urlscan.io logo urlscan.io
SecurityTrails logo

owasp.org Open in urlscan Pro
2606:4700:10::ac43:a27  Public Scan

Go To Rescan Add Verdict Report
URL: https://owasp.org/www-project-juice-shop/
Submission: On March 03 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 2 countries across 11 domains to perform 79 HTTP transactions. The main IP is 2606:4700:10::ac43:a27, located in United States and belongs to CLOUDFLARENET, US. The main domain is owasp.org. The Cisco Umbrella rank of the primary domain is 172667.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 5th 2021. Valid for: a year.
This is the only time owasp.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
31 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:50c0:800... 54113 (FASTLY)
14 2606:50c0:800... 54113 (FASTLY)
2 21 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a04:4e42:200... 54113 (FASTLY)
1 18.66.112.62 16509 (AMAZON-02)
1 76.76.21.61 16509 (AMAZON-02)
1 18.66.112.25 16509 (AMAZON-02)
5 18.66.97.82 16509 (AMAZON-02)
1 2 140.82.121.6 36459 (GITHUB)
2 18.66.104.52 16509 (AMAZON-02)
1 18.66.112.70 16509 (AMAZON-02)
79 14
31    2606:4700:10::ac43:a27 (United States)

ASN13335 (CLOUDFLARENET, US)
owasp.org
1    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2606:50c0:8003::153 (United States)

ASN54113 (FASTLY, US)
buttons.github.io
14    2606:50c0:8001::154 (United States)

ASN54113 (FASTLY, US)
raw.githubusercontent.com
21    2606:4700:3037::6815:282 (United States)

ASN13335 (CLOUDFLARENET, US)
img.shields.io
1    2a04:4e42:200::437 (United States)

ASN54113 (FASTLY, US)
bestpractices.coreinfrastructure.org
1    18.66.112.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-62.fra56.r.cloudfront.net
d322cqt584bo4o.cloudfront.net
1    76.76.21.61 (United States)

ASN16509 (AMAZON-02, US)
github-readme-stats.vercel.app
1    18.66.112.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-25.fra56.r.cloudfront.net
w.soundcloud.com
5    18.66.97.82 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-82.fra56.r.cloudfront.net
widget.sndcdn.com
2    140.82.121.6 (United States)

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-6-fra.github.com
api.github.com
2    18.66.104.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-104-52.fra56.r.cloudfront.net
api-widget.soundcloud.com
1    18.66.112.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-70.fra56.r.cloudfront.net
wave.sndcdn.com
Apex Domain
Subdomains		 Transfer
31 owasp.org
owasp.org — Cisco Umbrella Rank: 172667
719 KB
21 shields.io
img.shields.io — Cisco Umbrella Rank: 45562
17 KB
14 githubusercontent.com
raw.githubusercontent.com — Cisco Umbrella Rank: 4700
1 MB
6 sndcdn.com
widget.sndcdn.com — Cisco Umbrella Rank: 29611
wave.sndcdn.com — Cisco Umbrella Rank: 15073
379 KB
3 soundcloud.com
w.soundcloud.com — Cisco Umbrella Rank: 15291
api-widget.soundcloud.com — Cisco Umbrella Rank: 24720
5 KB
2 github.com
api.github.com — Cisco Umbrella Rank: 5809
4 KB
1 vercel.app
github-readme-stats.vercel.app — Cisco Umbrella Rank: 150706
2 KB
1 cloudfront.net
d322cqt584bo4o.cloudfront.net
1 KB
1 coreinfrastructure.org
bestpractices.coreinfrastructure.org
2 KB
1 github.io
buttons.github.io — Cisco Umbrella Rank: 64973
7 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
20 KB
79 11
Domain Requested by
31 owasp.org owasp.org
21 img.shields.io 2 redirects owasp.org
14 raw.githubusercontent.com owasp.org
5 widget.sndcdn.com w.soundcloud.com
widget.sndcdn.com
2 api-widget.soundcloud.com widget.sndcdn.com
2 api.github.com 1 redirects owasp.org
1 wave.sndcdn.com widget.sndcdn.com
1 w.soundcloud.com owasp.org
1 github-readme-stats.vercel.app owasp.org
1 d322cqt584bo4o.cloudfront.net owasp.org
1 bestpractices.coreinfrastructure.org owasp.org
1 buttons.github.io owasp.org
1 www.google-analytics.com owasp.org
79 13
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-05 -
2022-07-04		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
www.github.com
DigiCert SHA2 High Assurance Server CA		 2020-05-06 -
2022-04-14		 2 years crt.sh
bestpractices.coreinfrastructure.org
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-12-24 -
2023-01-25		 a year crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
*.vercel.app
R3		 2022-03-03 -
2022-06-01		 3 months crt.sh
*.soundcloud.com
GlobalSign GCC R3 DV TLS CA 2020		 2022-01-18 -
2023-02-19		 a year crt.sh
*.sndcdn.com
GlobalSign GCC R3 DV TLS CA 2020		 2022-01-17 -
2023-02-18		 a year crt.sh

This page contains 2 frames:

Primary Page: https://owasp.org/www-project-juice-shop/
Frame ID: 3D250D5E22CFB7BD587EBDEE4378BE18
Requests: 71 HTTP requests in this frame

Frame: https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/771984076&color=%23ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true
Frame ID: 6F2B8F5FD4A35A3B278D23DD680E3397
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Juice Shop - Insecure Web Application for Training | OWASP

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

79
Requests

96 %
HTTPS

46 %
IPv6

11
Domains

13
Subdomains

14
IPs

2
Countries

2679 kB
Transfer

3966 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://img.shields.io/github/release/juice-shop/juice-shop.svg HTTP 301
  • https://img.shields.io/github/v/release/juice-shop/juice-shop.svg
Request Chain 32
  • https://img.shields.io/github/release/juice-shop/juice-shop-ctf.svg HTTP 301
  • https://img.shields.io/github/v/release/juice-shop/juice-shop-ctf.svg
Request Chain 73
  • https://api.github.com/repos/bkimminich/juice-shop HTTP 301
  • https://api.github.com/repositories/24233689

79 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
owasp.org/www-project-juice-shop/ 		72 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
ea90f34a8d295f40b565e7d31612a334f9accb230f7133a1dee836432fdd12ab
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
en-GB,en;q=0.9

Response headers

date
Thu, 03 Mar 2022 17:33:45 GMT
content-type
text/html; charset=utf-8
cf-ray
6e641e733a6b7792-LHR
access-control-allow-origin
*
age
219
cache-control
max-age=600
expires
Thu, 03 Mar 2022 17:17:56 GMT
last-modified
Tue, 08 Feb 2022 22:43:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
cf-cache-status
DYNAMIC
content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
permissions-policy
geolocation=(self)
referrer-policy
same-origin
x-cache
HIT
x-cache-hits
1
x-content-type-options
nosniff
x-fastly-request-id
efd37689f3c9903d6e2a6ffd59c875679a76799c
x-frame-options
SAMEORIGIN
x-github-request-id
9176:B7EE:26F9F0A:284A8D6:6220F5EC
x-origin-processing-time
322.0000 ms
x-powered-by
RankSense/CW
x-proxy-cache
MISS
x-rs-cf-app-version
1.0.45
x-rs-changes-amount
1
x-rs-fixes-request-time
240.0000
x-served-by
cache-lcy19239-LCY
x-timer
S1646328825.273554,VS0,VE1
x-total-processing-time
562.0000 ms
server
cloudflare
content-encoding
br
y6Eaq1GuWIsvmc2nXbGNpGVEQKw.js
owasp.org/cdn-cgi/apps/head/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://owasp.org/cdn-cgi/apps/head/y6Eaq1GuWIsvmc2nXbGNpGVEQKw.js
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
944f91f9752eae2e778bc3503dc1aa2cb68bf29830d8a4b40ca0a701ee94273b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:45 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 27 Apr 2021 13:35:30 GMT
server
cloudflare
age
11066950
etag
W/"33cbe8d829f31bf17d3d459d3dd138b8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
KpNSU_4NEoJAZuvSx_SgJd9ZKrb39brI
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
6e641e792a5a7792-LHR
x-amz-request-id
YWB8GQ0JB2YM7A3G
x-amz-id-2
2Pu27RAwEbCm8SmSV3hMF1b177Pf2ITuzzvY0bcUhipR6v9v/S+/z7fFjhzkTx2+A0cwfgK6Amg=
js.cookie.js
owasp.org/www--site-theme/assets/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://owasp.org/www--site-theme/assets/js/js.cookie.js
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
357c0ad66cf329f64d356786a5dd19700f8b4498b283db0922e374e68e544298
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
content-encoding
br
age
61
x-served-by
cache-lcy19253-LCY
referrer-policy
same-origin
x-github-request-id
2C20:39D4:593015:5B811E:62200082
x-timer
S1646264756.495131,VS0,VE1
x-frame-options
SAMEORIGIN
etag
W/"621ffbcc-fce"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
ee3eb42e9d56caa2fe6f7b0a8fbdc544179385de
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
HIT
server
cloudflare
last-modified
Wed, 02 Mar 2022 23:20:44 GMT
x-rs-changes-amount
url_is_excluded
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 16:58:46 GMT
permissions-policy
geolocation=(self)
cf-ray
6e641e792a627792-LHR
x-origin-processing-time
10.0000
x-proxy-cache
MISS
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
5333
date
Thu, 03 Mar 2022 16:04:52 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 03 Mar 2022 18:04:52 GMT
styles.css
owasp.org/www--site-theme/assets/css/ 		127 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://owasp.org/www--site-theme/assets/css/styles.css
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
5b741fe5f6080e1593a351a04b8f376296497f31d0cc30fb42b4f1b12f308341
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
content-encoding
br
age
61
x-origin-cache
HIT
x-served-by
cache-lcy19282-LCY
referrer-policy
same-origin
cf-bgj
minify
x-github-request-id
7068:ED37:228D869:23DD226:62200082
x-timer
S1646264756.487402,VS0,VE1
x-frame-options
SAMEORIGIN
etag
W/"621ffbd4-1fd7b"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
344822e0da1f8c181d3987c1f7dbae69f0593132
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
HIT
x-rs-changes-amount
url_is_excluded
last-modified
Wed, 02 Mar 2022 23:20:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 16:58:46 GMT
cf-polished
origSize=130427
permissions-policy
geolocation=(self)
cf-ray
6e641e792a5c7792-LHR
x-origin-processing-time
12.0000
x-proxy-cache
MISS
jquery-3.4.1.min.js
owasp.org/www--site-theme/assets/js/ 		86 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://owasp.org/www--site-theme/assets/js/jquery-3.4.1.min.js
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
content-encoding
br
age
61
x-origin-cache
HIT
x-served-by
cache-lcy19245-LCY
referrer-policy
same-origin
x-github-request-id
6E4C:39D3:29D8CF:2B88FB:62200082
x-timer
S1646264756.486260,VS0,VE1
x-frame-options
SAMEORIGIN
etag
W/"621ffbcc-15851"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
bc3761882dc425f851763c6d58e6b2a7a517f140
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
HIT
server
cloudflare
last-modified
Wed, 02 Mar 2022 23:20:44 GMT
x-rs-changes-amount
url_is_excluded
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 16:58:46 GMT
permissions-policy
geolocation=(self)
cf-ray
6e641e792a667792-LHR
x-origin-processing-time
9.0000
x-proxy-cache
MISS
util.js
owasp.org/www--site-theme/assets/js/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://owasp.org/www--site-theme/assets/js/util.js
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
cbe2121765e2f3e921a42bcb9b0c78635b68cee1dccd1b1ec31089b9382ff514
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
content-encoding
br
age
61
x-origin-cache
HIT
x-served-by
cache-lcy19227-LCY
referrer-policy
same-origin
x-github-request-id
F9D6:E6FA:DCA499:E95DF9:62200082
x-timer
S1646264756.484812,VS0,VE1
x-frame-options
SAMEORIGIN
etag
W/"621ffbcc-89b"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
ac4b230fd61b3cced74addc2466418f334113c9f
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
HIT
server
cloudflare
last-modified
Wed, 02 Mar 2022 23:20:44 GMT
x-rs-changes-amount
url_is_excluded
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 16:58:46 GMT
permissions-policy
geolocation=(self)
cf-ray
6e641e792a687792-LHR
x-origin-processing-time
6.0000
x-proxy-cache
MISS
yaml.min.js
owasp.org/www--site-theme/assets/js/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://owasp.org/www--site-theme/assets/js/yaml.min.js
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
b8ccdf0e45f181fc04f0d202779fff71aa76f27f0428a792e0e6f13fe1d0b085
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
content-encoding
br
age
61
x-origin-cache
HIT
x-served-by
cache-lcy19224-LCY
referrer-policy
same-origin
x-github-request-id
FF8C:3B12:224F7C4:23964A0:62200082
x-timer
S1646264756.488224,VS0,VE1
x-frame-options
SAMEORIGIN
etag
W/"621ffbcc-a944"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
5c6dae9b52c20d76be340ee95c1bc990ed839b2b
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
HIT
server
cloudflare
last-modified
Wed, 02 Mar 2022 23:20:44 GMT
x-rs-changes-amount
url_is_excluded
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 16:58:46 GMT
permissions-policy
geolocation=(self)
cf-ray
6e641e792a6a7792-LHR
x-origin-processing-time
16.0000
x-proxy-cache
MISS
luxon.min.js
owasp.org/www--site-theme/assets/js/ 		68 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://owasp.org/www--site-theme/assets/js/luxon.min.js
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
f46950820ce4e5032d2519c3b0c2a73f48b64071b5efd95b7f52d3755f69d3ce
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
content-encoding
br
age
61
x-origin-cache
HIT
x-served-by
cache-lcy19261-LCY
referrer-policy
same-origin
x-github-request-id
761E:DC2B:C4129E:CA5900:62200082
x-timer
S1646264756.486917,VS0,VE1
x-frame-options
SAMEORIGIN
etag
W/"621ffbcc-111e3"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
a89f33395785a0c882ab69546f282df628e3e3e1
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
HIT
server
cloudflare
last-modified
Wed, 02 Mar 2022 23:20:44 GMT
x-rs-changes-amount
url_is_excluded
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 16:58:46 GMT
permissions-policy
geolocation=(self)
cf-ray
6e641e792a6b7792-LHR
x-origin-processing-time
7.0000
x-proxy-cache
MISS
kjua.min.js
owasp.org/www--site-theme/assets/js/ 		28 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://owasp.org/www--site-theme/assets/js/kjua.min.js
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
53d3b023092e049484c4e39ce6f50d1b8dd10074795e66da06e1140792a91d9a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
content-encoding
br
age
61
x-origin-cache
HIT
x-served-by
cache-lcy19265-LCY
referrer-policy
same-origin
x-github-request-id
4054:246A:25E3EB5:2746B95:62200082
x-timer
S1646264756.485125,VS0,VE1
x-frame-options
SAMEORIGIN
etag
W/"621ffbcc-6f0d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
c12853797e3458ec95fdd3215a8907a7a2d3f95e
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
HIT
server
cloudflare
last-modified
Wed, 02 Mar 2022 23:20:44 GMT
x-rs-changes-amount
url_is_excluded
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 16:58:46 GMT
permissions-policy
geolocation=(self)
cf-ray
6e641e792a6c7792-LHR
x-origin-processing-time
10.0000
x-proxy-cache
MISS
buttons.js
buttons.github.io/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://buttons.github.io/buttons.js
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8003::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
92e8e487ac38e1161f0ea38f9d9176fd58b437a2b39e578613aef6dd511b4a4a

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
7789dbcc874120b8add102111732245954ff2f37
date
Thu, 03 Mar 2022 17:33:45 GMT
content-encoding
gzip
age
197
x-cache
HIT
content-length
6802
x-served-by
cache-lcy19276-LCY
access-control-allow-origin
*
last-modified
Tue, 01 Mar 2022 21:23:42 GMT
server
GitHub.com
x-github-request-id
F680:ED37:1B688DB:1C7D1F0:621E8EF9
x-timer
S1646328826.937002,VS0,VE0
etag
W/"621e8ede-4c40"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 varnish
expires
Tue, 01 Mar 2022 21:34:09 GMT
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
HIT
x-cache-hits
6
logo.png
owasp.org/assets/images/ 		11 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://owasp.org/assets/images/logo.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
8902e5836a324eae0ab281a9be7d62683e025d503ce6778cce6768fb908c1089
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age
61
x-origin-cache
HIT
x-served-by
cache-lcy19249-LCY
referrer-policy
same-origin
x-github-request-id
B838:54C8:15EF0EE:16AE369:62204FE4
x-timer
S1646284772.071363,VS0,VE98
x-frame-options
SAMEORIGIN
etag
"62204f1c-2b53"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
0
x-fastly-request-id
9786b5fcae15be897a6584cfc02ff66955efbea3
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
MISS
x-rs-changes-amount
url_is_excluded
content-length
11091
last-modified
Thu, 03 Mar 2022 05:16:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 16:58:46 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e79bba87792-LHR
x-origin-processing-time
7.0000
x-proxy-cache
HIT
JuiceShop_Logo_100px.png
raw.githubusercontent.com/juice-shop/juice-shop/develop/frontend/src/assets/public/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/juice-shop/juice-shop/develop/frontend/src/assets/public/images/JuiceShop_Logo_100px.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a7d9642ae9816f0def0e8af1463ebb7528066b2fef63768231ebb369358e50bd
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
b0cba38731a127958a45b8e55634ba47aca782bb
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding,Origin
content-length
4855
x-xss-protection
1; mode=block
x-served-by
cache-lcy19268-LCY
x-github-request-id
D374:4874:812A21:872F55:6220FB1F
x-timer
S1646328826.935512,VS0,VE1
x-frame-options
deny
date
Thu, 03 Mar 2022 17:33:45 GMT
source-age
219
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"ed5706dcb17907efb71de994ee1cb7724b82cdcd1cd5769fd626444fc97a19f6"
accept-ranges
bytes
expires
Thu, 03 Mar 2022 17:38:45 GMT
owasp-flagship%20project-48A646.svg
img.shields.io/badge/ 		1 KB
764 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/badge/owasp-flagship%20project-48A646.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc310a46fa508fb6fd7159624f1382c20de411d550c8d0d9c86c09a5492b765d

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 vegur
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5690
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 02 Mar 2022 21:13:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3oQmMdPhm3FpCjLGvRfct27gAUZgDKXlo5i5WwTq47D8qoW5LDP5F7QIKrIwghqhmRDK7VZyJagzBIiZwa7rKxdhxuNQk%2F5RM9ESbS5bhXTfyNcxqMJrUTiLwHxKND%2BQrpPp9T99Rf1oQSJAIw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=86400, s-maxage=86400
cf-ray
6e641e7a1ee9e68c-LHR
juice-shop.svg
img.shields.io/github/v/release/juice-shop/
Redirect Chain
  • https://img.shields.io/github/release/juice-shop/juice-shop.svg
  • https://img.shields.io/github/v/release/juice-shop/juice-shop.svg
1 KB
794 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/github/v/release/juice-shop/juice-shop.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b6df507c4ce2ab203d1a1a71844ef8fc3b8ee0e5f80b934ee01d76b518bf50c

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:42:55 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uw%2FtR5Y0L%2BvBjNzoVoCuC97%2Fe%2FrQtPSGSNzDSF6LvRf%2F0aHOGib1dd8is1ehTk%2FCXe%2FAnabl0jGMW%2FDdckRIvjuSO349e7EkuZPj5%2BFpCYcg%2BIfyKD1Av70YwzPJARUfCu67xzogHOuZlX1aQA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=300, s-maxage=300
cf-ray
6e641e7c594de68c-LHR
expires
Thu, 03 Mar 2022 17:38:46 GMT

Redirect headers

date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 vegur
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3052
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
last-modified
Thu, 03 Mar 2022 04:09:42 GMT
server
cloudflare
location
/github/v/release/juice-shop/juice-shop.svg
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mcZjUmU3%2F5WD8FgEujx0sWTty6GkiPreCys29qjo7eOKKa08al1AeEkBXn2XAK4dt6p2iMurgNGvrUPSwKcbHc2hWLqP2pUzziSTF5sqx%2FM2NShoK1476o5QZG87gF%2Fqcn%2FlyOh8XkFcJ4DzcA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cache-control
max-age=86400, s-maxage=86400
cf-ray
6e641e7a1eebe68c-LHR
juice-shop.svg
img.shields.io/github/stars/juice-shop/ 		1 KB
817 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/github/stars/juice-shop/juice-shop.svg?label=GitHub%20%E2%98%85&style=flat
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
edb037ab58d9d4412ace8198f35526126fdc056d9e2def75cce9fd9ab3d9dfca

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:42:56 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=twus6G%2FLlahiQO01QbO7cXDyQu3ii2rE%2FGNTv1CfFJAhrWicF4UjpuKlt%2FFpXHAJoYQ2ygb0XHmnJe89ORiQrIBLqtNQSjm2Yez8YvXw4SOT%2FcGbSarFTzICLG5bAYRtYZA68zp%2FmClzDey9MQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=900, s-maxage=900
cf-ray
6e641e7a1ef0e68c-LHR
expires
Thu, 03 Mar 2022 17:48:46 GMT
owasp_juiceshop.svg
img.shields.io/twitter/follow/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/twitter/follow/owasp_juiceshop.svg?style=social&label=Follow
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e773295de0ad1aac6f56ca19c84e6cdbc98fb73b12179a2b4e73adae19edb4a

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:42:56 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2Bs2G0K7OvzCcko6uYwPUpivnkft2bLcccX4V5nI%2FyLDpjTjRUpsQITqefrGJDxf82JuK%2F%2Bw7%2Bg%2F1u2fWg9RwCpCXj22B4MoYzFeCA8QyxPXyp3hDC3KM2hcP%2BwVGRjMt0anObtXDU%2BqP3au%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=900, s-maxage=900
cf-ray
6e641e7a1eeee68c-LHR
expires
Thu, 03 Mar 2022 17:48:46 GMT
badge
bestpractices.coreinfrastructure.org/projects/223/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bestpractices.coreinfrastructure.org/projects/223/badge
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::437 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cowboy /
Resource Hash
636244a8f654578aecfb04e72007ded4163696a4f4bc230bcbad0fd0040f7934
Security Headers
Name Value
Content-Security-Policy default-src 'self' bestpractices.coreinfrastructure.org.global.ssl.fastly.net; base-uri 'self'; block-all-mixed-content; form-action 'self'; frame-ancestors 'none'; img-src secure.gravatar.com avatars.githubusercontent.com 'self'; object-src 'none'; script-src 'self' bestpractices.coreinfrastructure.org.global.ssl.fastly.net; style-src 'self' bestpractices.coreinfrastructure.org.global.ssl.fastly.net
Strict-Transport-Security max-age=631139040; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=631139040; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-cache
MISS
content-transfer-encoding
binary
content-disposition
inline
x-xss-protection
1; mode=block
x-request-id
17df81d2-b4c9-4c4f-b2c8-25545df13327
x-served-by
cache-lhr7359-LHR
x-runtime
0.008443
referrer-policy
no-referrer-when-downgrade
server
Cowboy
x-timer
S1646328826.960295,VS0,VE254
x-frame-options
DENY
etag
W/"b56270e1a3a3a4115d42270d8f2d0259"
x-download-options
noopen
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 vegur, 1.1 varnish
cache-control
no-cache
feature-policy
fullscreen 'none'; geolocation 'none'; midi 'none';notifications 'none'; push 'none'; sync-xhr 'none'; microphone 'none';camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none';vibrate 'none'; payment 'none'
permissions-policy
fullscreen=(), geolocation=(), midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), payment=()
content-security-policy
default-src 'self' bestpractices.coreinfrastructure.org.global.ssl.fastly.net; base-uri 'self'; block-all-mixed-content; form-action 'self'; frame-ancestors 'none'; img-src secure.gravatar.com avatars.githubusercontent.com 'self'; object-src 'none'; script-src 'self' bestpractices.coreinfrastructure.org.global.ssl.fastly.net; style-src 'self' bestpractices.coreinfrastructure.org.global.ssl.fastly.net
accept-ranges
bytes
date
Thu, 03 Mar 2022 17:33:46 GMT
x-cache-hits
0
Contributor%20Covenant-v2.0%20adopted-ff69b4.svg
img.shields.io/badge/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/badge/Contributor%20Covenant-v2.0%20adopted-ff69b4.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d218d047f825d6b811221206e8b57d002956a6d95c6339059571d8ee0ae96b4

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 vegur
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3044
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 02 Mar 2022 21:13:18 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9wqm1brAfYPelb0K%2BkvYrpROSx33CgRmkTTMMv2Jl6ClHC3ZB48ED6GAq5OWZppTu5GnqkJdB9iaBUZwx%2B948XWJgEJKOzF7WSWj4n%2BRxXmgGiANkKyGZuzn%2FgZy2UmmZKrGIzuZ42cdYsdJkw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=86400, s-maxage=86400
cf-ray
6e641e7a1eefe68c-LHR
slideshow.gif
raw.githubusercontent.com/juice-shop/juice-shop/master/screenshots/ 		969 KB
969 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/juice-shop/juice-shop/master/screenshots/slideshow.gif
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b19970fdc88fb7160e02e6f1694d91aba893dfac58f6d4d08c7ba19f0d06bf7e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
74fb3d4ec9471984cf13102e1f8ca43abc0932b1
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding,Origin
content-length
992025
x-xss-protection
1; mode=block
x-served-by
cache-lcy19268-LCY
x-github-request-id
0D00:6757:3CA85:40D40:6220FB1F
x-timer
S1646328826.935534,VS0,VE2
x-frame-options
deny
date
Thu, 03 Mar 2022 17:33:45 GMT
source-age
219
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"268238151421451d4ae55f25801045387abfefc4307fea7329695a8ed38144cb"
accept-ranges
bytes
expires
Thu, 03 Mar 2022 17:38:45 GMT
juice-shop.svg
img.shields.io/github/contributors/juice-shop/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/github/contributors/juice-shop/juice-shop.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6349d6299bfa63e312cd8be81ac0245c79953d348f9a3f96c532db94a984f784

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:43:04 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=36HWRm6qYOtWlD9kpUBtvRQR%2BJzwqtwAgA%2BumNBq60zz6XTNLB2r9eMk1LxXvRM45REyWZSRJuyBFu1017u705sXfSw5K%2B5evciwYV7WiqMsI3SceEqTOrlphBXgAlRQw%2F0VjpvB8tjyPmynkg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=120, s-maxage=120
cf-ray
6e641e7a1ee8e68c-LHR
expires
Thu, 03 Mar 2022 17:35:46 GMT
localized.svg
d322cqt584bo4o.cloudfront.net/owasp-juice-shop/ 		873 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d322cqt584bo4o.cloudfront.net/owasp-juice-shop/localized.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-62.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fc483e25f7ddb38cacc6deb9b26066ca39cc66e6cc99440c6ca2d7d32b0edbcf

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Thu, 03 Mar 2022 16:43:01 GMT
via
1.1 91dc0292eef4e22508a3ae73fe64bbf4.cloudfront.net (CloudFront)
last-modified
Wed, 23 Feb 2022 23:56:18 GMT
server
AmazonS3
age
3045
etag
"1af7e4e63dc0751b414a3402261b4e3f"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
no-cache
x-amz-cf-pop
FRA56-P5
accept-ranges
bytes
content-length
873
x-amz-cf-id
Txi3JVdZfZ9pzHFVpIdfz5Osku08-Kk0p6zOmRBghJ_DxCCSmNJyJA==
juice-shop.svg
img.shields.io/github/license/juice-shop/ 		1 KB
827 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/github/license/juice-shop/juice-shop.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9f19892f5a7c76c5eb8e265e47cf113386656ed84653b9415fb5c888fd49bda

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 vegur
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3034
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:43:11 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Giz0heGM8AEAGloydqrqMIoNTabxzJQoBYtdBRihSjlDp3O50M6cNduZKVDzBHc38flqQA5Hxm9KTd0FDvwjrwF1HFA8VcXVNYSD5pRtNhBGqjqD1Np8QbM0U%2FiObUAy%2BNbNRU8KInW69KI%2FNA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=3600, s-maxage=3600
cf-ray
6e641e7a1ef6e68c-LHR
expires
Thu, 03 Mar 2022 17:43:11 GMT
screenshot01.png
raw.githubusercontent.com/juice-shop/juice-shop/master/screenshots/ 		61 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/juice-shop/juice-shop/master/screenshots/screenshot01.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c81c42fe103f43e11f4d343d30d85adef6ccc6dc5352a46b5d64641531e25939
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
744a86e6d337d9ad3a117a477deba367c4a3aebc
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding,Origin
content-length
62185
x-xss-protection
1; mode=block
x-served-by
cache-lcy19268-LCY
x-github-request-id
DFEE:3B0F:4B48EC:51705D:6220FB1F
x-timer
S1646328826.935674,VS0,VE1
x-frame-options
deny
date
Thu, 03 Mar 2022 17:33:45 GMT
source-age
218
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"8bfac04543cfa690fdf3b6a431fc78603bcf04b0b5f6e1107eef17ad51a3adf5"
accept-ranges
bytes
expires
Thu, 03 Mar 2022 17:38:45 GMT
screenshot02.png
raw.githubusercontent.com/juice-shop/juice-shop/master/screenshots/ 		47 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/juice-shop/juice-shop/master/screenshots/screenshot02.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8e9bc4deb24a8f148277f92ec5ab80871f63242c986c9161c823214467d4f245
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
6eb0641554d8e64a0d829ece48ece00c57e740ca
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding,Origin
content-length
48349
x-xss-protection
1; mode=block
x-served-by
cache-lcy19268-LCY
x-github-request-id
6AC4:2FAD:101E0D:10BDEF:6220FB1F
x-timer
S1646328826.935610,VS0,VE1
x-frame-options
deny
date
Thu, 03 Mar 2022 17:33:45 GMT
source-age
219
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"982a55a3c28292a66f7664b16bc243935b65b5668c4e60a1bbd10076e71bb52b"
accept-ranges
bytes
expires
Thu, 03 Mar 2022 17:38:45 GMT
screenshot03.png
raw.githubusercontent.com/juice-shop/juice-shop/master/screenshots/ 		89 KB
90 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/juice-shop/juice-shop/master/screenshots/screenshot03.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
16f450193c0072f891a4f92b69ad176816cd648ae2a5d20b60a2079e23e8e43a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
37a99405c97d954bf8c2fe77f929f20bcd516822
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding,Origin
content-length
91469
x-xss-protection
1; mode=block
x-served-by
cache-lcy19268-LCY
x-github-request-id
C710:92B5:3A1CDA:3C830F:6220FB1F
x-timer
S1646328826.935835,VS0,VE1
x-frame-options
deny
date
Thu, 03 Mar 2022 17:33:45 GMT
source-age
219
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"a44c6b8665e912b4e45096c39a0f319d12b51da8fe8f90541738ea4275bc8f8b"
accept-ranges
bytes
expires
Thu, 03 Mar 2022 17:38:45 GMT
screenshot04.png
raw.githubusercontent.com/juice-shop/juice-shop/master/screenshots/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/juice-shop/juice-shop/master/screenshots/screenshot04.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
25a6262336d4cb1b39ad8a7e8e46ecdd1040e45abac638bf53125db8719f7987
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
e7430e57a21928e9ffcb4115a5a59f692419fc7a
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding,Origin
content-length
34631
x-xss-protection
1; mode=block
x-served-by
cache-lcy19268-LCY
x-github-request-id
25FC:6A15:A44FD0:ACD90F:6220FB1F
x-timer
S1646328826.935764,VS0,VE1
x-frame-options
deny
date
Thu, 03 Mar 2022 17:33:45 GMT
source-age
219
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"1b21c649bfebedccfc34ff3603e9e0c055b2b3d9b199df3b4d333acb19075ee0"
accept-ranges
bytes
expires
Thu, 03 Mar 2022 17:38:45 GMT
screenshot05.png
raw.githubusercontent.com/juice-shop/juice-shop/master/screenshots/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/juice-shop/juice-shop/master/screenshots/screenshot05.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9cd1cdfec61227c4fea75531e4c6d253c228c13090efb9bcdecd4e6a1bbd596a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
a943bee037c74194fcb1e7bf3561e8fd5171866d
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding,Origin
content-length
13487
x-xss-protection
1; mode=block
x-served-by
cache-lcy19268-LCY
x-github-request-id
88A0:B90A:20B5131:22A4598:6220FB1F
x-timer
S1646328826.937347,VS0,VE1
x-frame-options
deny
date
Thu, 03 Mar 2022 17:33:45 GMT
source-age
219
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"7d4ed463aff37cf3e76a3a58eb6da1db014e49f0c3c457d8e570c689eab3e971"
accept-ranges
bytes
expires
Thu, 03 Mar 2022 17:38:45 GMT
architecture-diagram.png
raw.githubusercontent.com/bkimminich/pwning-juice-shop/master/introduction/img/ 		61 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/bkimminich/pwning-juice-shop/master/introduction/img/architecture-diagram.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7cc3dacfecfa45917f584e9667157a4724645544a022e57a9c281fb5b9c03d39
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
dea03e646a8e0aaa9a7dd6218d1c3c21f8eec732
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding,Origin
content-length
62011
x-xss-protection
1; mode=block
x-served-by
cache-lcy19268-LCY
x-github-request-id
5F50:5602:3F8551:4F60EC:6220FB1F
x-timer
S1646328826.937382,VS0,VE1
x-frame-options
deny
date
Thu, 03 Mar 2022 17:33:45 GMT
source-age
218
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"053fd4d248f970d58eccdc8e39c338ac4a36ab76dbc496d6e79bf47f91095e4b"
accept-ranges
bytes
expires
Thu, 03 Mar 2022 17:38:45 GMT
total.svg
img.shields.io/github/downloads/juice-shop/juice-shop/ 		1 KB
800 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/github/downloads/juice-shop/juice-shop/total.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc1aa9b5b1a886043f4c77d8e0758ab08598faea638431e1b4102ebb495aac50

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:47 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:43:17 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m2oI%2FE6fuPs3XPD7fCdojH3xQadI4HGJVgTnBV0qHvjdMIdZoXngktMD0f13h8puFOdfw47KCI24qJdgBEH%2BiWs%2BedOK32CY0EawcyPizicQguvHKjHaX9%2BfrGmtaGR6iQu4JqotqmCgdidTLA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=900, s-maxage=900
cf-ray
6e641e7a1ef8e68c-LHR
expires
Thu, 03 Mar 2022 17:48:47 GMT
juice-shop
img.shields.io/sourceforge/dm/ 		1 KB
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/sourceforge/dm/juice-shop?label=sourceforge%20downloads
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d02830827be9a8f1b53823f8056b9891e5a0865e72b493b71ce8a92329b888f

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:43:16 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mnAApttGcrfln%2BR34WxDekLFdfMvsnQaMPQA135J4lvXPg%2F1moBchfikl4c%2FF9YXJ7GWzKqxBek1pQKzI4%2BKEbtCU1eP7HNSYOpYTxMu3C3QEouqvK1LEfponR8lK8tyHgrq70wFWAghLtpi4g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=900, s-maxage=900
cf-ray
6e641e7a3f1fe68c-LHR
expires
Thu, 03 Mar 2022 17:48:46 GMT
juice-shop
img.shields.io/sourceforge/dt/ 		1 KB
992 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/sourceforge/dt/juice-shop?label=sourceforge%20downloads
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0f7719ad9519e9bcfa1310de1fc878036e010940556d322c50bf3a2256f7fb1

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:43:16 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cwLCEgyQag2vGD6AqZSxBPQ%2FB9dmQA9f6ZL2DaoRbHiZc7nNQ9NlzUZp2%2FL9IErIRh075dELCJ2aWB%2BMFp27FOolwxBarUPUeITuz5A4h52vcYXy7%2F%2BWn43yPj0fYwLvSYxRCSSP3Iqn%2FWHsDA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=900, s-maxage=900
cf-ray
6e641e7a3f20e68c-LHR
expires
Thu, 03 Mar 2022 17:48:46 GMT
juice-shop.svg
img.shields.io/docker/pulls/bkimminich/ 		1 KB
782 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/docker/pulls/bkimminich/juice-shop.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80ec6b327841b254929cef32f86a6bc1a178cefe335bff7a6ad69895b91ab663

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:47 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:43:16 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=igtND1RhDcftNZtAEheHQQ3wZV5EHqLRKLd734J8H3mlt2Y2Rajbl0hRYFUlDaIeFyNENvi%2FgumcanP813rh65zMULCwFUZRe5KZ3mnYvzg9itpKtGjs8bebIw88xbXtv8sfHDt%2Fy7mfEUHkcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=900, s-maxage=900
cf-ray
6e641e7a3f21e68c-LHR
expires
Thu, 03 Mar 2022 17:48:47 GMT
juice-shop-ctf.svg
img.shields.io/github/v/release/juice-shop/
Redirect Chain
  • https://img.shields.io/github/release/juice-shop/juice-shop-ctf.svg
  • https://img.shields.io/github/v/release/juice-shop/juice-shop-ctf.svg
1 KB
824 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/github/v/release/juice-shop/juice-shop-ctf.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0206f4610bab33db45855c407c0816fdf36aa2ae8989cf336ae8ee903432ccd0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:43:17 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f2gCqja5dZqHQ%2F85CL1cELN%2BVWQwKeAgpau8N0R8qyZzlUc14sJAUMgiwlZxjN2nkEddW6HJqHUG6W3ubH88iLUlGVRjkbwuc3SjElmBKkoPoJ2%2BjSqo%2B5vvVxyD6JCWCfz0lb7DfyUA0DcJUg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=300, s-maxage=300
cf-ray
6e641e7c594ee68c-LHR
expires
Thu, 03 Mar 2022 17:38:46 GMT

Redirect headers

date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 vegur
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3029
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
last-modified
Thu, 03 Mar 2022 04:09:43 GMT
server
cloudflare
location
/github/v/release/juice-shop/juice-shop-ctf.svg
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xJXUqWOkeOPZCid5q9mSUl7PFqo%2FE%2BCyxV51OaWomm%2F7fNWrbgOfAslzZAwtp37nYz02nP9EA4dHC%2B05EO3ONtQSnT7P3tnvnJMv4WCIaxCy26Shggg5hINRswRlMjUX2icGiSc%2BWUhF8XKf4w%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cache-control
max-age=86400, s-maxage=86400
cf-ray
6e641e7a3f22e68c-LHR
juice-shop-ctf-cli.svg
img.shields.io/npm/dm/ 		1 KB
788 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/npm/dm/juice-shop-ctf-cli.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3ede7ea87f8d5f35e51944d7c949c90beed6964f1f4a2bf3fad25e0b76c42db

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:43:16 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rfWmg9bfg0FC8k7%2F3zYo1KVQQMiBVilBUlUGGJPVnAkO1nkpmGkdJ6zG4CuWa8bfG1GiPsKM%2Bb8jdo0Bf1HFkIe7VzjcqJ6O%2BhRuQHOxdKGP%2Bn09W%2Bgf%2F4f9p9JuVLN45cEorz9w7oR3BNAhGA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=900, s-maxage=900
cf-ray
6e641e7a3f23e68c-LHR
expires
Thu, 03 Mar 2022 17:48:46 GMT
juice-shop-ctf-cli.svg
img.shields.io/npm/dt/ 		1 KB
753 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/npm/dt/juice-shop-ctf-cli.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
771defe39ff47372ad2e7a584874b7b3d2790781e159441fb3b4aff24a965224

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:43:16 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ZYdNNFE7ab4psQcb4rMvX3YSvv4jrCCRoIAsMj1KMnJviv2Tc3qI0xYE7PhpYuORZr87h3Un8IkxRReAD3Gx1LbtQ4D8E6eDO64%2F4d4PXYYcruS7DOgXBB1%2Fc0vRNH1StvHDWWKaRegfAZkew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=900, s-maxage=900
cf-ray
6e641e7a3f24e68c-LHR
expires
Thu, 03 Mar 2022 17:48:46 GMT
juice-shop-ctf.svg
img.shields.io/docker/pulls/bkimminich/ 		1 KB
767 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/docker/pulls/bkimminich/juice-shop-ctf.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
538bc98b966eadcef058d2fcd374444f5032e9e0ac7d4f80feb126d20d132f1b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:43:16 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dxYWdHYVfwoFlgcIMsFehoN%2FI4uxMG%2Fv%2BDLmK5IXqtQ6wHdcZXJ3YDw3f0R%2B3ETN4US07TFrY7qNZbXnUCdE3AqKhzrYRNOUTO9QAk8D8w3LGBqQK93X2lYpHEMDpglvtawd9oG4zHSMSOMO4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=900, s-maxage=900
cf-ray
6e641e7a3f26e68c-LHR
expires
Thu, 03 Mar 2022 17:48:46 GMT
help%20wanted.svg
img.shields.io/github/issues/juice-shop/juice-shop/ 		1 KB
796 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/github/issues/juice-shop/juice-shop/help%20wanted.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2674594449ff930d57e5099f8dcacc967b5b0a9d5a31817bf923be2a5f8ec87

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:43:16 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f32VvS7qpwNBuxo1zT4lDOIOIzzZEy0IbOWJmdOd4mnz3OxvHNKKLc1EaeTbYzh9kKT7LIutM%2Fx8OBqqiIwOus5mhlzhhsKLWhlw6VLpxsgIm4MtmacqXlsgLBWfnTqIkAuyHX8setMi0329IQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=120, s-maxage=120
cf-ray
6e641e7a3f27e68c-LHR
expires
Thu, 03 Mar 2022 17:35:46 GMT
good%20first%20issue.svg
img.shields.io/github/issues/juice-shop/juice-shop/ 		1 KB
779 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/github/issues/juice-shop/juice-shop/good%20first%20issue.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a5668a5e988c9933325208856161d319d57be8b01ef04dc617d0346965b833a

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:43:16 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Knje0Opm%2F5Suj9euGa3Sc0cLelQ22h47lg1IbDILzHINE2TImMvWu6uXnZX85gGPhLoSa4O1UsuQp%2FTlxDLyVlULJHtegCMXxnvdvjCFOuhr8VALnZU%2FcQ6ts0AeR%2BcLizi%2FnxxgdGn78HTxbw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=120, s-maxage=120
cf-ray
6e641e7a3f2ae68c-LHR
expires
Thu, 03 Mar 2022 17:35:46 GMT
JuicyBot_MedicalMask.png
raw.githubusercontent.com/juice-shop/juice-shop/master/frontend/src/assets/public/images/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/juice-shop/juice-shop/master/frontend/src/assets/public/images/JuicyBot_MedicalMask.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3392c3768ef304e57cea0c142d21d7c7474542eac800d2ddbfd27968857f2e35
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
bae740f4a660aa9e82d3d3524db5175978586a7e
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding,Origin
content-length
5656
x-xss-protection
1; mode=block
x-served-by
cache-lcy19268-LCY
x-github-request-id
2948:A93F:D95195:E3FBDB:6220FB1F
x-timer
S1646328826.957668,VS0,VE1
x-frame-options
deny
date
Thu, 03 Mar 2022 17:33:45 GMT
source-age
219
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"3ccd25c40da4d2dd4187b7a3022d8be5fe28bd93bb3105eca8a064c7cb3a9018"
accept-ranges
bytes
expires
Thu, 03 Mar 2022 17:38:45 GMT
JuiceShopCTF_Logo_100px.png
raw.githubusercontent.com/juice-shop/juice-shop-ctf/master/images/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/juice-shop/juice-shop-ctf/master/images/JuiceShopCTF_Logo_100px.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
206a23aca30d34349ace03cfe9c94815245c78309345c3d782dd643f683e6d0d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
8aeecad180dcaf261f2797c17474e7129c4f1789
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding,Origin
content-length
9550
x-xss-protection
1; mode=block
x-served-by
cache-lcy19268-LCY
x-github-request-id
8564:E80F:E42250:FD5808:6220CDC3
x-timer
S1646328826.957795,VS0,VE1
x-frame-options
deny
date
Thu, 03 Mar 2022 17:33:45 GMT
source-age
219
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"506595360c2489d4566308a4ba04081937f35d7ce24e3cc530fb9b17c7b5f5b6"
accept-ranges
bytes
expires
Thu, 03 Mar 2022 17:38:45 GMT
juice-shop-ctf.svg
img.shields.io/github/stars/juice-shop/ 		1 KB
892 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/github/stars/juice-shop/juice-shop-ctf.svg?label=GitHub%20%E2%98%85&style=flat
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
995b565a847966d66e044eb2a349377c67eb596adfe2b095c3b67134bed84683

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 03 Mar 2022 16:43:16 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bfQSSw%2Fio%2BeP9Sks%2FlRQS%2FchwhP%2B%2FcYWC%2B7t1%2B5iVqcCQfvgyCpYmb%2B%2BwcdnRbsgtkokvm726dOW6EZ61EojjkltP%2FnqQ%2BEUSPqgTZ%2F04nzPGbfNP9HKzLBKeL43YXZG3YCKLzD304kFOmhpdA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=900, s-maxage=900
cf-ray
6e641e7a3f2ce68c-LHR
expires
Thu, 03 Mar 2022 17:48:46 GMT
juice-shop-ctf-cli.png
raw.githubusercontent.com/juice-shop/juice-shop-ctf/master/images/ 		102 KB
102 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/juice-shop/juice-shop-ctf/master/images/juice-shop-ctf-cli.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
bdec41004123990969cf3c8b30e1d409804eda3bea530f96ca3f1bf54724cd22
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
2f3f00d62890ddc87ed41218857bf29833345483
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding,Origin
content-length
104060
x-xss-protection
1; mode=block
x-served-by
cache-lcy19268-LCY
x-github-request-id
E404:B90A:1F9B6C0:2180348:6220CDC3
x-timer
S1646328826.957901,VS0,VE1
x-frame-options
deny
date
Thu, 03 Mar 2022 17:33:45 GMT
source-age
219
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"e4254171d0ee31dab753b57c75dad5435f1c1fb17858e9b4bb3e2eada3aa058d"
accept-ranges
bytes
expires
Thu, 03 Mar 2022 17:38:45 GMT
goodreads-write%20review-47129532.svg
img.shields.io/badge/ 		1 KB
798 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.shields.io/badge/goodreads-write%20review-47129532.svg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:282 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f0239b8327515f132fc2b7aad64f85e5b46e05f87a9b9580a940ee5673245ed0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 vegur
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
33628
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 02 Mar 2022 21:13:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ygLSV7ThIo8pKgRJeHY9yObLteER%2BlRn7WfCtYQE2Zg9f36H%2FxI%2BxK%2FnKjFsUqn2cX2q7DjLE2T44nLKVDBRPD5%2FyHGEGIh8Vt0bHtFSdloGnDB%2Bh6ajHu%2BYpKQffdsvrJZhFWAhT2AH1eNYyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=86400, s-maxage=86400
cf-ray
6e641e7a3f2de68c-LHR
cover_small.jpg
raw.githubusercontent.com/bkimminich/pwning-juice-shop/master/ 		56 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/bkimminich/pwning-juice-shop/master/cover_small.jpg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c9b272af1f1759bb2e0408236f34877af9a01ac5b4abceb9e926084e52ccff69
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
0ea97a249ca5b36d647c68f8b29af63be829bfc5
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding,Origin
content-length
57380
x-xss-protection
1; mode=block
x-served-by
cache-lcy19268-LCY
x-github-request-id
BEDE:E80F:EBE059:105A75C:6220FB1F
x-timer
S1646328826.957945,VS0,VE1
x-frame-options
deny
date
Thu, 03 Mar 2022 17:33:45 GMT
source-age
219
strict-transport-security
max-age=31536000
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"4e8722b6130410d7ba61fdf7d1f126a2700c10f0a1dc099161cc527d2f7f7a13"
accept-ranges
bytes
expires
Thu, 03 Mar 2022 17:38:45 GMT
back_small.jpg
raw.githubusercontent.com/bkimminich/pwning-juice-shop/master/ 		62 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/bkimminich/pwning-juice-shop/master/back_small.jpg
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
149c4de2727d192b8d24ebc9a582d4ae5d8470f452d60c4a813e030c13caf3cf
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
cab95c46c0caa31b2e39f62ef18289823f21bd9d
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding,Origin
content-length
63205
x-xss-protection
1; mode=block
x-served-by
cache-lcy19268-LCY
x-github-request-id
124C:2FAB:2C322:3431C:6220FB1F
x-timer
S1646328826.958013,VS0,VE1
x-frame-options
deny
date
Thu, 03 Mar 2022 17:33:45 GMT
source-age
219
strict-transport-security
max-age=31536000
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"7dfdf78e12b5e66db270f5f84fda47c4089f62d8dd4bbade050ee869fe0ed8a1"
accept-ranges
bytes
expires
Thu, 03 Mar 2022 17:38:45 GMT
multijuicer-cover.svg
raw.githubusercontent.com/iteratec/multi-juicer/master/images/ 		17 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/iteratec/multi-juicer/master/images/multijuicer-cover.svg?sanitize=true
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7dc5c3d7a81b3e0cac5ea1c990a85d5922d2cbeb7b484e7778512c27627917ba
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
b7982464487eb18a3e0b1c5c13fe5c61a71736af
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 varnish
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding,Origin
content-length
6691
x-xss-protection
1; mode=block
x-served-by
cache-lcy19268-LCY
x-github-request-id
B6D2:92B5:3A1CDB:3C8313:6220FB1F
x-timer
S1646328826.958120,VS0,VE1
x-frame-options
deny
date
Thu, 03 Mar 2022 17:33:45 GMT
source-age
219
strict-transport-security
max-age=31536000
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=300
etag
W/"89a71312182f372fa49d929596a8382bb2377ea18136fdc53b5b3ecf7f381602"
accept-ranges
bytes
expires
Thu, 03 Mar 2022 17:38:45 GMT
NewWork_SE_Logo_RGB_Pos.png
owasp.org/www-project-juice-shop/assets/images/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://owasp.org/www-project-juice-shop/assets/images/NewWork_SE_Logo_RGB_Pos.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
31639f3f5d457c63c7e37eaf8bcaa9f1ad427743a3f70978890d8d1a24cebe0c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-origin-cache
HIT
x-served-by
cache-lcy19276-LCY
referrer-policy
same-origin
x-github-request-id
DF88:3269:5D99D9:8DDE72:62188DA4
x-timer
S1645776292.120929,VS0,VE81
x-frame-options
SAMEORIGIN
etag
"6202f1ff-430c"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
0
x-fastly-request-id
61a9c532e4eb39a313bcbccf5a7bdabc7c555612
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
x-powered-by
RankSense/CW
x-cache
MISS
x-rs-changes-amount
url_is_excluded
content-length
17164
last-modified
Tue, 08 Feb 2022 22:43:11 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 17:43:32 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e79bbac7792-LHR
x-origin-processing-time
48.0000
x-proxy-cache
MISS
api
github-readme-stats.vercel.app/ 		7 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://github-readme-stats.vercel.app/api?username=bkimminich&show_icons=true
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
ef5b283b9e8fa91531df6ac653ad68af0f7e0995bab601a299744559cd147e46
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:35 GMT
content-encoding
br
server
Vercel
age
10
x-vercel-id
lhr1::sfo1::xclrt-1646328825989-7c924bac1b66
etag
W/"1c74-eJ7jJNRb/vJ1JZ94jvGFX06igdY"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/svg+xml; charset=utf-8
cache-control
public, max-age=7200
x-vercel-cache
HIT
email-decode.min.js
owasp.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
818 B 		Script
General
Check archive.org
Download Go to
Full URL
https://owasp.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 28 Feb 2022 17:09:01 GMT
server
cloudflare
etag
W/"621d01ad-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
6e641e799b4c7792-LHR
vary
Accept-Encoding
expires
Sat, 05 Mar 2022 17:33:45 GMT
5-xp5eClRc1sE8vHKWqCDdAF0zE.js
owasp.org/cdn-cgi/apps/body/ 		33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://owasp.org/cdn-cgi/apps/body/5-xp5eClRc1sE8vHKWqCDdAF0zE.js
Requested by
Host: owasp.org
URL: https://owasp.org/cdn-cgi/apps/head/y6Eaq1GuWIsvmc2nXbGNpGVEQKw.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe45fd1fbca4f63acece60dc705d8067823c0d7f6eface2b6bb9e7dbebc8cf40

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:45 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 27 Apr 2021 13:35:30 GMT
server
cloudflare
age
11066949
etag
W/"2db8c702fdd2cfa86b7109b404bdce69"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
p8ZCbHJJ.WR22b7FO4lFLKN7mgYzmimX
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
6e641e79bbad7792-LHR
x-amz-request-id
YWB46P2VRBYBVTAA
x-amz-id-2
WLw5U+3MPc3RgWujx0hKdrIRNf3cd4yUbTK2NwhSrNDXaX/CgYd5QOorlzlqjn6hwqJfs0zjFtI=
fa-solid-900.woff2
owasp.org/assets/fontawesome/ 		74 KB
74 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://owasp.org/assets/fontawesome/fa-solid-900.woff2
Requested by
Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://owasp.org/www--site-theme/assets/css/styles.css
Origin
https://owasp.org
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age
61
x-origin-cache
HIT
x-served-by
cache-lcy19275-LCY
referrer-policy
same-origin
x-github-request-id
8AEC:E6FB:20B6001:21E1DC1:6220503A
x-timer
S1646285114.951929,VS0,VE1
x-frame-options
SAMEORIGIN
etag
"62204f1c-126b0"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
62d4a58f9f831ce746e59025e01ecca72363c372
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
HIT
x-rs-changes-amount
url_is_excluded
content-length
75440
last-modified
Thu, 03 Mar 2022 05:16:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 16:59:34 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e79cbb07792-LHR
x-origin-processing-time
9.0000
x-proxy-cache
MISS
ubuntu-regular.woff2
owasp.org/assets/font/ 		29 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://owasp.org/assets/font/ubuntu-regular.woff2
Requested by
Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
44beeee5122983409ccd274c152f020a953c769cfaf3bd13a31eb276abf5ec55
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://owasp.org/www--site-theme/assets/css/styles.css
Origin
https://owasp.org
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age
61
x-origin-cache
HIT
x-served-by
cache-lcy19264-LCY
referrer-policy
same-origin
x-github-request-id
E732:9FD2:1FCC5D1:20F5470:6220503A
x-timer
S1646285114.951399,VS0,VE1
x-frame-options
SAMEORIGIN
etag
"62204f1c-7324"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
a332b52970c75388f8017fe079c078fab96b5877
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
HIT
x-rs-changes-amount
url_is_excluded
content-length
29476
last-modified
Thu, 03 Mar 2022 05:16:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 17:00:07 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e79cbb27792-LHR
x-origin-processing-time
10.0000
x-proxy-cache
HIT
/
w.soundcloud.com/player/ Frame 6F2B 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/771984076&color=%23ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-25.fra56.r.cloudfront.net
Software
am/2 /
Resource Hash
5075cfc70947bc7195ad59883764cebba62ecb7857f89bf874be125824eaf1de
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
en-GB,en;q=0.9

Response headers

content-type
text/html
via
sssr, 1.1 b30b1c2659a3fb836783824fe37110ee.cloudfront.net (CloudFront)
p3p
policyref="https://w.soundcloud.com/player/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV TAI PSAo PSDo OUR STP CNT"
cache-control
public, max-age=300
date
Thu, 03 Mar 2022 17:33:46 GMT
strict-transport-security
max-age=63072000
server
am/2
content-encoding
gzip
vary
Accept-Encoding
x-cache
Miss from cloudfront
x-amz-cf-pop
FRA56-P5
x-amz-cf-id
W_LKn6vbZd217HzDH06fdkDnCDOdoNq74dAhGRVFCDbK3uJf1YxqhQ==
ubuntu-medium.woff2
owasp.org/assets/font/ 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://owasp.org/assets/font/ubuntu-medium.woff2
Requested by
Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
8565a2bb056746aea663c4d9a0a4a85e431f07bb9d70533c6f025e44948fa458
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://owasp.org/www--site-theme/assets/css/styles.css
Origin
https://owasp.org
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age
61
x-origin-cache
HIT
x-served-by
cache-lcy19238-LCY
referrer-policy
same-origin
x-github-request-id
BCDE:A80A:A8643F:ADEA3B:6220503A
x-timer
S1646285114.015611,VS0,VE1
x-frame-options
SAMEORIGIN
etag
"62204f1c-6fa0"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
64e6d92133882fdf2ba35882f2b91cc756fc116d
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
HIT
x-rs-changes-amount
url_is_excluded
content-length
28576
last-modified
Thu, 03 Mar 2022 05:16:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 16:59:34 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e7a0c427792-LHR
x-origin-processing-time
37.0000
x-proxy-cache
HIT
fa-brands-400.woff2
owasp.org/assets/fontawesome/ 		73 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://owasp.org/assets/fontawesome/fa-brands-400.woff2
Requested by
Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
1f49b8706547682e2c5ed6642a2f2dcbd287da458314b967c60d774aa7edb473
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://owasp.org/www--site-theme/assets/css/styles.css
Origin
https://owasp.org
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age
60
x-origin-cache
HIT
x-served-by
cache-lcy19221-LCY
referrer-policy
same-origin
x-github-request-id
EC76:E6FB:20B6014:21E1DD4:6220503A
x-timer
S1646285114.015562,VS0,VE1
x-frame-options
SAMEORIGIN
etag
"62204f1c-1230c"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
0f6b93c846cb03c072f44d88e2f4899c4c02475f
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
HIT
x-rs-changes-amount
url_is_excluded
content-length
74508
last-modified
Thu, 03 Mar 2022 05:16:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 16:59:24 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e7a0c447792-LHR
x-origin-processing-time
9.0000
x-proxy-cache
MISS
truncated
/ 		3 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ead9d662556a3bcfddaccb89f85f4877a8c2cd7b8aabc4400aa69fc839ddf2f0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
text/css;charset=utf-8
banner-data.yml
owasp.org/www-project-juice-shop/assets/sitedata/ 		734 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://owasp.org/www-project-juice-shop/assets/sitedata/banner-data.yml
Requested by
Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ff87211a6a1e788fdea117ba81b8676bd41189423ebde72ed7fe19447acdf5
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
27a5540738cb1a94dd7eeebbf33c640a9a453846
date
Thu, 03 Mar 2022 17:33:45 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
age
218
x-cache
HIT
vary
Accept-Encoding
x-served-by
cache-lcy19282-LCY
referrer-policy
same-origin
last-modified
Tue, 08 Feb 2022 22:43:14 GMT
server
cloudflare
x-github-request-id
695E:9FD2:243CE89:258014B:6220F855
x-timer
S1646328826.984544,VS0,VE1
x-frame-options
SAMEORIGIN
etag
W/"6202f202-2de"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/yaml
access-control-allow-origin
*
expires
Thu, 03 Mar 2022 17:28:13 GMT
cache-control
max-age=600
permissions-policy
geolocation=(self)
content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cf-ray
6e641e7a2cbe7792-LHR
x-proxy-cache
MISS
x-cache-hits
1
popup-data.yml
owasp.org/www-project-juice-shop/assets/sitedata/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://owasp.org/www-project-juice-shop/assets/sitedata/popup-data.yml
Requested by
Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef6559103903953e244a5ffee1101b36faff6d5bd378d44a4514944b643434de
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
9469a4dde3333d82e154388606e377a392893519
date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
age
216
x-cache
HIT
vary
Accept-Encoding
x-served-by
cache-lcy19242-LCY
referrer-policy
same-origin
last-modified
Tue, 08 Feb 2022 22:43:14 GMT
server
cloudflare
x-github-request-id
BF82:68FD:603636:648AB2:6220F856
x-timer
S1646328826.074037,VS0,VE0
x-frame-options
SAMEORIGIN
etag
W/"6202f202-539"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/yaml
access-control-allow-origin
*
expires
Thu, 03 Mar 2022 17:28:14 GMT
cache-control
max-age=600
permissions-policy
geolocation=(self)
content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cf-ray
6e641e7ade627792-LHR
x-proxy-cache
MISS
x-cache-hits
2
menus.json
owasp.org/www--site-theme/assets/sitedata/ 		6 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://owasp.org/www--site-theme/assets/sitedata/menus.json
Requested by
Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/jquery-3.4.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9054d71a083c915d9e0be75338ebd6461ba0c564a63dd31e1056e6a98c405c3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://owasp.org/www-project-juice-shop/
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
18efc2b354d6a615675581d1f93603a053083097
date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
age
61
cf-ray
6e641e7b5f837792-LHR
x-cache
HIT
content-encoding
br
vary
Accept-Encoding
x-served-by
cache-lcy19237-LCY
referrer-policy
same-origin
last-modified
Wed, 02 Mar 2022 23:20:44 GMT
server
cloudflare
x-github-request-id
B630:6610:50F43:529A9:6220F157
x-timer
S1646328826.150095,VS0,VE1
x-frame-options
SAMEORIGIN
etag
W/"621ffbcc-16c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json; charset=utf-8
access-control-allow-origin
*
expires
Thu, 03 Mar 2022 16:58:12 GMT
cache-control
max-age=600
permissions-policy
geolocation=(self)
content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-origin-cache
HIT
x-proxy-cache
HIT
x-cache-hits
1
events.yml
owasp.org/assets/sitedata/ 		6 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://owasp.org/assets/sitedata/events.yml
Requested by
Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72ef23cb244bd5392f5de6bafcdaeb384edd42df23cdf47dfdb003f652a323c3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
6de0ee1e6e61d409e444427c07bb32e4a2a9c665
date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
age
61
cf-ray
6e641e7b5f857792-LHR
x-cache
HIT
vary
Accept-Encoding
x-served-by
cache-lcy19266-LCY
referrer-policy
same-origin
last-modified
Thu, 03 Mar 2022 05:16:09 GMT
server
cloudflare
x-github-request-id
B7DC:68FD:5EA7B4:62EF0F:6220F168
x-timer
S1646328826.160704,VS0,VE1
x-frame-options
SAMEORIGIN
etag
W/"62204f19-179e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/yaml
access-control-allow-origin
*
expires
Thu, 03 Mar 2022 16:58:40 GMT
cache-control
max-age=600
permissions-policy
geolocation=(self)
content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
1
corp_members.yml
owasp.org/assets/sitedata/ 		81 KB
82 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://owasp.org/assets/sitedata/corp_members.yml
Requested by
Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5cc0d41c27de072245693dac6c82e080d3d2f8e8e6f7a73f5bfd91f448dfcfc
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-fastly-request-id
a3f6a215e89cf3f8536c4293375b32db238a868c
date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
age
61
cf-ray
6e641e7bb8807792-LHR
x-cache
HIT
vary
Accept-Encoding
x-served-by
cache-lcy19282-LCY
referrer-policy
same-origin
last-modified
Thu, 03 Mar 2022 05:16:09 GMT
server
cloudflare
x-github-request-id
FF22:9FD0:5ABDAC:66A8E2:6220F157
x-timer
S1646328826.225106,VS0,VE1
x-frame-options
SAMEORIGIN
etag
W/"62204f19-145cc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/yaml
access-control-allow-origin
*
expires
Thu, 03 Mar 2022 16:58:23 GMT
cache-control
max-age=600
permissions-policy
geolocation=(self)
content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-origin-cache
HIT
x-proxy-cache
HIT
x-cache-hits
1
contrast_logo_rgb.png
owasp.org/assets/images/corp-member-logo/ 		74 KB
75 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://owasp.org/assets/images/corp-member-logo/contrast_logo_rgb.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
fec084f5786c0a8718738f088745b13664eff7b553264ee615131abe2467b886
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age
528
x-origin-cache
HIT
x-served-by
cache-lcy19252-LCY
referrer-policy
same-origin
x-github-request-id
7126:A80A:A86C8F:ADF2EA:62205063
x-timer
S1646287936.108421,VS0,VE0
x-frame-options
SAMEORIGIN
etag
"62204f19-128df"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
2
x-fastly-request-id
e536a7e76e450060ce4a3aa4d6752d8892dbfe5e
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
HIT
x-rs-changes-amount
url_is_excluded
content-length
75999
last-modified
Thu, 03 Mar 2022 05:16:09 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 16:58:47 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e7c49ab7792-LHR
x-origin-processing-time
12.0000
x-proxy-cache
HIT
bionic_logo_1.png
owasp.org/assets/images/corp-member-logo/ 		13 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://owasp.org/assets/images/corp-member-logo/bionic_logo_1.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
3c36fbd29afc6794854a95aa9e707574da335377067d13bc8f4ee6c8fe7036d9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age
235
x-origin-cache
HIT
x-served-by
cache-lcy19264-LCY
referrer-policy
same-origin
x-github-request-id
B576:E6FB:20B6075:21E1E39:6220503C
x-timer
S1646285314.718172,VS0,VE99
x-frame-options
SAMEORIGIN
etag
"62204f19-3538"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
0
x-fastly-request-id
08fa00f891b61b7e61d70b644c809a0de9033ae7
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
MISS
x-rs-changes-amount
url_is_excluded
content-length
13624
last-modified
Thu, 03 Mar 2022 05:16:09 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 17:00:08 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e7c49af7792-LHR
x-origin-processing-time
10.0000
x-proxy-cache
MISS
checkmarx.png
owasp.org/assets/images/corp-member-logo/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://owasp.org/assets/images/corp-member-logo/checkmarx.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
49d53e6675b016733f6182691c54abe1e0d2c0f4c979ba3ec75583f756b36548
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age
528
x-origin-cache
HIT
x-served-by
cache-lcy19227-LCY
referrer-policy
same-origin
x-github-request-id
08EE:A80A:A88717:AE0F52:6220513B
x-timer
S1646285115.996656,VS0,VE97
x-frame-options
SAMEORIGIN
etag
"62204f19-161a"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
0
x-fastly-request-id
46ee8a0da8c6a8c284c985e599646fefb6130950
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
MISS
x-rs-changes-amount
url_is_excluded
content-length
5658
last-modified
Thu, 03 Mar 2022 05:16:09 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 17:00:08 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e7c49b27792-LHR
x-origin-processing-time
9.0000
x-proxy-cache
MISS
f5_logo.png
owasp.org/assets/images/corp-member-logo/ 		23 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://owasp.org/assets/images/corp-member-logo/f5_logo.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
4de6f47161ded07dd11d72dd45306ea1a02e24108dc8c001225b2d934d74351a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age
528
x-origin-cache
HIT
x-served-by
cache-lcy19231-LCY
referrer-policy
same-origin
x-github-request-id
9AFC:8877:24A8D67:260375F:6220503C
x-timer
S1646285115.992712,VS0,VE1
x-frame-options
SAMEORIGIN
etag
"62204f19-5b07"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
6d963901f31b930492198e75031a212ef49a3257
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
HIT
x-rs-changes-amount
url_is_excluded
content-length
23303
last-modified
Thu, 03 Mar 2022 05:16:09 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 17:00:58 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e7c49b47792-LHR
x-origin-processing-time
8.0000
x-proxy-cache
HIT
code-dx.png
owasp.org/assets/images/corp-member-logo/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://owasp.org/assets/images/corp-member-logo/code-dx.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
bafb68212a5c7b4208770d1059d760132556fce56d3adb1c362c9cdf547d9979
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-served-by
cache-lcy19232-LCY
referrer-policy
same-origin
x-github-request-id
18B2:45AB:4BB49E:4E1E9C:6220532F
x-timer
S1646287361.429375,VS0,VE99
x-frame-options
SAMEORIGIN
etag
"62204f19-1638"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
0
x-fastly-request-id
9ddc6c9f85ae89baf5990376255658157c84b770
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
x-powered-by
RankSense/CW
x-cache
MISS
content-length
5688
server
cloudflare
last-modified
Thu, 03 Mar 2022 05:16:09 GMT
x-rs-changes-amount
url_is_excluded
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 17:10:15 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e7c49b77792-LHR
x-origin-processing-time
35.0000
x-proxy-cache
MISS
real-ware.png
owasp.org/assets/images/corp-member-logo/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://owasp.org/assets/images/corp-member-logo/real-ware.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
1a4316805c029149e4ceabe938deb21ff2c8fd75ac38d0e7736a7f2b4d7b0e46
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-origin-cache
HIT
x-served-by
cache-lcy19227-LCY
referrer-policy
same-origin
x-github-request-id
F2F6:E6FB:20C3E75:21F0813:622054F0
x-timer
S1646292287.178337,VS0,VE99
x-frame-options
SAMEORIGIN
etag
"62204f19-2bbe"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
0
x-fastly-request-id
85f3a7677fadc8293ede00f333fcc0e9d8a6aa78
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
x-powered-by
RankSense/CW
x-cache
MISS
x-rs-changes-amount
url_is_excluded
content-length
11198
last-modified
Thu, 03 Mar 2022 05:16:09 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 17:02:48 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e7c49b87792-LHR
x-origin-processing-time
146.0000
x-proxy-cache
MISS
fortify_logo_owasp.png
owasp.org/assets/images/corp-member-logo/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://owasp.org/assets/images/corp-member-logo/fortify_logo_owasp.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
3c4f4ae1fa5555d51d8232941c6b752dc461e3874c40fe9918efb1efff15cf2a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age
453
x-origin-cache
HIT
x-served-by
cache-lcy19268-LCY
referrer-policy
same-origin
x-github-request-id
0A98:9FD1:FFBA2E:10DC992:622051C8
x-timer
S1646287361.430727,VS0,VE1
x-frame-options
SAMEORIGIN
etag
"62204f19-1a48"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
6e838310b8825820d0cb81f32a307fd0dbc26c23
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
RankSense/CW
x-cache
HIT
x-rs-changes-amount
url_is_excluded
content-length
6728
last-modified
Thu, 03 Mar 2022 05:16:09 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 17:00:40 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e7c49ba7792-LHR
x-origin-processing-time
8.0000
x-proxy-cache
MISS
JustEat.png
owasp.org/assets/images/corp-member-logo/ 		83 KB
85 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://owasp.org/assets/images/corp-member-logo/JustEat.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
1ff85706764ce44c96c95ef79e2499d80d3287d43cac3b24c176be4ae64f1ad4
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-origin-cache
HIT
x-served-by
cache-lcy19256-LCY
referrer-policy
same-origin
x-github-request-id
7012:9FD1:1010A5F:10F3123:62205EA8
x-timer
S1646293471.680911,VS0,VE4
x-frame-options
SAMEORIGIN
etag
"62204f19-14d95"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
438ab06c6d1e5fd27d75e661882a0a1f4da5f9a6
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
x-powered-by
RankSense/CW
x-cache
HIT
x-rs-changes-amount
url_is_excluded
content-length
85397
last-modified
Thu, 03 Mar 2022 05:16:09 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 17:14:33 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e7c49bf7792-LHR
x-origin-processing-time
17.0000
x-proxy-cache
MISS
adobe.png
owasp.org/assets/images/corp-member-logo/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://owasp.org/assets/images/corp-member-logo/adobe.png
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / RankSense/CW
Resource Hash
548f890554c0a5560d2d2e66a85fb50efb7f07936deea7eb33d21af421acabdf
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://owasp.org/www-project-juice-shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-origin-cache
HIT
x-served-by
cache-lcy19222-LCY
referrer-policy
same-origin
x-github-request-id
EECA:B7ED:FC88C6:10AA074:6220503C
x-timer
S1646287941.289881,VS0,VE98
x-frame-options
SAMEORIGIN
etag
"62204f19-2ed8"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
x-cache-hits
1
x-fastly-request-id
5b6e127af803a931230c31740855fbb85cd0b92b
x-rs-cf-app-version
1.0.45
date
Thu, 03 Mar 2022 17:33:46 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
x-powered-by
RankSense/CW
x-cache
HIT
x-rs-changes-amount
url_is_excluded
content-length
11992
last-modified
Thu, 03 Mar 2022 05:16:09 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
expires
Thu, 03 Mar 2022 17:00:08 GMT
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
6e641e7c49c17792-LHR
x-origin-processing-time
137.0000
x-proxy-cache
MISS
widget-5-a00da2730efc.js
widget.sndcdn.com/ Frame 6F2B 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.sndcdn.com/widget-5-a00da2730efc.js
Requested by
Host: w.soundcloud.com
URL: https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/771984076&color=%23ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-82.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
50d70e74df659cf2487deaa56f42a9ba4cb92958f2bb55876aecf00e04205e20

Request headers

Referer
https://w.soundcloud.com/
Origin
https://w.soundcloud.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 09:09:39 GMT
content-encoding
gzip
vary
Accept-Encoding
age
2708648
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Mon, 31 Jan 2022 09:01:01 GMT
server
AmazonS3
etag
W/"88d4f5f7c2d9360e5538b59464bbedb2"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
Ct53i.Q2jikr6tnDk2HcUYyEUgC059Ib
via
1.1 3f3b012fad703fdac0f14efdb7b78b6e.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
x-amz-cf-pop
FRA56-P2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
k-Khp_ch2K5OTgyzxd9_zCi0hvrdZ0hHSSgoHJGcJB9JTdbt1mB1tQ==
widget-8-eb5cb5076cb7.js
widget.sndcdn.com/ Frame 6F2B 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.sndcdn.com/widget-8-eb5cb5076cb7.js
Requested by
Host: w.soundcloud.com
URL: https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/771984076&color=%23ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-82.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ed50f51cbc876ce5b84beabb56c7acf110353e7adc1d9cd85d16d2d05c442d30

Request headers

Referer
https://w.soundcloud.com/
Origin
https://w.soundcloud.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 15:10:35 GMT
content-encoding
gzip
vary
Accept-Encoding
age
94992
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 02 Mar 2022 15:06:04 GMT
server
AmazonS3
etag
W/"6682b58e5857fbcfc0d4044730b271bf"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
0P0TyDK1uPsDizxFc33ELE4f.o9tBxp_
via
1.1 3f3b012fad703fdac0f14efdb7b78b6e.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
x-amz-cf-pop
FRA56-P2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
OhkmR4Q8VdluRX4BwgMA57YqVfiLlPRoFViL2x5H4rNnggJ7vRAwzQ==
widget-9-ea6e198bf4df.js
widget.sndcdn.com/ Frame 6F2B 		1 MB
310 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.sndcdn.com/widget-9-ea6e198bf4df.js
Requested by
Host: w.soundcloud.com
URL: https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/771984076&color=%23ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-82.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c144c68af56391c0c00b2d2bcefca6100978709f5eb5de4f4b930b6122f8efea

Request headers

Referer
https://w.soundcloud.com/
Origin
https://w.soundcloud.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 15:10:35 GMT
content-encoding
gzip
vary
Accept-Encoding
age
94992
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 02 Mar 2022 15:06:05 GMT
server
AmazonS3
etag
W/"d9cc29e654ac714a477646df9e8b1e84"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
169zPJAnj7XhJhIURe_y1iAp.XdEcfum
via
1.1 3f3b012fad703fdac0f14efdb7b78b6e.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
x-amz-cf-pop
FRA56-P2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
dmg1racEUDpvZVG-zHe2yqAUfspY2feybmGJecZiO8TKbF2aLkAINg==
24233689
api.github.com/repositories/
Redirect Chain
  • https://api.github.com/repos/bkimminich/juice-shop
  • https://api.github.com/repositories/24233689
7 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.github.com/repositories/24233689
Requested by
Host: owasp.org
URL: https://owasp.org/www-project-juice-shop/
Protocol
H2
Server
140.82.121.6 , United States, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-6-fra.github.com
Software
GitHub.com /
Resource Hash
d4dfc246fb879a65ca4461df654f669f135a55550e4370ce28869871c50e6532
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 17:33:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-github-media-type
github.v3; format=json
strict-transport-security
max-age=31536000; includeSubdomains; preload
vary
Accept, Accept-Encoding, Accept, X-Requested-With
content-length
1563
x-xss-protection
0
x-ratelimit-used
3
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
last-modified
Thu, 03 Mar 2022 04:25:09 GMT
server
GitHub.com
x-github-request-id
AB44:9B20:1E0DE6A:1EAB2A0:6220FBFA
x-frame-options
deny
etag
W/"d6f7d749c14a221c49988edaad3d284e9ec65cf7a597eceebc4e33d8f3140688"
content-security-policy
default-src 'none'
x-ratelimit-remaining
57
x-ratelimit-resource
core
access-control-allow-origin
*
access-control-expose-headers
ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
cache-control
public, max-age=60, s-maxage=60
x-ratelimit-reset
1646330783
x-ratelimit-limit
60
accept-ranges
bytes
content-type
application/json; charset=utf-8

Redirect headers

date
Thu, 03 Mar 2022 17:33:32 GMT
x-content-type-options
nosniff
access-control-allow-origin
*
x-github-media-type
github.v3; format=json
x-ratelimit-limit
60
strict-transport-security
max-age=31536000; includeSubdomains; preload
vary
Accept-Encoding, Accept, X-Requested-With
content-length
163
x-xss-protection
0
x-ratelimit-used
2
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
AB44:9B20:1E0DE5B:1EAB290:6220FBFA
x-frame-options
deny
x-ratelimit-remaining
58
x-ratelimit-resource
core
location
https://api.github.com/repositories/24233689
access-control-expose-headers
ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
x-ratelimit-reset
1646330783
content-security-policy
default-src 'none'
content-type
application/json; charset=utf-8
232062-80072-837454-896836
api-widget.soundcloud.com/assignments/ Frame 6F2B 		615 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-widget.soundcloud.com/assignments/232062-80072-837454-896836?layers=widget_listening&format=json&client_id=LBCcHmRB8XSStWL6wKH2HPACspQlXg2P&app_version=1646233543
Requested by
Host: widget.sndcdn.com
URL: https://widget.sndcdn.com/widget-9-ea6e198bf4df.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.104.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-104-52.fra56.r.cloudfront.net
Software
am/2 /
Resource Hash
7057df7121a58ef12735e552238010f9e10fa0ac94e45583cf45ae6807c71688
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://w.soundcloud.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Thu, 03 Mar 2022 17:33:46 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
X-Amz-Cf-Pop
FRA56-P5
X-Cache
Miss from cloudfront
access-control-allow-methods
DELETE, GET, PATCH, POST, PUT
Connection
keep-alive
Vary
Origin
Content-Length
139
access-control-allow-origin
https://w.soundcloud.com
referrer-policy
no-referrer
Server
am/2
x-frame-options
DENY
access-control-max-age
1728000
strict-transport-security
max-age=63072000
Content-Type
application/json; charset=utf-8
Via
1.1 91dc0292eef4e22508a3ae73fe64bbf4.cloudfront.net (CloudFront)
access-control-expose-headers
Date
Cache-Control
private, max-age=0
access-control-allow-credentials
true
x-robots-tag
noindex
access-control-allow-headers
Authorization, Content-Type, Device-Locale, X-CSRF-Token
X-Amz-Cf-Id
7Z9zSja1jZeioNVs2fEnkqSfXDzMmhW-hffBUJEqL0Uq8-qZKCqf6Q==
widget-0-ed848567cc38.js
widget.sndcdn.com/ Frame 6F2B 		204 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.sndcdn.com/widget-0-ed848567cc38.js
Requested by
Host: widget.sndcdn.com
URL: https://widget.sndcdn.com/widget-8-eb5cb5076cb7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-82.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
96bd12ec6ea8d8edae6fb1347d8cf86ed5363b0d798841d132e8d53a92989ef8

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://w.soundcloud.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 15:10:36 GMT
content-encoding
gzip
vary
Accept-Encoding
age
94991
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 02 Mar 2022 15:06:04 GMT
server
AmazonS3
etag
W/"3b58b624fbb17bd93cfe8a9ea24555d3"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
FfvDC6j_PUQY05oe9oHvOGHa5ws1CPQZ
via
1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
x-amz-cf-pop
FRA56-P2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
2vAiDynm48nxSqiLq9_xfbs4w_n6wvvsTQJrciYpLfDtI6TLMSJq3A==
widget-1-af3512f78538.js
widget.sndcdn.com/ Frame 6F2B 		20 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.sndcdn.com/widget-1-af3512f78538.js
Requested by
Host: widget.sndcdn.com
URL: https://widget.sndcdn.com/widget-8-eb5cb5076cb7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-82.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e658812abdb1848480c33ae9d1d2b258e275fa6c49cc5581b585c37ac1ff4542

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://w.soundcloud.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 09:05:57 GMT
content-encoding
gzip
vary
Accept-Encoding
age
2708870
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Mon, 31 Jan 2022 09:01:01 GMT
server
AmazonS3
etag
W/"12ba930fd6a974d5b9b667698d4f17fe"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
j8LtSOVfb8gyxCnuRtttCV6XxOJK_9Vl
via
1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
x-amz-cf-pop
FRA56-P2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
roZSBHFdJfXN_L5mp_cVtjLd3724a0SvzgGTziZv8EiaK-FfgoC1ag==
resolve
api-widget.soundcloud.com/ Frame 6F2B 		5 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-widget.soundcloud.com/resolve?url=https%3A//api.soundcloud.com/tracks/771984076&format=json&client_id=LBCcHmRB8XSStWL6wKH2HPACspQlXg2P&app_version=1646233543
Requested by
Host: widget.sndcdn.com
URL: https://widget.sndcdn.com/widget-9-ea6e198bf4df.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.104.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-104-52.fra56.r.cloudfront.net
Software
am/2 /
Resource Hash
8faf9ea4dc646016ae98514e7edc3bceea4d8150c8a7ed17741b292461ebae70
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://w.soundcloud.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Thu, 03 Mar 2022 17:33:47 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
X-Amz-Cf-Pop
FRA56-P5
X-Cache
Miss from cloudfront
access-control-allow-methods
DELETE, GET, PATCH, POST, PUT
Connection
keep-alive
Vary
Origin
Content-Length
2044
access-control-allow-origin
https://w.soundcloud.com
referrer-policy
no-referrer
Server
am/2
x-frame-options
DENY
access-control-max-age
1728000
strict-transport-security
max-age=63072000
Content-Type
application/json; charset=utf-8
Via
1.1 91dc0292eef4e22508a3ae73fe64bbf4.cloudfront.net (CloudFront)
access-control-expose-headers
Date
Cache-Control
private, max-age=0
access-control-allow-credentials
true
x-robots-tag
noindex
access-control-allow-headers
Authorization, Content-Type, Device-Locale, X-CSRF-Token
X-Amz-Cf-Id
loTimN0P2v--VcYJHGlm544eNd67kvvBkoyXIKsd2N8EKuWHlDH1nw==
DeeX9IhOZdLr_m.json
wave.sndcdn.com/ Frame 6F2B 		7 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://wave.sndcdn.com/DeeX9IhOZdLr_m.json
Requested by
Host: widget.sndcdn.com
URL: https://widget.sndcdn.com/widget-9-ea6e198bf4df.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-70.fra56.r.cloudfront.net
Software
/
Resource Hash
c282738b24b1a946910bbe6f5d560731eddd2f75e604906ed021f318008d1e01

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://w.soundcloud.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 01 Sep 2021 06:39:46 GMT
Content-Encoding
gzip
Connection
keep-alive
Age
15850441
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=155520000
X-Cache
Hit from cloudfront
X-Amz-Cf-Pop
FRA56-P5
Access-Control-Allow-Headers
Accept, Accept-Encoding, Authorization, Content-Type, Origin
Content-Length
2088
Via
1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
X-Amz-Cf-Id
tJO-NuVlmvv2AcleZqm8TQnto1gWbtEbQKyvSvokysnQG_2JktFUwA==

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored object| CloudflareApps function| Cookies function| handleOutboundLinkClicks function| $ function| jQuery function| YAML object| luxon function| kjua object| events object| members object| plat_indices object| gold_indices object| other_indices function| get_next_member object| banneryaml object| popyaml string| url object| eventsyml string| e string| evnt object| member number| chosenIndex number| pIndex number| cycleIndex object| google_tag_data function| ga object| gaplugins

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-widget.soundcloud.com
api.github.com
bestpractices.coreinfrastructure.org
buttons.github.io
d322cqt584bo4o.cloudfront.net
github-readme-stats.vercel.app
img.shields.io
owasp.org
raw.githubusercontent.com
w.soundcloud.com
wave.sndcdn.com
widget.sndcdn.com
www.google-analytics.com
140.82.121.6
18.66.104.52
18.66.112.25
18.66.112.62
18.66.112.70
18.66.97.82
2606:4700:10::ac43:a27
2606:4700:3037::6815:282
2606:50c0:8001::154
2606:50c0:8003::153
2a00:1450:4001:808::200e
2a04:4e42:200::437
76.76.21.61
0206f4610bab33db45855c407c0816fdf36aa2ae8989cf336ae8ee903432ccd0
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
149c4de2727d192b8d24ebc9a582d4ae5d8470f452d60c4a813e030c13caf3cf
16f450193c0072f891a4f92b69ad176816cd648ae2a5d20b60a2079e23e8e43a
1a4316805c029149e4ceabe938deb21ff2c8fd75ac38d0e7736a7f2b4d7b0e46
1d02830827be9a8f1b53823f8056b9891e5a0865e72b493b71ce8a92329b888f
1d218d047f825d6b811221206e8b57d002956a6d95c6339059571d8ee0ae96b4
1f49b8706547682e2c5ed6642a2f2dcbd287da458314b967c60d774aa7edb473
1ff85706764ce44c96c95ef79e2499d80d3287d43cac3b24c176be4ae64f1ad4
206a23aca30d34349ace03cfe9c94815245c78309345c3d782dd643f683e6d0d
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25a6262336d4cb1b39ad8a7e8e46ecdd1040e45abac638bf53125db8719f7987
31639f3f5d457c63c7e37eaf8bcaa9f1ad427743a3f70978890d8d1a24cebe0c
3392c3768ef304e57cea0c142d21d7c7474542eac800d2ddbfd27968857f2e35
357c0ad66cf329f64d356786a5dd19700f8b4498b283db0922e374e68e544298
3b6df507c4ce2ab203d1a1a71844ef8fc3b8ee0e5f80b934ee01d76b518bf50c
3c36fbd29afc6794854a95aa9e707574da335377067d13bc8f4ee6c8fe7036d9
3c4f4ae1fa5555d51d8232941c6b752dc461e3874c40fe9918efb1efff15cf2a
44beeee5122983409ccd274c152f020a953c769cfaf3bd13a31eb276abf5ec55
49d53e6675b016733f6182691c54abe1e0d2c0f4c979ba3ec75583f756b36548
4de6f47161ded07dd11d72dd45306ea1a02e24108dc8c001225b2d934d74351a
5075cfc70947bc7195ad59883764cebba62ecb7857f89bf874be125824eaf1de
50d70e74df659cf2487deaa56f42a9ba4cb92958f2bb55876aecf00e04205e20
538bc98b966eadcef058d2fcd374444f5032e9e0ac7d4f80feb126d20d132f1b
53d3b023092e049484c4e39ce6f50d1b8dd10074795e66da06e1140792a91d9a
548f890554c0a5560d2d2e66a85fb50efb7f07936deea7eb33d21af421acabdf
5b741fe5f6080e1593a351a04b8f376296497f31d0cc30fb42b4f1b12f308341
6349d6299bfa63e312cd8be81ac0245c79953d348f9a3f96c532db94a984f784
636244a8f654578aecfb04e72007ded4163696a4f4bc230bcbad0fd0040f7934
7057df7121a58ef12735e552238010f9e10fa0ac94e45583cf45ae6807c71688
72ef23cb244bd5392f5de6bafcdaeb384edd42df23cdf47dfdb003f652a323c3
771defe39ff47372ad2e7a584874b7b3d2790781e159441fb3b4aff24a965224
7a5668a5e988c9933325208856161d319d57be8b01ef04dc617d0346965b833a
7cc3dacfecfa45917f584e9667157a4724645544a022e57a9c281fb5b9c03d39
7dc5c3d7a81b3e0cac5ea1c990a85d5922d2cbeb7b484e7778512c27627917ba
7e773295de0ad1aac6f56ca19c84e6cdbc98fb73b12179a2b4e73adae19edb4a
80ec6b327841b254929cef32f86a6bc1a178cefe335bff7a6ad69895b91ab663
8565a2bb056746aea663c4d9a0a4a85e431f07bb9d70533c6f025e44948fa458
8902e5836a324eae0ab281a9be7d62683e025d503ce6778cce6768fb908c1089
8e9bc4deb24a8f148277f92ec5ab80871f63242c986c9161c823214467d4f245
8faf9ea4dc646016ae98514e7edc3bceea4d8150c8a7ed17741b292461ebae70
92e8e487ac38e1161f0ea38f9d9176fd58b437a2b39e578613aef6dd511b4a4a
944f91f9752eae2e778bc3503dc1aa2cb68bf29830d8a4b40ca0a701ee94273b
96bd12ec6ea8d8edae6fb1347d8cf86ed5363b0d798841d132e8d53a92989ef8
995b565a847966d66e044eb2a349377c67eb596adfe2b095c3b67134bed84683
9cd1cdfec61227c4fea75531e4c6d253c228c13090efb9bcdecd4e6a1bbd596a
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a7d9642ae9816f0def0e8af1463ebb7528066b2fef63768231ebb369358e50bd
b19970fdc88fb7160e02e6f1694d91aba893dfac58f6d4d08c7ba19f0d06bf7e
b5cc0d41c27de072245693dac6c82e080d3d2f8e8e6f7a73f5bfd91f448dfcfc
b8ccdf0e45f181fc04f0d202779fff71aa76f27f0428a792e0e6f13fe1d0b085
bafb68212a5c7b4208770d1059d760132556fce56d3adb1c362c9cdf547d9979
bc310a46fa508fb6fd7159624f1382c20de411d550c8d0d9c86c09a5492b765d
bdec41004123990969cf3c8b30e1d409804eda3bea530f96ca3f1bf54724cd22
c144c68af56391c0c00b2d2bcefca6100978709f5eb5de4f4b930b6122f8efea
c282738b24b1a946910bbe6f5d560731eddd2f75e604906ed021f318008d1e01
c81c42fe103f43e11f4d343d30d85adef6ccc6dc5352a46b5d64641531e25939
c9054d71a083c915d9e0be75338ebd6461ba0c564a63dd31e1056e6a98c405c3
c9b272af1f1759bb2e0408236f34877af9a01ac5b4abceb9e926084e52ccff69
cbe2121765e2f3e921a42bcb9b0c78635b68cee1dccd1b1ec31089b9382ff514
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0
d4dfc246fb879a65ca4461df654f669f135a55550e4370ce28869871c50e6532
e0f7719ad9519e9bcfa1310de1fc878036e010940556d322c50bf3a2256f7fb1
e2674594449ff930d57e5099f8dcacc967b5b0a9d5a31817bf923be2a5f8ec87
e658812abdb1848480c33ae9d1d2b258e275fa6c49cc5581b585c37ac1ff4542
e7ff87211a6a1e788fdea117ba81b8676bd41189423ebde72ed7fe19447acdf5
ea90f34a8d295f40b565e7d31612a334f9accb230f7133a1dee836432fdd12ab
ead9d662556a3bcfddaccb89f85f4877a8c2cd7b8aabc4400aa69fc839ddf2f0
ed50f51cbc876ce5b84beabb56c7acf110353e7adc1d9cd85d16d2d05c442d30
edb037ab58d9d4412ace8198f35526126fdc056d9e2def75cce9fd9ab3d9dfca
ef5b283b9e8fa91531df6ac653ad68af0f7e0995bab601a299744559cd147e46
ef6559103903953e244a5ffee1101b36faff6d5bd378d44a4514944b643434de
f0239b8327515f132fc2b7aad64f85e5b46e05f87a9b9580a940ee5673245ed0
f3ede7ea87f8d5f35e51944d7c949c90beed6964f1f4a2bf3fad25e0b76c42db
f46950820ce4e5032d2519c3b0c2a73f48b64071b5efd95b7f52d3755f69d3ce
f9f19892f5a7c76c5eb8e265e47cf113386656ed84653b9415fb5c888fd49bda
fc1aa9b5b1a886043f4c77d8e0758ab08598faea638431e1b4102ebb495aac50
fc483e25f7ddb38cacc6deb9b26066ca39cc66e6cc99440c6ca2d7d32b0edbcf
fe45fd1fbca4f63acece60dc705d8067823c0d7f6eface2b6bb9e7dbebc8cf40
fec084f5786c0a8718738f088745b13664eff7b553264ee615131abe2467b886