hackerone.com Open in urlscan Pro
2606:4700::6810:6334 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hackerone.com/reports/1784645
Submission: On January 18 via api (January 18th 2023, 3:45:21 pm UTC) from US — Scanned from DE

Summary HTTP 39 Redirects Links 59 Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 39 HTTP transactions. The main IP is 2606:4700::6810:6334, located in United States and belongs to CLOUDFLARENET, US. The main domain is hackerone.com. The Cisco Umbrella rank of the primary domain is 101070.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 21st 2022. Valid for: a year.

This is the only time hackerone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	2606:4700::68... 2606:4700::6810:6334	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:eb35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.92.251.58 52.92.251.58	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:214... 2600:9000:214f:6000:4:4c7d:87c0:93a1	16509 (AMAZON-02) (AMAZON-02)
39	5

33 2606:4700::6810:6334 (United States)

ASN13335 (CLOUDFLARENET, US)

hackerone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eb35 (United States)

ASN13335 (CLOUDFLARENET, US)

errors.hackerone.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.92.251.58 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-r-w.amazonaws.com

hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:6000:4:4c7d:87c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

profile-photos.hackerone-user-content.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	hackerone.com hackerone.com — Cisco Umbrella Rank: 101070	2 MB
2	amazonaws.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com — Cisco Umbrella Rank: 777993	14 KB
1	hackerone-user-content.com profile-photos.hackerone-user-content.com	5 KB
1	hackerone.net errors.hackerone.net	501 B
39	4

	Domain	Requested by
33	hackerone.com	hackerone.com
2	hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
1	profile-photos.hackerone-user-content.com
1	errors.hackerone.net	hackerone.com
39	4

This site contains links to these domains. Also see Links.

Domain
www.hackerone.com
docs.hackerone.com
www.facebook.com
twitter.com
www.linkedin.com
news.ycombinator.com
www.reddit.com
github.com
nvd.nist.gov

Subject Issuer	Validity	Valid
hackerone.com DigiCert SHA2 Extended Validation Server CA	`2022-02-21` - `2023-03-24`	a year	crt.sh
errors.hackerone.net DigiCert SHA2 Extended Validation Server CA	`2022-01-12` - `2023-02-12`	a year	crt.sh
*.s3-us-west-2.amazonaws.com Amazon	`2022-09-21` - `2023-08-24`	a year	crt.sh
profile-photos.hackerone-user-content.com Amazon	`2022-05-16` - `2023-06-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://hackerone.com/reports/1784645
Frame ID: 345CE3F62128149814F94EE625E419A3
Requests: 40 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

#1784645 Passcode bypass on Talk Android appMenuMenu

Page Statistics

39
Requests

95 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

2014 kB
Transfer

6509 kB
Size

5
Cookies

59 Outgoing links

These are links going to different origins than the main page.

URL: https://www.hackerone.com/solutions/attack-resistance-management
Title: Attack Resistance Management

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/solutions/vulnerability-management-system
Title: Vulnerability Management

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/solutions/cloud-security-solution
Title: Cloud Security

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/solutions/application-security-testing-software
Title: Application Security

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/solutions/financial-services
Title: Financial Services

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/solutions/government
Title: Government

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/solutions/united-states-federal
Title: US Federal

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/contact
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/security-incident
Title: Contacted by a hacker?

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/product/overview
Title: Platform Overview

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/product/bug-bounty-platform
Title: HackerOne Bounty

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/product/attack-surface-management
Title: HackerOne Assets

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/product/response-vulnerability-disclosure-program
Title: HackerOne Response (VDP)

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/services
Title: HackerOne Services

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/product/insights
Title: HackerOne Insights

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/product/security-assessments
Title: HackerOne Assessments

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/product/pentest
Title: HackerOne Pentests

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/partners
Title: Partner Overview

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/partners/integrations
Title: Integrations

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/partners/aws
Title: AWS

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/company
Title: About us

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/leadership
Title: Leadership

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/trust
Title: Trust

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/press
Title: Press

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/press-archive
Title: Press Releases

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/hackers
Title: Hackers

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/hackers/hacker101
Title: Hacker101

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/hacktivity
Title: Hacktivity

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/leaderboard
Title: Leaderboard

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/hacktivitycon
Title: h@cktivitycon

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/resources
Title: Resource Center

Search URL Search Domain Scan URL

URL: https://docs.hackerone.com/
Title: Documentation

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/customer-stories
Title: Meet our Successful Customers

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/events
Title: Events

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/security-at
Title: Security@ Conference

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/knowledge-center/what-application-security-concepts-tools-best-practices
Title: Application Security

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/knowledge-center/attack-surface-and-how-analyze-manage-and-reduce-it
Title: Attack Surface

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/knowledge-center/cloud-security-challenges-solutions-and-best-practices
Title: Cloud Security

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/knowledge-center/16-types-cybersecurity-attacks-and-how-prevent-them
Title: Cybersecurity Attacks

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/knowledge-center/devsecops-quick-guide-process-tools-and-best-practices
Title: DevSecOps

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/knowledge-center/what-vulnerability-assessment-benefits-tools-and-process
Title: Vulnerability Assessment

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/knowledge-center/what-penetration-testing-how-does-it-work-step-step
Title: Penetration Testing

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/knowledge-center/beyond-owasp-top-ten-13-resources-boost-your-security
Title: OWASP

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/vulnerability-and-security-testing-blog
Title: Blog

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/blog/category/application-security
Title: Application Security

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/company-news
Title: Company News

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/blog/category/ethical-hacker
Title: Ethical Hacker

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/blog/category/penetration-testing
Title: Penetration Testing

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/blog/category/security-compliance
Title: Security Compliance

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/blog/category/vulnerability-management
Title: Vulnerability Management

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/hackerone-community-blog
Title: Community

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fhackerone.com%2Freports%2F1784645

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A%2F%2Fhackerone.com%2Freports%2F1784645&text=Passcode%20bypass%20on%20Talk%20Android%20app

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?url=https%3A%2F%2Fhackerone.com%2Freports%2F1784645

Search URL Search Domain Scan URL

URL: https://news.ycombinator.com/submitlink?u=https%3A%2F%2Fhackerone.com%2Freports%2F1784645&t=Passcode%20bypass%20on%20Talk%20Android%20app

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Fhackerone.com%2Freports%2F1784645&title=Passcode%20bypass%20on%20Talk%20Android%20app

Search URL Search Domain Scan URL

URL: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx
Title: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-22473
Title: CVE-2023-22473

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 1784645 Show response
hackerone.com/reports/ 3 KB
3 KB 373ms
273ms Document
text/html 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/reports/1784645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eeb24c4382dba20a6d9eff60ad8bf5758746733234d8c3f9f90cff08892e3c20

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com 'nonce-B1oa+E5Fy4xNV8ENgwfSp3vmkMQfutD3PfdTzM9e0B8=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
cf-cache-status: DYNAMIC
cf-ray: 78b874ef9e235b32-FRA
content-disposition: inline; filename="response.html"
content-encoding: br
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com 'nonce-B1oa+E5Fy4xNV8ENgwfSp3vmkMQfutD3PfdTzM9e0B8=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
content-type: text/html; charset=utf-8
date: Wed, 18 Jan 2023 15:45:17 GMT
etag: W/"eeb24c4382dba20a6d9eff60ad8bf575"
expect-ct: enforce, max-age=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: DENY
x-permitted-cross-domain-policies: none
x-request-id: a050ef8d-8b1f-4303-89c4-d4f5d50cfbcd
x-xss-protection: 1; mode=block

GET
H2 200 vendor.8b11831d.css
hackerone.com/assets/static/css/ 21 KB
3 KB 30ms
29ms Stylesheet
text/css 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/css/vendor.8b11831d.css

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1784645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36187916bcf2c2c53d9ea7d03eef30aa6e67c12b2c8a47b0051d2c231d7f524e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1784645
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1309471
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 22 Dec 2022 20:30:42 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b874f1589f5b32-FRA
expires: Sat, 18 Feb 2023 15:45:17 GMT

GET
H2 200 main.663e9ed9.css
hackerone.com/assets/static/css/ 559 KB
86 KB 28ms
27ms Stylesheet
text/css 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/css/main.663e9ed9.css

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1784645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2a92438ec4c28caeabe39ef682e198e987d9b768ec074d266640977211298b3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1784645
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 6775
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 18 Jan 2023 13:37:36 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b874f158a15b32-FRA
expires: Sat, 18 Feb 2023 15:45:17 GMT

GET
H2 200 constants-2200e97687727c380b7c6b27ded47d3ca3ead752fa8f2ec592dab15bb116ec45.js Show response
hackerone.com/assets/ 51 KB
18 KB 26ms
26ms Script
application/javascript 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/constants-2200e97687727c380b7c6b27ded47d3ca3ead752fa8f2ec592dab15bb116ec45.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1784645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2200e97687727c380b7c6b27ded47d3ca3ead752fa8f2ec592dab15bb116ec45

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1784645
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 5242
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 18 Jan 2023 13:27:51 GMT
server: cloudflare
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b874f158a25b32-FRA
expires: Sat, 18 Feb 2023 15:45:17 GMT

GET
H2 200 vendor.778b489d.js Show response
hackerone.com/assets/static/js/ 4 MB
864 KB 29ms
28ms Script
application/javascript 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/js/vendor.778b489d.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1784645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

112f1250845793e059e921359e1acb2f4f8fe523ee5922cee2b3d1c11a5cd92e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1784645
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 7588
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 18 Jan 2023 13:37:36 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b874f158a35b32-FRA
expires: Sat, 18 Feb 2023 15:45:17 GMT

GET
H2 200 main.b573f0eb.js Show response
hackerone.com/assets/static/js/ 2 MB
438 KB 28ms
28ms Script
application/javascript 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/js/main.b573f0eb.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1784645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66473ca930a07fb9591f7cefa837710bfc2b26d62fb22d28ed04486eab6715d2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1784645
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 5243
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 18 Jan 2023 14:16:10 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b874f158a45b32-FRA
expires: Sat, 18 Feb 2023 15:45:17 GMT

POST
H2 200 /
errors.hackerone.net/api/30/security/ 0
501 B 348ms
220ms Other
text/plain 2606:4700::6811:eb35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1784645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:eb35 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; block-all-mixed-content; form-action 'none'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/34/csp-report/?sentry_key=959b5f6ed24d477c928e8dd455cc5071
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 18 Jan 2023 15:45:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'none'; block-all-mixed-content; form-action 'none'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/34/csp-report/?sentry_key=959b5f6ed24d477c928e8dd455cc5071
server: cloudflare
x-frame-options: DENY
vary: Origin
access-control-allow-origin: https://hackerone.com
access-control-expose-headers: retry-after, x-sentry-rate-limits, x-sentry-error
cf-ray: 78b874f23e3f9174-FRA
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 200 gates Show response
hackerone.com/ 2 B
2 KB 190ms
190ms XHR
application/json 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/gates

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://hackerone.com/reports/1784645
X-CSRF-Token: 9dcUV43mdOla43Q9cP7hASEPGoMCWddc1zKOuPB79+EJagDd1QZ1jpsTfCKCJu7ECR5VH1rBq4tlPIlgg20GvA==
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response.json"
x-xss-protection: 1; mode=block
x-request-id: ed67c92d-7c4f-4516-8ecb-a847c14c3b57
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"44136fa355b3678a1146ad16f7e8649e"
x-download-options: noopen
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
expect-ct: enforce, max-age=86400
cache-control: no-store
cf-ray: 78b874f2aa855b32-FRA

POST
H2 200 graphql Show response
hackerone.com/ 11 KB
3 KB 547ms
546ms Fetch
application/json 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dfccf14522ea5aa896b8759d046721eaefe6b9f7a65139d0b132759b0a37053b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: 9dcUV43mdOla43Q9cP7hASEPGoMCWddc1zKOuPB79+EJagDd1QZ1jpsTfCKCJu7ECR5VH1rBq4tlPIlgg20GvA==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
content-type: application/json
x-product-feature: other
accept: */*
x-product-area: other
Referer: https://hackerone.com/reports/1784645

Response headers

date: Wed, 18 Jan 2023 15:45:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: d6de39b0-ceae-4422-bbde-f6f1458b5e89
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"dfccf14522ea5aa896b8759d046721ea"
x-download-options: noopen
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
expect-ct: enforce, max-age=86400
cache-control: no-store
cf-ray: 78b874f4edd25b32-FRA

POST
H2 200 graphql Show response
hackerone.com/ 245 B
1 KB 226ms
226ms Fetch
application/json 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90800ce12f7d00bc8e0d0512c32ef725e3be2547ac7a721d90ca1ed9ef1f25b6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: 9dcUV43mdOla43Q9cP7hASEPGoMCWddc1zKOuPB79+EJagDd1QZ1jpsTfCKCJu7ECR5VH1rBq4tlPIlgg20GvA==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
content-type: application/json
x-product-feature: other
accept: */*
x-product-area: other
Referer: https://hackerone.com/reports/1784645

Response headers

date: Wed, 18 Jan 2023 15:45:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: 0a2fccea-5398-48fd-b51c-5e870a44f17d
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"90800ce12f7d00bc8e0d0512c32ef725"
x-download-options: noopen
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
expect-ct: enforce, max-age=86400
cache-control: no-store
cf-ray: 78b874f4edd85b32-FRA

GET
H2 200 6335.11a53ef4.chunk.js Show response
hackerone.com/assets/static/js/ 449 B
1 KB 24ms
24ms Script
application/javascript 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/js/6335.11a53ef4.chunk.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.b573f0eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58b6f291fd9b452cac840b8fd58ad5acb090e117929fd3a1cf83a3e7b59777a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1784645
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 539618
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 11 Jan 2023 11:47:11 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b874f8ab7f5b32-FRA
expires: Sat, 18 Feb 2023 15:45:18 GMT

GET
H2 200 9261.b5134e6c.chunk.js Show response
hackerone.com/assets/static/js/ 2 KB
932 B 36ms
35ms Script
application/javascript 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/js/9261.b5134e6c.chunk.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.b573f0eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1628118957d7a2a45f78ca1e22852070e2e89bded736f19ecdf2400ee3818057

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1784645
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1203395
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 04 Jan 2023 16:16:18 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b874f8ab825b32-FRA
expires: Sat, 18 Feb 2023 15:45:18 GMT

GET
H2 200 chevron-left.a035abc1dda32a1b506721df22dadee4.svg Show response
hackerone.com/assets/static/media/ 161 B
238 B 43ms
43ms XHR
image/svg+xml 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/chevron-left.a035abc1dda32a1b506721df22dadee4.svg

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66a1750b4eaba9bc9006423272119330f9391be376bbf1dbc8c57e3ca0ad8cc6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1784645
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1792735
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 22 Dec 2022 20:30:42 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b874f8ab875b32-FRA
expires: Sat, 18 Feb 2023 15:45:18 GMT

GET
H2 200 1784645.json Show response
hackerone.com/reports/ 30 KB
7 KB 2285ms
2284ms XHR
application/json 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/reports/1784645.json

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8e25b85ff15f43278a50c84a430c9d63ba1beffffec027d69e2fa85a84f8b34

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://hackerone.com/reports/1784645
X-CSRF-Token: 9dcUV43mdOla43Q9cP7hASEPGoMCWddc1zKOuPB79+EJagDd1QZ1jpsTfCKCJu7ECR5VH1rBq4tlPIlgg20GvA==
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
content-disposition: inline; filename="response.json"
x-xss-protection: 1; mode=block
x-request-id: 4fee3258-736e-416b-a241-2a809e2e0b92
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"d8e25b85ff15f43278a50c84a430c9d6"
x-download-options: noopen
x-frame-options: DENY
content-type: application/json; charset=utf-8
expect-ct: enforce, max-age=86400
cache-control: no-store
cf-ray: 78b874f8fbf95b32-FRA

GET
H2 200 sidebar-expand.8715a037a403b68aea530265e6ba4dd9.svg Show response
hackerone.com/assets/static/media/ 304 B
271 B 40ms
40ms XHR
image/svg+xml 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/sidebar-expand.8715a037a403b68aea530265e6ba4dd9.svg

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29184e7e7ab81e3a3a03b7878c141d52a2102e6c8fb28525037f97e3e4005ad0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1784645
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1786716
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 22 Dec 2022 20:30:42 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b874f8fc035b32-FRA
expires: Sat, 18 Feb 2023 15:45:18 GMT

POST
H2 200 graphql Show response
hackerone.com/ 701 B
2 KB 732ms
731ms Fetch
application/json 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3c3c40881b7a267c7cb00ed04217e4c31d4bd16d1eaa14cb6f2bcbed4ac9b18

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: 9dcUV43mdOla43Q9cP7hASEPGoMCWddc1zKOuPB79+EJagDd1QZ1jpsTfCKCJu7ECR5VH1rBq4tlPIlgg20GvA==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1784645

Response headers

date: Wed, 18 Jan 2023 15:45:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: d89ec19e-bcbd-413b-ac03-5699221243af
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"e3c3c40881b7a267c7cb00ed04217e4c"
x-download-options: noopen
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
expect-ct: enforce, max-age=86400
cache-control: no-store
cf-ray: 78b874f90c1f5b32-FRA

POST
H2 200 graphql Show response
hackerone.com/ 397 B
2 KB 372ms
372ms Fetch
application/json 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83fb02e253908221d755009f6dbf68d57799d5659a446f735ab4ff12060402ed

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: 9dcUV43mdOla43Q9cP7hASEPGoMCWddc1zKOuPB79+EJagDd1QZ1jpsTfCKCJu7ECR5VH1rBq4tlPIlgg20GvA==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1784645

Response headers

date: Wed, 18 Jan 2023 15:45:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: df150d64-6939-4173-851a-f1b9e28a95db
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"83fb02e253908221d755009f6dbf68d5"
x-download-options: noopen
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
expect-ct: enforce, max-age=86400
cache-control: no-store
cf-ray: 78b874f90c225b32-FRA

GET
DATA 200
OK truncated
/ 161 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77a39b17916dc620e07d86cc1fef024e93f607ca39e4a2ee957755648c5ee80c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 Poppins-SemiBold.cce5625b56ec678e4202.ttf
hackerone.com/assets/static/media/ 152 KB
152 KB 29ms
29ms Font
application/octet-stream 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/Poppins-SemiBold.cce5625b56ec678e4202.ttf

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.663e9ed9.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf9c1ff640acc8bb5441a9b564360943f9db90969742aa33a36329b2828d2759

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/css/main.663e9ed9.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 663682
content-length: 155192
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 10 Jan 2023 20:03:19 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/octet-stream
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 78b874f91c435b32-FRA
expires: Sat, 18 Feb 2023 15:45:18 GMT

GET
H2 200 Poppins-Regular.8081832fc5cfbf634aa6.ttf
hackerone.com/assets/static/media/ 154 KB
155 KB 26ms
25ms Font
application/octet-stream 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/Poppins-Regular.8081832fc5cfbf634aa6.ttf

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.663e9ed9.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/css/main.663e9ed9.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1790824
content-length: 158192
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 22 Dec 2022 20:30:43 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/octet-stream
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 78b874f91c495b32-FRA
expires: Sat, 18 Feb 2023 15:45:18 GMT

GET
H2 200 UbuntuMono-Bold.e7cc8f5c505bc1717762.ttf
hackerone.com/assets/static/media/ 170 KB
170 KB 34ms
34ms Font
application/octet-stream 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/UbuntuMono-Bold.e7cc8f5c505bc1717762.ttf

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.663e9ed9.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1febee51defc0145669117eae46e891ca4e3e4b9836cfe494c822062d300fa2b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/css/main.663e9ed9.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1790824
content-length: 174008
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 22 Dec 2022 20:30:42 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/octet-stream
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 78b874f91c4d5b32-FRA
expires: Sat, 18 Feb 2023 15:45:18 GMT

GET
H2 200 logo-white.32021b7f9d0cc11235a5f8fb15c91697.svg
hackerone.com/assets/static/media/ 6 KB
3 KB 28ms
28ms Image
image/svg+xml 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hackerone.com/assets/static/media/logo-white.32021b7f9d0cc11235a5f8fb15c91697.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d04d9b6203e0a41075d3283ef1ba7e4786bd6964d0b6006f6fbfad2aefbecb99

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1784645
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1792581
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 22 Dec 2022 20:30:42 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b874f93c6f5b32-FRA
expires: Sat, 18 Feb 2023 15:45:18 GMT

POST
H2 200 events Show response
hackerone.com/ 32 B
2 KB 831ms
830ms Fetch
application/json 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/events

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

815b69b828e2756ab81ee652d5a7179399f5f845ee5cf662a68257020e5764c3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://hackerone.com/reports/1784645
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 18 Jan 2023 15:45:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: b3353b92-7fcc-4ec6-9fd4-f26936a67e12
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"815b69b828e2756ab81ee652d5a71793"
x-download-options: noopen
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
expect-ct: enforce, max-age=86400
cache-control: no-store
cf-ray: 78b874faff1f5b32-FRA

GET
H2 200 edit.0d86487cdb411dca795307bacf71c61d.svg Show response
hackerone.com/assets/static/media/ 276 B
1 KB 38ms
37ms XHR
image/svg+xml 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/edit.0d86487cdb411dca795307bacf71c61d.svg

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f5ab1c0873416012a02bf62b119978c922dcec241b60eeeda727559e536b7dd

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1784645
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 343337
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 14 Jan 2023 05:29:38 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b874fb7fd05b32-FRA
expires: Sat, 18 Feb 2023 15:45:18 GMT

GET
H2 200 plus-light.8c4f2f9e022ea6e2b184bd898aab3cab.svg Show response
hackerone.com/assets/static/media/ 251 B
258 B 47ms
46ms XHR
image/svg+xml 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/plus-light.8c4f2f9e022ea6e2b184bd898aab3cab.svg

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abf812db4242d3e4f93c1de48dfa58dec2fc39b9611ccf8ac34549ff78f89856

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1784645
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 269618
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 14 Jan 2023 05:29:38 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b874fb7fd45b32-FRA
expires: Sat, 18 Feb 2023 15:45:18 GMT

POST
H2 200 graphql Show response
hackerone.com/ 5 KB
3 KB 696ms
695ms Fetch
application/json 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04894805d0630a46396af914316ae2da4afe504707d42f38c9c2f4e4dd5bd7db

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: 9dcUV43mdOla43Q9cP7hASEPGoMCWddc1zKOuPB79+EJagDd1QZ1jpsTfCKCJu7ECR5VH1rBq4tlPIlgg20GvA==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1784645

Response headers

date: Wed, 18 Jan 2023 15:45:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: 41e09b7a-b454-40dd-916f-d4dbc9c58905
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"04894805d0630a46396af914316ae2da"
x-download-options: noopen
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
expect-ct: enforce, max-age=86400
cache-control: no-store
cf-ray: 78b874fb8fd65b32-FRA

GET
H2 200 effra-regular.58638933bea19af32939.woff
hackerone.com/assets/static/media/ 26 KB
26 KB 32ms
32ms Font
application/font-woff 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/effra-regular.58638933bea19af32939.woff

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.663e9ed9.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

447f89ebd0d856515058930185bfe0eb54716368f39d2be50bde10bb296e8e89

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/css/main.663e9ed9.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1792396
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 22 Dec 2022 20:30:42 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/font-woff
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b874fb8fdd5b32-FRA
expires: Sat, 18 Feb 2023 15:45:18 GMT

GET
H/1.1 200
OK d2d640aacb6962bf73e03f60a5edac1c4341ce3bb32c7b8eeb328ea1d823d386
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/cigt04211r63wlfreuzbimb8bbhp/ 6 KB
7 KB 610ms
221ms Image
image/jpeg 52.92.251.58
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/cigt04211r63wlfreuzbimb8bbhp/d2d640aacb6962bf73e03f60a5edac1c4341ce3bb32c7b8eeb328ea1d823d386?response-content-disposition=inline%3B%20filename%3D%22242508801_223904489772489_2500269837231520868_n.jpeg%22%3B%20filename%2A%3DUTF-8%27%27242508801_223904489772489_2500269837231520868_n.jpeg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQQYSR4KWZ%2F20230118%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20230118T154519Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQCmUveuVNc%2BDe1QDE%2FF7NfSByOrZ8CHKjvC2WyYuOLKHAIgXC7f1tD6PRVxkIUoID6SVWtB69ghkLrz0b74EQkeBBIqzAQIXhADGgwwMTM2MTkyNzQ4NDkiDEsCT9zKkyThziX7HiqpBLImNJ3RLbi8ljH4MvKQPOaKTr8nt4U4bK2JtqV%2FX5TFtDypS23UIm%2BHbZeCoXMzqvoStdWaXNJ02ANktaYpclh%2BRjWgFhbKXtLL3z0LRJcykni%2B%2F5DrJ9jug9a5T7SZHzHupVf27sh%2B%2B9WIThaWhIKd04oVZh%2FyQfAhx0hMXLzjfGA%2Bh2IwjIcLR1olTDXRpJIWoFm5BIatueM1keASaY%2BTuJ8ucaaZA8XWs7NIVg%2FvUsXH3VMSitbjFmvg3EZVu7noYqXi0s3V1LUEj0GzgLmAqhz6pgH3pfznsavnKj6VkJflAm7wCpv4JI1k4WgyLzqfnw6zdtIIOvYe0F6M9%2FIKspwedHLgoSbuu%2B2Vt1m1j4xjzdSk6rsJCy246tSmN1pZTR2AXc2B4DtI7SZI%2FhCad5ykNcb%2BkgUxskJQNybkVKAdoUUSiRLmf9%2FJx%2FkLMsZ7Kwqp6ugj9GFFD50MaHk%2Fn998uWwM%2BP6%2FoJNxMfvzd0rCkfbeZnmwqK39OM3na0xAKqPedXaZm16SWMOYLQpFfIP%2BAmtuY4kJDJFxbuIIHe0P8xCGzXdWlQ55ea1s5%2FJLIhDmmMgPCbO%2BKalbF68QfynZGtuKtRVUTMrAmyKYC4WTJFEy2ctuT48SXZ7L5NvXj370QFzulv29cAEfOSWl1A6Hoz%2FVWY%2BR8%2BVGlA2ytyzOg7FBsktSjj1BePH2q9sYuAMOWEPr7CHzMQWQANSuVep9Mgn1dcUwsuafngY6qQELuiCcGWEI%2BeSUqDn4PVCIgukw%2BuRIHwNpcrpyrGzDIz4PNdswBmaYtL11zarFKArFcu33lhXx5N1VielI6I5KskHGpsFpO60Gdy6GOkpp2PO%2B6efCsnStzCkURTltLlWAv8o3OtBiRthgjPAaeWc49Rwpj5l1%2Fl0DZiBECepFMCjgtwyuEEOGXMkwixSxlzKLAExSGT7kBLPor4Yg3bfJibSGhoK5PqD%2F&X-Amz-SignedHeaders=host&X-Amz-Signature=28a4555a07f5205080ddeca39f29d72842d7de0a722b7c525474f37340e70b9a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.92.251.58 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 26371101f650373eebbbbd7f29bb11e044e6a7287fa830266c841755c6f563cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Wed, 18 Jan 2023 15:45:20 GMT
x-amz-version-id: nE4aLlhrisZ8qZyPuh8IHvNMscLrQLhI
Last-Modified: Wed, 07 Sep 2022 10:13:45 GMT
Server: AmazonS3
x-amz-request-id: JKHW3XN7Z68W2AB4
ETag: "cc7659e549dacfd3e0ff5c8048469bc6"
x-amz-server-side-encryption: AES256
Content-Type: image/jpeg
Cache-Control: private, no-cache, no-store, must-revalidate
x-amz-replication-status: COMPLETED
Content-Disposition: inline; filename="242508801_223904489772489_2500269837231520868_n.jpeg"; filename*=UTF-8''242508801_223904489772489_2500269837231520868_n.jpeg
Accept-Ranges: bytes
Content-Length: 6585
x-amz-id-2: TE0P6C2IvBW9dGp9PyY28YtpfpF0eNmyZYZ6B4PXNcqyT5Fdr718ZDSStOugkPIR5wZIJv80rec=

GET
H2 200 effra-medium.21ad2cc3831b535ed009.woff
hackerone.com/assets/static/media/ 24 KB
24 KB 28ms
27ms Font
application/font-woff 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/effra-medium.21ad2cc3831b535ed009.woff

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.663e9ed9.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93102c54e14f85b42e97b24077e6cd2fc83d9be4b7a659bece4568d7af47863c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/css/main.663e9ed9.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1792398
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 22 Dec 2022 20:30:43 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/font-woff
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b875001e315b32-FRA
expires: Sat, 18 Feb 2023 15:45:19 GMT

POST
H2 200 events Show response
hackerone.com/ 32 B
2 KB 204ms
204ms Fetch
application/json 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/events

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

815b69b828e2756ab81ee652d5a7179399f5f845ee5cf662a68257020e5764c3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://hackerone.com/reports/1784645
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 18 Jan 2023 15:45:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: 9905dc71-e150-44ce-b1a3-446cf39cbfdf
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"815b69b828e2756ab81ee652d5a71793"
x-download-options: noopen
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
expect-ct: enforce, max-age=86400
cache-control: no-store
cf-ray: 78b875068f745b32-FRA

GET participants
hackerone.com/reports/1784645/ 0
0

GET
H2 200 baseline_arrow_drop_up.5019adc68b4ed2e827b0ba9395f0f815.svg Show response
hackerone.com/assets/static/media/ 451 B
1 KB 17ms
17ms XHR
image/svg+xml 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/baseline_arrow_drop_up.5019adc68b4ed2e827b0ba9395f0f815.svg

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1858984bd0041e7013109298629cbba60b3ff6b12258cfd60572fbf77e713f84

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1784645
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1788304
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 22 Dec 2022 20:30:43 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b8750768db5b32-FRA
expires: Sat, 18 Feb 2023 15:45:20 GMT

GET
H2 200 outline.693a3948b67c9350e659d1c1147f6ad0.svg Show response
hackerone.com/assets/static/media/ 249 B
231 B 22ms
22ms XHR
image/svg+xml 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/outline.693a3948b67c9350e659d1c1147f6ad0.svg

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

591fa81a8939778c37eee1f3e5e781e648aa88024a3e6b8cb45410c68b13894c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1784645
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1490717
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 22 Dec 2022 20:30:43 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 78b8750768de5b32-FRA
expires: Sat, 18 Feb 2023 15:45:20 GMT

GET
H2 200 hackerone.28988fd0c3628ca2df69.ttf
hackerone.com/assets/static/media/ 10 KB
10 KB 21ms
21ms Font
application/octet-stream 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/hackerone.28988fd0c3628ca2df69.ttf

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.663e9ed9.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac29c7c90220cf0e4ac4bcf95ffb5249c9d075ac3c97e2e29f80926ff400863b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/css/main.663e9ed9.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1792504
content-length: 10596
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 22 Dec 2022 20:30:43 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/octet-stream
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 78b8750778e25b32-FRA
expires: Sat, 18 Feb 2023 15:45:20 GMT

GET
H2 200 866ee71cd31a762660c292f5a83c460018409d8ecb48c41a0a6a99f85339baf4
profile-photos.hackerone-user-content.com/variants/tnqlkt8d6fcch8hj8brdjp8nw864/ 5 KB
5 KB 71ms
14ms Image
image/png 2600:9000:214f:6000:4:4c7d:87c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://profile-photos.hackerone-user-content.com/variants/tnqlkt8d6fcch8hj8brdjp8nw864/866ee71cd31a762660c292f5a83c460018409d8ecb48c41a0a6a99f85339baf4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6000:4:4c7d:87c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1585b511054263eee7952b1a0a7e20ccceb3ab18d45e260b5e32fbe2fc80f0a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-version-id: cCUFS09piiCfWampNAiBtPcuWnFyBOZb
date: Wed, 18 Jan 2023 15:22:43 GMT
via: 1.1 15d3b4db3728feaae1780610a1bac86e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 1358
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 4749
last-modified: Mon, 17 Oct 2022 09:52:09 GMT
server: AmazonS3
etag: "8f97fa15b3a2c3c55ec34d1931cf00bb"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: TvcDSFcXphcKb66Gyy3aRw99Tfc607__pzLS5bgyBcrvCcFVcP32HA==

POST
H2 200 graphql Show response
hackerone.com/ 751 B
962 B 279ms
279ms Fetch
application/json 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec230bec5a60695cfd2f3e7ab4b977916ed265f325834b7b536afc49a24a51df

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: 9dcUV43mdOla43Q9cP7hASEPGoMCWddc1zKOuPB79+EJagDd1QZ1jpsTfCKCJu7ECR5VH1rBq4tlPIlgg20GvA==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1784645

Response headers

date: Wed, 18 Jan 2023 15:45:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: 4514d792-d01a-47b0-a4c3-35b710ce0668
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"ec230bec5a60695cfd2f3e7ab4b97791"
x-download-options: noopen
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
expect-ct: enforce, max-age=86400
cache-control: no-store
cf-ray: 78b8750788fa5b32-FRA

GET
H/1.1 200
OK d2d640aacb6962bf73e03f60a5edac1c4341ce3bb32c7b8eeb328ea1d823d386
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/cigt04211r63wlfreuzbimb8bbhp/ 6 KB
7 KB 199ms
199ms Image
image/jpeg 52.92.251.58
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/cigt04211r63wlfreuzbimb8bbhp/d2d640aacb6962bf73e03f60a5edac1c4341ce3bb32c7b8eeb328ea1d823d386?response-content-disposition=inline%3B%20filename%3D%22242508801_223904489772489_2500269837231520868_n.jpeg%22%3B%20filename%2A%3DUTF-8%27%27242508801_223904489772489_2500269837231520868_n.jpeg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ5U3J4DVA%2F20230118%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20230118T154519Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJGMEQCIFJ7bitK8vgaVPjFCz4Aoi30R7OVdlkSCV6DLypgYp1NAiAPtl7Yr%2BsScMsgWhcZFNnFyt8Xke9vBCKGAK8c6EhZlCrMBAhfEAMaDDAxMzYxOTI3NDg0OSIM8FG%2ByU9yOD8X4v4TKqkEJvCF%2BiWB692g4UGWYB5nRpzu%2FKES82LG5dqnknADshsn5SOWuxEv5bvji9KXHD5OcA7tzTYbe9aoixVHuZog6KO%2Bq0MBs2HMpisXy6o%2BLSnRrF7%2B5ZjgyyAE1DQB8sDQ1Yeu72KnUiRjfQsdBT4fey8Q6e6F1XbUHqMe81qDSYSh83kbpeMnoKbneMNkHj5Toq7igdglWyq%2BKBY%2BwHRaZWaS4Lj7E6iU10p9oSILjFOWzP3Y6JpBvRFKXpnnYNES6G3YY94IP2U64YsajWfz59dDn6oYSY9ILBlN8k4LOYJ54OWKs%2Fs0ZfLZGTIA2El2el3uvFn0RXbVm4Hltk%2FqSmPnAo6lHX%2BuL8tJtXoMBurzG6dDtGP5j7OjNhZnNVdZoJMzKWgyGmpEWaTS5rk3e5jzN0F7lRr%2B6yf9UCjHSjT86IV3s4m50vRQS0FNSdJP8oT6uiW%2B2HCCTbTPTUnl2Nb%2B7IIwx0KrwVTaS%2BxQSnDUebnsWI1qe7QE%2BRquf6dFkIvY%2BSlkPC2ZRHZsUl88rNehbZC9a6ZRv8ZPu3INdsJv3kEcnX49e2e0gFNMturlxrJ%2BfaboWvXUb1VD3tWh9riSvZd9Sx4Ave2X2Jynf4FtA0h41%2BcghJ4zw5GSl05Ns9Vu9fQ%2FMkxO1KXANtUA6VaEGR20emCEcICG5oTJ2cZVsilLzsmPpbdmuCUu%2B5kNml5UBZoPfEM2rTvi2OcdiaTK%2BL8N4dFakTDv%2FJ%2BeBjqqAWWwXIly1uTthTrDIy%2BORtkTORSLXmT22C7nX3hJqyD1yByh%2BIB7ZuP4VMSNSlzr9zi9SA9DaL2kkfsXg9bz%2B3ZOGzvF4PWoohG91kr%2BHLsiPukZ9%2BIjFgsaXtnX3dUG%2BbIubqkDNlJVrZ3ILOxKBTNgVMqyokRo2ZqedV7ukZGlxhaYPO7Z4ye1s8S88RRAEWeNeCCoTT6P1dvdaJTGJmpW5vzezfNl%2FhdD&X-Amz-SignedHeaders=host&X-Amz-Signature=762b1ba600b888b6be5be446bebbbf1f996b3b6a570713223f7996115d69d8e9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.92.251.58 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 26371101f650373eebbbbd7f29bb11e044e6a7287fa830266c841755c6f563cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Wed, 18 Jan 2023 15:45:21 GMT
x-amz-version-id: nE4aLlhrisZ8qZyPuh8IHvNMscLrQLhI
Last-Modified: Wed, 07 Sep 2022 10:13:45 GMT
Server: AmazonS3
x-amz-request-id: 77NYYN2AXTP767GZ
ETag: "cc7659e549dacfd3e0ff5c8048469bc6"
x-amz-server-side-encryption: AES256
Content-Type: image/jpeg
Cache-Control: private, no-cache, no-store, must-revalidate
x-amz-replication-status: COMPLETED
Content-Disposition: inline; filename="242508801_223904489772489_2500269837231520868_n.jpeg"; filename*=UTF-8''242508801_223904489772489_2500269837231520868_n.jpeg
Accept-Ranges: bytes
Content-Length: 6585
x-amz-id-2: G66AQX7jls4dz+qCFPWP92awsjJSgAEmQkpl8xGUyqBk3q5JSO0GZFyYH0O/kAOqvIVkphHojQo=

POST
H2 200 graphql Show response
hackerone.com/ 337 B
2 KB 630ms
629ms Fetch
application/json 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.778b489d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c1a6cbd033d61818f0cc59981933cf727a7a6dd910629e4e8814d41107e906b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: 9dcUV43mdOla43Q9cP7hASEPGoMCWddc1zKOuPB79+EJagDd1QZ1jpsTfCKCJu7ECR5VH1rBq4tlPIlgg20GvA==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1784645

Response headers

date: Wed, 18 Jan 2023 15:45:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: 27bda7f4-b7ba-4974-8358-9713a3df32fa
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3c1a6cbd033d61818f0cc59981933cf7"
x-download-options: noopen
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
expect-ct: enforce, max-age=86400
cache-control: no-store
cf-ray: 78b875096b395b32-FRA

POST graphql
hackerone.com/ 0
0

GET
H2 200 open-sans-regular.6c643d985ed34dc1dc2c.woff2
hackerone.com/assets/static/media/ 9 KB
10 KB 37ms
37ms Font
application/font-woff2 2606:4700::6810:6334
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/open-sans-regular.6c643d985ed34dc1dc2c.woff2

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.663e9ed9.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b54fd3af961105296e2ede9650bddb03df20fb051372d3c239ac01c31ec84d38

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/css/main.663e9ed9.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 15:45:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1789610
content-length: 9196
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 22 Dec 2022 20:30:43 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/font-woff2
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 78b875097b4b5b32-FRA
expires: Sat, 18 Feb 2023 15:45:20 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hackerone.com
URL: https://hackerone.com/reports/1784645/participants

Domain: hackerone.com
URL: https://hackerone.com/graphql

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
hackerone.com/	1970-01-20 17:46:32	Name: h1_device_id Value: 4c6451b3-2359-4c1f-b57c-b61a7c58db99
hackerone.com/	1970-01-20 09:00:57	Name: _dd_s Value: rum=0&expire=1674057618171
.hackerone.com/	1970-01-20 17:46:32	Name: AMP_MKTG_b7cba2c14c Value: JTdCJTdE
.hackerone.com/	1970-01-20 17:46:32	Name: AMP_b7cba2c14c Value: JTdCJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJkZXZpY2VJZCUyMiUzQSUyMmRiODkyZDE4LTAzOTYtNGE1Yy04MWJhLTcyMDIzOTMyNTIwMCUyMiUyQyUyMmxhc3RFdmVudFRpbWUlMjIlM0ExNjc0MDU2NzE5NDAxJTJDJTIyc2Vzc2lvbklkJTIyJTNBMTY3NDA1NjcxNzUwOSU3RA==
hackerone.com/	1970-01-20 09:21:06	Name: __Host-session Value: cWt0VEY3OVhabXI4SUFVbE9wVTYxNTZ3Uk1YbFA5M2QvdW55aE1QT3BEUlhvQ2o1U29JZnUrR3M5Vkp0YTRGQkxTcUVvSkdpaFpiZmx5RDFLbXMzSHA5RHpybGlVeC9wUDFQa2kzcGhWQ01PaGNZa1lFajlFYVZCVW93V014R1FBWnhVOVpYMGc0OFhKdzNCMWk0VlBneEpKMzdZTFlJR3FCNEhyWE9ET3huU1NzRXFZU3h2NWZ4ZnB5T0MweThxc2o1Wmk5Ym92b1RwT2FvUTROM1lsdVp3RTZOTmwyOGFybXRHWVJSY2d0dkVOSVR2K1QrWGYvek8vTmQvWFY4OHg3dEFvNVhXanNMcTRYRlh0OWNKQTMxRzRHOWNhRWo4dHczcW55b04vMFk9LS1XNU5aTUJZemk0TjZ4aXUzSS9YVmd3PT0%3D--dbd7b5507b694822078973f5bea4de7be28f7500

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com q.stripe.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com 'nonce-B1oa+E5Fy4xNV8ENgwfSp3vmkMQfutD3PfdTzM9e0B8=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

errors.hackerone.net
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
hackerone.com
profile-photos.hackerone-user-content.com
hackerone.com
2600:9000:214f:6000:4:4c7d:87c0:93a1
2606:4700::6810:6334
2606:4700::6811:eb35
52.92.251.58
04894805d0630a46396af914316ae2da4afe504707d42f38c9c2f4e4dd5bd7db
112f1250845793e059e921359e1acb2f4f8fe523ee5922cee2b3d1c11a5cd92e
1585b511054263eee7952b1a0a7e20ccceb3ab18d45e260b5e32fbe2fc80f0a2
1628118957d7a2a45f78ca1e22852070e2e89bded736f19ecdf2400ee3818057
1858984bd0041e7013109298629cbba60b3ff6b12258cfd60572fbf77e713f84
1febee51defc0145669117eae46e891ca4e3e4b9836cfe494c822062d300fa2b
2200e97687727c380b7c6b27ded47d3ca3ead752fa8f2ec592dab15bb116ec45
26371101f650373eebbbbd7f29bb11e044e6a7287fa830266c841755c6f563cf
29184e7e7ab81e3a3a03b7878c141d52a2102e6c8fb28525037f97e3e4005ad0
36187916bcf2c2c53d9ea7d03eef30aa6e67c12b2c8a47b0051d2c231d7f524e
3c1a6cbd033d61818f0cc59981933cf727a7a6dd910629e4e8814d41107e906b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
447f89ebd0d856515058930185bfe0eb54716368f39d2be50bde10bb296e8e89
58b6f291fd9b452cac840b8fd58ad5acb090e117929fd3a1cf83a3e7b59777a9
591fa81a8939778c37eee1f3e5e781e648aa88024a3e6b8cb45410c68b13894c
66473ca930a07fb9591f7cefa837710bfc2b26d62fb22d28ed04486eab6715d2
66a1750b4eaba9bc9006423272119330f9391be376bbf1dbc8c57e3ca0ad8cc6
77a39b17916dc620e07d86cc1fef024e93f607ca39e4a2ee957755648c5ee80c
78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527
7f5ab1c0873416012a02bf62b119978c922dcec241b60eeeda727559e536b7dd
815b69b828e2756ab81ee652d5a7179399f5f845ee5cf662a68257020e5764c3
83fb02e253908221d755009f6dbf68d57799d5659a446f735ab4ff12060402ed
90800ce12f7d00bc8e0d0512c32ef725e3be2547ac7a721d90ca1ed9ef1f25b6
93102c54e14f85b42e97b24077e6cd2fc83d9be4b7a659bece4568d7af47863c
abf812db4242d3e4f93c1de48dfa58dec2fc39b9611ccf8ac34549ff78f89856
ac29c7c90220cf0e4ac4bcf95ffb5249c9d075ac3c97e2e29f80926ff400863b
b54fd3af961105296e2ede9650bddb03df20fb051372d3c239ac01c31ec84d38
bf9c1ff640acc8bb5441a9b564360943f9db90969742aa33a36329b2828d2759
d04d9b6203e0a41075d3283ef1ba7e4786bd6964d0b6006f6fbfad2aefbecb99
d8e25b85ff15f43278a50c84a430c9d63ba1beffffec027d69e2fa85a84f8b34
dfccf14522ea5aa896b8759d046721eaefe6b9f7a65139d0b132759b0a37053b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c3c40881b7a267c7cb00ed04217e4c31d4bd16d1eaa14cb6f2bcbed4ac9b18
ec230bec5a60695cfd2f3e7ab4b977916ed265f325834b7b536afc49a24a51df
eeb24c4382dba20a6d9eff60ad8bf5758746733234d8c3f9f90cff08892e3c20
f2a92438ec4c28caeabe39ef682e198e987d9b768ec074d266640977211298b3

hackerone.com Open in urlscan Pro 2606:4700::6810:6334 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

39 Requests

95 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

5 IPs

1 Countries

2014 kBTransfer

6509 kBSize

5 Cookies

59 Outgoing links

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

hackerone.com Open in urlscan Pro
2606:4700::6810:6334 Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

95 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

2014 kB
Transfer

6509 kB
Size

5
Cookies

39 HTTP transactions
1 data transactions