urlscan.io logo urlscan.io
SecurityTrails logo

cloud.google.com Open in urlscan Pro
2a00:1450:4001:82f::200e  Public Scan

Go To Rescan Add Verdict Report
URL: https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Submission: On October 17 via manual from MX — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 7 domains to perform 21 HTTP transactions. The main IP is 2a00:1450:4001:82f::200e, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is cloud.google.com. The Cisco Umbrella rank of the primary domain is 10014.
TLS certificate: Issued by GTS CA 1C3 on September 12th 2022. Valid for: 3 months.
This is the only time cloud.google.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

10    2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cloud.google.com
www.google-analytics.com
2    2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2a00:1450:400a:800::2014 (Zurich, Switzerland)

ASN15169 (GOOGLE, US)
gweb-cloudblog-slim.appspot.com
1    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
3    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:400a:800::2010 (Zurich, Switzerland)

ASN15169 (GOOGLE, US)
storage.googleapis.com
2    2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
Apex Domain
Subdomains		 Transfer
8 google.com
cloud.google.com — Cisco Umbrella Rank: 10014
326 KB
4 gstatic.com
www.gstatic.com
fonts.gstatic.com
203 KB
3 appspot.com
gweb-cloudblog-slim.appspot.com
37 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 44
storage.googleapis.com — Cisco Umbrella Rank: 403
117 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
18 KB
2 youtube.com
www.youtube.com — Cisco Umbrella Rank: 96
53 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 61
85 KB
21 7
Domain Requested by
8 cloud.google.com 3 redirects cloud.google.com
3 fonts.gstatic.com fonts.googleapis.com
3 gweb-cloudblog-slim.appspot.com cloud.google.com
2 www.google-analytics.com www.googletagmanager.com
cloud.google.com
2 www.youtube.com cloud.google.com
www.youtube.com
2 www.googletagmanager.com cloud.google.com
2 fonts.googleapis.com cloud.google.com
1 storage.googleapis.com cloud.google.com
1 www.gstatic.com cloud.google.com
21 9
Subject Issuer Validity Valid
*.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
storage.googleapis.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Frame ID: B95358A0B365ECE369ACB9F91C0B509D
Requests: 20 HTTP requests in this frame

Frame: https://www.googletagmanager.com/ns.html?id=GTM-5CVQBG
Frame ID: 68DE13BACDB1C8465C81B9B2E4AB233F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

How HBO uses reCAPTCHA Enterprise to secure signup | Google Cloud Blog

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js

Page Statistics

21
Requests

86 %
HTTPS

100 %
IPv6

7
Domains

9
Subdomains

8
IPs

2
Countries

839 kB
Transfer

2584 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://cloud.google.com/blog/static/styles.72b6c4c341ca0efdc8ec.bundle.css HTTP 301
  • https://gweb-cloudblog-slim.appspot.com/blog/static/styles.72b6c4c341ca0efdc8ec.bundle.css
Request Chain 5
  • https://cloud.google.com/blog/static/inline.d05ce0316e0118e75a4b.bundle.js HTTP 301
  • https://gweb-cloudblog-slim.appspot.com/blog/static/inline.d05ce0316e0118e75a4b.bundle.js
Request Chain 15
  • https://cloud.google.com/blog/static/article-page.module.6c06fe6f5f61c20366ed.chunk.js HTTP 301
  • https://gweb-cloudblog-slim.appspot.com/blog/static/article-page.module.6c06fe6f5f61c20366ed.chunk.js

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request how-hbo-uses-recaptcha-enterprise-to-secure-signup
cloud.google.com/blog/products/identity-security/ 		409 KB
61 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
cc351fb3e19d820b8a165109ece9bc31f26549a6397e0ba5d9e69b5c92bb8ec4
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-DCpjhWlLHG' 'strict-dynamic' 'unsafe-inline' 'sha256-QDxbKNlckyq6naTdIr80nD/eM6FoN3Jh+oR3KmUzMoo=' 'sha256-0XGt1KsB2AywluAQlfaegO1NTNBQ1dnVYzumCtw23fo=' 'sha256-IWMypbTLhqfyn2HyoPUV3soECgBZ3jiUruk+eWuuekI=' https: http:; object-src 'none'; base-uri 'self'
Strict-Transport-Security max-age=2592000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache
content-encoding
gzip
content-length
61788
content-security-policy
script-src 'nonce-DCpjhWlLHG' 'strict-dynamic' 'unsafe-inline' 'sha256-QDxbKNlckyq6naTdIr80nD/eM6FoN3Jh+oR3KmUzMoo=' 'sha256-0XGt1KsB2AywluAQlfaegO1NTNBQ1dnVYzumCtw23fo=' 'sha256-IWMypbTLhqfyn2HyoPUV3soECgBZ3jiUruk+eWuuekI=' https: http:; object-src 'none'; base-uri 'self'
content-type
text/html; charset=UTF-8
date
Mon, 17 Oct 2022 18:50:11 GMT
server
Google Frontend
strict-transport-security
max-age=2592000; includeSubdomains
vary
Accept-Encoding
x-cloud-trace-context
e46e9496f1a24df6bbeaeb95320365f6
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
css
fonts.googleapis.com/ 		19 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:100,200,300,400,500,700|Product+Sans:400&lang=en
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d1c645d90fd0a27a06431de13b2edc67037886c055c6ffc2a8a3f53c4fce34e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 17 Oct 2022 18:50:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 17 Oct 2022 18:50:11 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 17 Oct 2022 18:50:11 GMT
gtm.js
www.googletagmanager.com/ 		407 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5CVQBG
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e8123d1be78adc40d71208dc5c6b4658d801d24bc661f92e36d16b1ac1ac78b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 18:50:11 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
86609
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 17 Oct 2022 18:50:11 GMT
icon
fonts.googleapis.com/ 		569 B
869 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e2f2597386660b972fe84faa90af129a353e7e8f9990df6f3b14d0165468350f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 17 Oct 2022 18:50:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 17 Oct 2022 18:50:11 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 17 Oct 2022 18:50:11 GMT
styles.72b6c4c341ca0efdc8ec.bundle.css
gweb-cloudblog-slim.appspot.com/blog/static/
Redirect Chain
  • https://cloud.google.com/blog/static/styles.72b6c4c341ca0efdc8ec.bundle.css
  • https://gweb-cloudblog-slim.appspot.com/blog/static/styles.72b6c4c341ca0efdc8ec.bundle.css
48 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gweb-cloudblog-slim.appspot.com/blog/static/styles.72b6c4c341ca0efdc8ec.bundle.css
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Protocol
H2
Server
2a00:1450:400a:800::2014 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
b6c1a92c6de8cdea5dbcaa5ee89c6cdff725bc8910bc8a0a827688f7d633166e
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/feedback/;
Strict-Transport-Security max-age=2592000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
base-uri 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/feedback/;
strict-transport-security
max-age=2592000; includeSubdomains
x-content-type-options
nosniff
date
Mon, 17 Oct 2022 18:43:22 GMT
content-encoding
gzip
age
409
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8727
x-xss-protection
1; mode=block
server
Google Frontend
etag
"MtRPvA"
x-frame-options
DENY
content-type
text/css
x-cloud-trace-context
6045a24636b982265ff878a3d6dc33c1
cache-control
public, max-age=600
expires
Mon, 17 Oct 2022 18:53:22 GMT

Redirect headers

pragma
no-cache
date
Mon, 17 Oct 2022 18:50:11 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/binary
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
location
https://gweb-cloudblog-slim.appspot.com/blog/static/styles.72b6c4c341ca0efdc8ec.bundle.css
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
lazy.min.js
www.gstatic.com/feedback/js/help/prod/service/ 		93 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0497580c0f85040290ae99e47be3abe53706b287ca7082d336dbad5192cad304
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 18:40:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
570
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/product-feedback-gathering
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33909
x-xss-protection
0
last-modified
Thu, 13 Oct 2022 17:17:04 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="product-feedback-gathering"
vary
Accept-Encoding, Origin
report-to
{"group":"product-feedback-gathering","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/product-feedback-gathering"}]}
content-type
text/javascript
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Mon, 17 Oct 2022 19:30:41 GMT
inline.d05ce0316e0118e75a4b.bundle.js
gweb-cloudblog-slim.appspot.com/blog/static/
Redirect Chain
  • https://cloud.google.com/blog/static/inline.d05ce0316e0118e75a4b.bundle.js
  • https://gweb-cloudblog-slim.appspot.com/blog/static/inline.d05ce0316e0118e75a4b.bundle.js
2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gweb-cloudblog-slim.appspot.com/blog/static/inline.d05ce0316e0118e75a4b.bundle.js
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Protocol
H3
Server
2a00:1450:400a:800::2014 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
f25e308b77cb1766e8e126d1ea8b566789d148a75c4feb923d5ed167c58e0311
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/feedback/;
Strict-Transport-Security max-age=2592000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
base-uri 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/feedback/;
strict-transport-security
max-age=2592000; includeSubdomains
x-content-type-options
nosniff
date
Mon, 17 Oct 2022 18:49:56 GMT
content-encoding
gzip
age
15
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1031
x-xss-protection
1; mode=block
server
Google Frontend
etag
"MtRPvA"
x-frame-options
DENY
content-type
application/javascript
x-cloud-trace-context
988d926b1e002ccdf05b786baa4e6a65
cache-control
public, max-age=600
expires
Mon, 17 Oct 2022 18:59:56 GMT

Redirect headers

pragma
no-cache
date
Mon, 17 Oct 2022 18:50:11 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/binary
location
https://gweb-cloudblog-slim.appspot.com/blog/static/inline.d05ce0316e0118e75a4b.bundle.js
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
polyfills.d3ef375ee274a261a86f.bundle.js
cloud.google.com/blog/static/ 		63 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cloud.google.com/blog/static/polyfills.d3ef375ee274a261a86f.bundle.js
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
536de2dfd50f5d877ecfe8330a53622977f57eddbb076ea5cc678a38612a8d02
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/feedback/;
Strict-Transport-Security max-age=2592000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
base-uri 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/feedback/;
strict-transport-security
max-age=2592000; includeSubdomains
x-content-type-options
nosniff
date
Mon, 17 Oct 2022 18:45:50 GMT
content-encoding
gzip
age
261
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24774
x-xss-protection
1; mode=block
server
Google Frontend
etag
"MtRPvA"
x-frame-options
DENY
content-type
application/javascript
x-cloud-trace-context
bde3e899712ae0e203046e69629fa94e
cache-control
public, max-age=600
expires
Mon, 17 Oct 2022 18:55:50 GMT
main.00c17825de787acb6c35.bundle.js
cloud.google.com/blog/static/ 		885 KB
234 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cloud.google.com/blog/static/main.00c17825de787acb6c35.bundle.js
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
9333768883e8f192782a1a36ea083bf7c86efbbb33bcb04d276f05ddd4ce6860
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/feedback/;
Strict-Transport-Security max-age=2592000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
base-uri 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/feedback/;
strict-transport-security
max-age=2592000; includeSubdomains
x-content-type-options
nosniff
date
Mon, 17 Oct 2022 18:43:37 GMT
content-encoding
gzip
age
394
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
239549
x-xss-protection
1; mode=block
server
Google Frontend
etag
"MtRPvA"
x-frame-options
DENY
content-type
application/javascript
x-cloud-trace-context
296d4e0e812393cee84a96741777af7a
cache-control
public, max-age=600
expires
Mon, 17 Oct 2022 18:53:37 GMT
4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:100,200,300,400,500,700|Product+Sans:400&lang=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://cloud.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 08:44:44 GMT
x-content-type-options
nosniff
age
468327
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28288
x-xss-protection
0
last-modified
Wed, 01 Jun 2022 19:05:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 12 Oct 2023 08:44:44 GMT
reCAPTCHA.jpg
storage.googleapis.com/gweb-cloudblog-publish/original_images/ 		114 KB
115 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.googleapis.com/gweb-cloudblog-publish/original_images/reCAPTCHA.jpg
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400a:800::2010 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
11f23e889ec9fa785c73728ab54df7d657804f952ba9e29b6a64f3a588beb603

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 18:50:11 GMT
x-guploader-uploadid
ADPycdvgLC9JdvwSmYFZ7lUG13NJqyKm7uZ5xLLqTKoHwvzmZC8pSwrKmNTUFxfe6LskYRjjJ3nUERIfY1oZVprMLNbgYA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
116739
last-modified
Thu, 07 May 2020 02:22:36 GMT
server
UploadServer
etag
"2473654d4d41b17e48d77366ebfee1fd"
x-goog-generation
1588818156451603
content-type
image/jpeg
x-goog-hash
crc32c=2KowTg==, md5=JHNlTU1BsX5I13Nm6/7h/Q==
cache-control
public, max-age: 604800
x-goog-stored-content-length
116739
accept-ranges
bytes
expires
Tue, 17 Oct 2023 18:50:11 GMT
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v139/ 		125 KB
126 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://cloud.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 20:32:16 GMT
x-content-type-options
nosniff
age
339475
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128352
x-xss-protection
0
last-modified
Thu, 25 Aug 2022 00:26:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 13 Oct 2023 20:32:16 GMT
ns.html
www.googletagmanager.com/ Frame 68DE 		266 B
114 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/ns.html?id=GTM-5CVQBG
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/static/main.00c17825de787acb6c35.bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1508490e2a7f3949d866ce8f032895224c55a02eb24f9ada50c7cb79a4c887c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://cloud.google.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, must-revalidate
content-encoding
br
content-length
92
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 17 Oct 2022 18:50:11 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
vary
*
x-xss-protection
0
iframe_api
www.youtube.com/ 		992 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/static/main.00c17825de787acb6c35.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
afb565bd3ab9d35050ad68dc0b0c0982e9978a4a135bafaf7e4a8d733a348c32
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 18:50:11 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type
text/javascript; charset=utf-8
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Mon, 17 Oct 2022 18:50:11 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:100,200,300,400,500,700|Product+Sans:400&lang=en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://cloud.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 13:14:53 GMT
x-content-type-options
nosniff
age
279318
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 14 Oct 2023 13:14:53 GMT
common.524dc8617c08f30be0eb.chunk.js
cloud.google.com/blog/static/ 		26 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cloud.google.com/blog/static/common.524dc8617c08f30be0eb.chunk.js
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/static/inline.d05ce0316e0118e75a4b.bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
9cc5202a04836f2efe8c9ab311c6ab3b0f1dbef155f2d4920e2fd28ff79fe974
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/feedback/;
Strict-Transport-Security max-age=2592000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
base-uri 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/feedback/;
strict-transport-security
max-age=2592000; includeSubdomains
x-content-type-options
nosniff
date
Mon, 17 Oct 2022 18:43:22 GMT
content-encoding
gzip
age
409
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
1; mode=block
server
Google Frontend
etag
"MtRPvA"
x-frame-options
DENY
content-type
application/javascript
x-cloud-trace-context
145d4892a3901caaebba1faf910cb58f
cache-control
public, max-age=600
expires
Mon, 17 Oct 2022 18:53:22 GMT
article-page.module.6c06fe6f5f61c20366ed.chunk.js
gweb-cloudblog-slim.appspot.com/blog/static/
Redirect Chain
  • https://cloud.google.com/blog/static/article-page.module.6c06fe6f5f61c20366ed.chunk.js
  • https://gweb-cloudblog-slim.appspot.com/blog/static/article-page.module.6c06fe6f5f61c20366ed.chunk.js
147 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gweb-cloudblog-slim.appspot.com/blog/static/article-page.module.6c06fe6f5f61c20366ed.chunk.js
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Protocol
H3
Server
2a00:1450:400a:800::2014 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
d67de6081d6a015179040213714a31e9adf31bc23beb18b9480b4386ebf4d5c4
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/feedback/;
Strict-Transport-Security max-age=2592000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
base-uri 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/feedback/;
strict-transport-security
max-age=2592000; includeSubdomains
x-content-type-options
nosniff
date
Mon, 17 Oct 2022 18:41:15 GMT
content-encoding
gzip
age
536
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27476
x-xss-protection
1; mode=block
server
Google Frontend
etag
"MtRPvA"
x-frame-options
DENY
content-type
application/javascript
x-cloud-trace-context
d36c70a113242fa09288ac7bc9769b24
cache-control
public, max-age=600
expires
Mon, 17 Oct 2022 18:51:15 GMT

Redirect headers

pragma
no-cache
date
Mon, 17 Oct 2022 18:50:11 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/binary
location
https://gweb-cloudblog-slim.appspot.com/blog/static/article-page.module.6c06fe6f5f61c20366ed.chunk.js
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/internal/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/internal/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5CVQBG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
68481114478cbd5c95b6d7e9b1f42c2a434e5e816748e64270ca91987e3540a5
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 17 Oct 2022 17:21:30 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
5321
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18411
expires
Mon, 17 Oct 2022 19:21:30 GMT
collect
www.google-analytics.com/internal/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/internal/collect?v=1&_v=j98&a=190685816&t=pageview&_s=1&dl=https%3A%2F%2Fcloud.google.com%2Fblog%2Fproducts%2Fidentity-security%2Fhow-hbo-uses-recaptcha-enterprise-to-secure-signup&dp=%2Fblog%2Fproducts%2Fidentity-security%2Fhow-hbo-uses-recaptcha-enterprise-to-secure-signup&ul=en-us&de=UTF-8&dt=How%20HBO%20uses%20reCAPTCHA%20Enterprise%20to%20secure%20signup%20%7C%20Google%20Cloud%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QGBACEABDAAAAAgBY~&cid=301604172.1666032612&tid=UA-36037335-1&gtm=2wgaa05CVQBG&cd1=&cd2=&cd4=&cd14=GTM-5CVQBG%3A472&cd15=%2Fblog%2Fproducts%2Fidentity-security%2Fhow-hbo-uses-recaptcha-enterprise-to-secure-signup&cd16=(not%20set)&cd17=(not%20set)&cd22=(not%20set)&cd32=(not%20set)&cd34=(not%20set)&cd38=Randy%20Gingeleski&cd39=Identity%20%26%20Security%2C%20Google%20Cloud&cd42=not%20set&cd47=2021-06-23%2008%3A06%3A08&cd48=How%20HBO%20Max%20uses%20reCAPTCHA%20Enterprise%20to%20make%20its%20customer%20experience%20frictionless&cd49=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F106.0.5249.119%20Safari%2F537.36&cd57=2021-06-23%2008%3A06%3A08&cd58=Senior%20Staff%20Security%20Engineer%20for%20HBO%20Max&cd64=(not%20set)&z=1519709737
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 17 Oct 2022 17:29:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
4816
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
www-widgetapi.js
www.youtube.com/s/player/1f77e565/www-widgetapi.vflset/ 		157 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/1f77e565/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/iframe_api
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cfc183a3b8afd5ba661c8f21b7dc87b22b2b7b6266b10a238334777964d9efcf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 18:18:54 GMT
content-encoding
br
x-content-type-options
nosniff
age
1877
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52749
x-xss-protection
0
last-modified
Thu, 13 Oct 2022 00:21:58 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 17 Oct 2023 18:18:54 GMT
hats-survey-handler.min.js
cloud.google.com/blog/static/assets/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cloud.google.com/blog/static/assets/hats-survey-handler.min.js?locale=en-US
Requested by
Host: cloud.google.com
URL: https://cloud.google.com/blog/static/article-page.module.6c06fe6f5f61c20366ed.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-WwTor_f4PVbhzFrWJDjaIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /blog/_/TransformBlogHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /blog/_/TransformBlogHttp/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 17 Oct 2022 18:50:11 GMT
content-security-policy
script-src 'report-sample' 'nonce-WwTor_f4PVbhzFrWJDjaIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /blog/_/TransformBlogHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /blog/_/TransformBlogHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

89 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| dataLayer object| Modernizr object| google_tag_manager object| google_tag_data object| help object| hgb object| userfeedback function| webpackJsonp object| core object| __core-js_shared__ function| Zone function| __zone_symbol__Promise function| __zone_symbol__ZoneAwarePromise function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| ngDevMode object| ng object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse object| __zone_symbol__scrollfalse object| __zone_symbol__resizefalse object| __zone_symbol__focusfalse object| __zone_symbol__orientationchangefalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers function| onYouTubeIframeAPIReady object| __zone_symbol__clickfalse string| GoogleAnalyticsObject function| _ga object| gaplugins object| gaGlobal object| gaData object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| __zone_symbol__testfalse object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytglobal object| ytPubsub2Pubsub2Instance object| ytPubsub2Pubsub2SubscribedKeys object| ytPubsub2Pubsub2TopicToKeys object| ytPubsub2Pubsub2IsAsync object| ytPubsub2Pubsub2SkipSubKey object| ytNetworklessLoggingInitializationOptions object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportGELQueue_ object| ytLoggingTransportGELProtoQueue_ object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingTransportTokensToJspbCttTargetIds_ object| ytLoggingGelSequenceIdObj_ function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

4 Cookies

Domain/Path Name / Value
.google.com/ Name: NID
Value: 511=gJJI4RK3fh5wrdZzaH45ELC0UnWdQmI_L5jOq8fBZ4Hk07w02S9ZFKyZj8dJou_ltl9q0RI-mUAPGXmm_-FJiQBZ4Vin8mbVvGq3TcPAoQs-Ve2lp5RE6DvOkyXoUMR-NpT5ofS2TIE6eaT48CzdGONb7JtsEskBYxfLctAXGeg
.cloud.google.com/ Name: _ga
Value: GA1.3.301604172.1666032612
.youtube.com/ Name: YSC
Value: 98wHg8YVf3o
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: 99YIH-It5kQ

2 Console Messages

Source Level URL
Text
network error URL: https://cloud.google.com/blog/static/assets/hats-survey-handler.min.js?locale=en-US
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://cloud.google.com/blog/products/identity-security/how-hbo-uses-recaptcha-enterprise-to-secure-signup
Message:
Refused to execute script from 'https://cloud.google.com/blog/static/assets/hats-survey-handler.min.js?locale=en-US' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'nonce-DCpjhWlLHG' 'strict-dynamic' 'unsafe-inline' 'sha256-QDxbKNlckyq6naTdIr80nD/eM6FoN3Jh+oR3KmUzMoo=' 'sha256-0XGt1KsB2AywluAQlfaegO1NTNBQ1dnVYzumCtw23fo=' 'sha256-IWMypbTLhqfyn2HyoPUV3soECgBZ3jiUruk+eWuuekI=' https: http:; object-src 'none'; base-uri 'self'
Strict-Transport-Security max-age=2592000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cloud.google.com
fonts.googleapis.com
fonts.gstatic.com
gweb-cloudblog-slim.appspot.com
storage.googleapis.com
www.google-analytics.com
www.googletagmanager.com
www.gstatic.com
www.youtube.com
2a00:1450:4001:806::200a
2a00:1450:4001:809::2003
2a00:1450:4001:809::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:810::200e
2a00:1450:4001:82f::200e
2a00:1450:400a:800::2010
2a00:1450:400a:800::2014
0497580c0f85040290ae99e47be3abe53706b287ca7082d336dbad5192cad304
11f23e889ec9fa785c73728ab54df7d657804f952ba9e29b6a64f3a588beb603
1508490e2a7f3949d866ce8f032895224c55a02eb24f9ada50c7cb79a4c887c8
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
536de2dfd50f5d877ecfe8330a53622977f57eddbb076ea5cc678a38612a8d02
68481114478cbd5c95b6d7e9b1f42c2a434e5e816748e64270ca91987e3540a5
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9333768883e8f192782a1a36ea083bf7c86efbbb33bcb04d276f05ddd4ce6860
9cc5202a04836f2efe8c9ab311c6ab3b0f1dbef155f2d4920e2fd28ff79fe974
afb565bd3ab9d35050ad68dc0b0c0982e9978a4a135bafaf7e4a8d733a348c32
b6c1a92c6de8cdea5dbcaa5ee89c6cdff725bc8910bc8a0a827688f7d633166e
cc351fb3e19d820b8a165109ece9bc31f26549a6397e0ba5d9e69b5c92bb8ec4
cfc183a3b8afd5ba661c8f21b7dc87b22b2b7b6266b10a238334777964d9efcf
d1c645d90fd0a27a06431de13b2edc67037886c055c6ffc2a8a3f53c4fce34e7
d67de6081d6a015179040213714a31e9adf31bc23beb18b9480b4386ebf4d5c4
e2f2597386660b972fe84faa90af129a353e7e8f9990df6f3b14d0165468350f
e8123d1be78adc40d71208dc5c6b4658d801d24bc661f92e36d16b1ac1ac78b9
f25e308b77cb1766e8e126d1ea8b566789d148a75c4feb923d5ed167c58e0311
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615