612d63d23f71e197422d930ffb8df3b
72a2d1bd822327da155f047ec055a6bca01f09d7015f35100c668c6ebf45dccc
7e72110ec6b09019073497a388985c335a534996f51eecca18c8d68ed222654c
7ea47d029df789dba5d3048419f895840b36b45087d1a96a4b1accd06b060f59
828f65c6b308416be8076b92fe0511921c1d710121902678995c651e12a7a3af
8c99a1dadddef3251cfb1e5391aca4fc20d0c9465f26f866ac3a4e341a58631b
913b53dabfca10a9762867ed5ab47f7af52f2050faf2bc30619f7a1b3345341d
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
926cedcd93b6feb903eb8fc6e6dda2f7a10e819198eaf9a9db4eb4a635d9f08a
95f2e919f8b1a4dedbce317db32729dc45cea5a8fff72d78eb4b84084cfa3806
9df481966523947a54dfd988b0be4c879040d972abd6fad44c9b07e6a62b1ebb
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60
aaa26a4ac399c70b0f7e6d431e32f0e68a51aff05e5632be15a0f61afa31ec34
afb10edcdff581a4bbd288030c370ec4a69dd23c221b45acbcab14100d6cad43
b6a2be4c2a6c16583c53076e2940f2b21b3d0c682bf66a87088e9f4d9ca91419
b796a6035694f0e6e2e139e20ea9f11449b1e00e566b7c790dde15562bbab384
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c4cd67b5e27a761d981c2e194a7cf9533e3b8939dace07799ecf232a6eba21c3
ca68de2468d506f51a5917a2bd155cca83bc2e40b978c81ca60d02b907273236
d3d09ebf1c76e16650bad22b267bd1ed2c48440ffb16027e8d8b7f5fb441407b
e09e34b2bbb418a3e5a39add2b8a5b4de784052ac454691a34d105da5415e22f
e947b006f327b7b137afaa96d55e934a3c1bb617afa2b85bcbf54ca99bd7b561
eaa31998980b868c1ec136efe03f03e6437ccae24b99549539a6ce3077237f11
f02a1991536045f3807bad97d5d53e0190efc21fe711229a41b94499a5f65ebb
f4bea26327d8f32410e1b2d2586b9a94d3ddd867f00fa63cd9321b0c3d8e6704
fa8d6f11df7052117180c0317aa7d241eb62358185f658b0794f72617524fef8