urlscan.io logo urlscan.io
SecurityTrails logo

www.bahn.de Open in urlscan Pro
2a02:26f0:480:d::210:f148  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://dokioav.kvk-kreuger.de/cpwmcpzccjx
Effective URL: https://www.bahn.de/
Submission: On December 17 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 6 domains to perform 100 HTTP transactions. The main IP is 2a02:26f0:480:d::210:f148, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1 Akamai International B.V., NL. The main domain is www.bahn.de. The Cisco Umbrella rank of the primary domain is 52195.
TLS certificate: Issued by R10 on November 6th 2024. Valid for: 3 months.
This is the only time www.bahn.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 172.67.161.243 13335 (CLOUDFLAR...)
72 2a02:26f0:480... 20940 (AKAMAI-AS...)
19 2a02:26f0:480... 20940 (AKAMAI-AS...)
1 2 2a02:26f0:350... 20940 (AKAMAI-AS...)
4 2a02:26f0:480... 20940 (AKAMAI-AS...)
1 1 213.202.235.8 24961 (MYLOC-AS ...)
1 2a02:6ea0:c70... 60068 (CDN77 Dat...)
1 2600:9000:206... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
100 8
1    172.67.161.243 (United States)

ASN13335 (CLOUDFLARENET, US)
dokioav.kvk-kreuger.de
72    2a02:26f0:480:d::210:f148 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
www.bahn.de
cms.static-bahn.de
19    2a02:26f0:480:22::1726:62f1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
assets.static-bahn.de
2    2a02:26f0:3500:18::1724:a298 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
accounts.bahn.de
4    2a02:26f0:480:d::210:f145 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
p11.techlab-cdn.com
1    213.202.235.8 (Germany)

ASN24961 (MYLOC-AS WIIT AG, DE)
at.bahn.de
1    2a02:6ea0:c700::11 (Frankfurt am Main, Germany)

ASN60068 (CDN77 Datacamp Limited, GB)
cdn-at.bahn.de
1    2600:9000:206f:e600:1b:1f8f:6780:93a1 (United States)

ASN16509 (AMAZON-02, US)
ucm-eu.verint-cdn.com
1    2606:4700::6812:4239 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.optimizely.com
Apex Domain
Subdomains		 Transfer
69 bahn.de
www.bahn.de — Cisco Umbrella Rank: 52195
accounts.bahn.de — Cisco Umbrella Rank: 83813
at.bahn.de — Cisco Umbrella Rank: 88618
cdn-at.bahn.de — Cisco Umbrella Rank: 272568
1007 KB
26 static-bahn.de
assets.static-bahn.de — Cisco Umbrella Rank: 109150
cms.static-bahn.de — Cisco Umbrella Rank: 129791
732 KB
4 techlab-cdn.com
p11.techlab-cdn.com — Cisco Umbrella Rank: 3735
59 KB
1 optimizely.com
cdn.optimizely.com — Cisco Umbrella Rank: 1024
2 KB
1 verint-cdn.com
ucm-eu.verint-cdn.com — Cisco Umbrella Rank: 70716
19 KB
1 kvk-kreuger.de
dokioav.kvk-kreuger.de
712 B
100 6
Domain Requested by
65 www.bahn.de www.bahn.de
cms.static-bahn.de
19 assets.static-bahn.de www.bahn.de
7 cms.static-bahn.de www.bahn.de
cms.static-bahn.de
4 p11.techlab-cdn.com www.bahn.de
2 accounts.bahn.de 1 redirects www.bahn.de
1 cdn.optimizely.com www.bahn.de
1 ucm-eu.verint-cdn.com cms.static-bahn.de
1 cdn-at.bahn.de www.bahn.de
1 at.bahn.de 1 redirects
1 dokioav.kvk-kreuger.de 1 redirects
100 10
Subject Issuer Validity Valid
www.bahn.de
R10		 2024-11-06 -
2025-02-04		 3 months crt.sh
subsites.bahn.de
R11		 2024-11-27 -
2025-02-25		 3 months crt.sh
p11.techlab-cdn.com
R10		 2024-11-13 -
2025-02-11		 3 months crt.sh
verint-cdn.com
Amazon RSA 2048 M03		 2024-06-06 -
2025-07-06		 a year crt.sh
cdn.optimizely.com
WE1		 2024-10-21 -
2025-01-19		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.bahn.de/
Frame ID: AEAE1B5B205193F41359332D73110F88
Requests: 104 HTTP requests in this frame

Frame: https://www.bahn.de/.resources/bahn-common/webresources/storage/index.html
Frame ID: E23BA5E84752322BDD7704382843862C
Requests: 9 HTTP requests in this frame

Frame: https://www.bahn.de/.resources/bahn-common-light/webresources/assets/html/auth.v1.html
Frame ID: 6F417BE905A72598BF09C4A88CC670EB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

DB Fahrplan, Auskunft, Tickets, informieren und buchen - Deutsche Bahn

Page URL History Show full URLs

  1. http://dokioav.kvk-kreuger.de/cpwmcpzccjx HTTP 307
    https://dokioav.kvk-kreuger.de/cpwmcpzccjx HTTP 301
    https://www.bahn.de/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • vue[.-]([\d.]*\d)[^/]*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • optimizely\.com.*\.js

Page Statistics

100
Requests

98 %
HTTPS

78 %
IPv6

6
Domains

10
Subdomains

8
IPs

2
Countries

1944 kB
Transfer

4269 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://dokioav.kvk-kreuger.de/cpwmcpzccjx HTTP 307
    https://dokioav.kvk-kreuger.de/cpwmcpzccjx HTTP 301
    https://www.bahn.de/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 87
  • https://at.bahn.de/ccrm HTTP 302
  • https://cdn-at.bahn.de/1x1.gif
Request Chain 93
  • https://accounts.bahn.de/auth/realms/db/protocol/openid-connect/auth?redirect_uri=https%3A%2F%2Fwww.bahn.de%2F.resources%2Fbahn-common-light%2Fwebresources%2Fassets%2Fhtml%2Fauth.v1.html&client_id=kf_web&response_type=code&state=9E4xJAFNPP&scope=openid%20vendo&response_mode=fragment&prompt=none&code_challenge=8VA8uI4VOtY6u1PTeajtS6IPYz0oTMxjLkQ0U4hfyQA&code_challenge_method=S256 HTTP 302
  • https://www.bahn.de/.resources/bahn-common-light/webresources/assets/html/auth.v1.html

100 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.bahn.de/
Redirect Chain
  • http://dokioav.kvk-kreuger.de/cpwmcpzccjx
  • https://dokioav.kvk-kreuger.de/cpwmcpzccjx
  • https://www.bahn.de/
64 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
ec7662f145b14d83d447479c11e54008c6b3018bac093b4ac2f2d3388560f215
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
public, max-age=73
content-encoding
gzip
content-length
13644
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-type
text/html;charset=UTF-8
date
Tue, 17 Dec 2024 14:07:58 GMT
expires
Tue, 17 Dec 2024 14:09:11 GMT
server-timing
intid;desc=5c71ea6c0c9e6e4b
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mTOE,1
x-content-type-options
nosniff
x-frame-options
sameorigin SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-ray
8f377b82d81ddb06-FRA
content-length
167
content-type
text/html
date
Tue, 17 Dec 2024 14:07:57 GMT
expires
Tue, 17 Dec 2024 15:07:57 GMT
location
https://www.bahn.de/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jpWsC0RuS7VJEyDSzCgvs%2FxHIrbVnBNcSx%2BglKOz3rsRiZJJaDAlXmFnY6%2Br3nWnYteFkVc1ss7JzkKZBUC9EJUwYg0Bl2yhwqh7c8eTn8DErE%2FBtn2KE3KYBskyKaSOLXtNHlFsP%2FW3"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=17200&min_rtt=17002&rtt_var=6772&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4154&recv_bytes=4367&delivery_rate=166910&cwnd=12000&unsent_bytes=0&cid=b1cf6f766a6328ff&ts=36&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
asyncServices-91cbb27b.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		350 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/asyncServices-91cbb27b.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
46ce05d42c0ace6157a2a88e54fee3c5de0527ba259f3964c650f4c0b8114e9c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=c9ff20c87e2dbd79
content-length
219
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 28 Mar 2024 09:15:49 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
auth-88794bbc.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		140 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/auth-88794bbc.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
393d2314006bd812564c2c756e1603ae51b6bb091102b6df9af74810c93de0a4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=be87c84ee82ccd99
access-control-allow-origin
*
content-length
40020
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
main-1e3bb9a1.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		247 KB
144 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/main-1e3bb9a1.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
1e3bb9a127ff1d24a72eed1ef82992f1eb50447d3876960dfa17c95dd43ca14d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=43583f0015867bb1
content-length
145089
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Wed, 04 Dec 2024 16:41:30 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
link-list-39a8afd2.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		1 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/link-list-39a8afd2.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
39a8afd2ac324ec8f3be4b639ff479708afe857427c8dbf74f9f62d553791bf2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=7cb5a2c4c7c45195
content-length
302
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Wed, 20 Mar 2024 09:47:30 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
slider-6c059aba.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		9 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/slider-6c059aba.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
6c059abac5c683fe35dfd4a055e7e285eae8047dca3b771ce565316db2fadc12
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=8187329a6c8d4e1f
content-length
1530
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
teaser-slider-92c83c47.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		18 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/teaser-slider-92c83c47.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
92c83c47df93cddd85943d22351e61d3cf969bbe15df1b9c10ca2be26d362d86
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=894f5e147f547945
content-length
2598
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Wed, 27 Nov 2024 11:54:35 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
content-teaser-208bbc26.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		5 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/content-teaser-208bbc26.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
208bbc2656308c9781171f668ea799664d72a7114e6384f658cb74c56dd04cf7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=6b792b9280ab02db
content-length
1472
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
teaser-block-f63e965a.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		4 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/teaser-block-f63e965a.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
f63e965aba1ae9858d79ea3319493a85f248e7a72e73a4d147fd33c21fe0d0ed
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=6e5cc25a121f0d33
content-length
950
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Wed, 26 Jun 2024 16:04:07 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
highlight-icon-ebd2c53d.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		29 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/highlight-icon-ebd2c53d.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
ebd2c53dc1e1739c079620657c5ac09d27d9772bb325b972d1db0f354774fb19
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=07f8db88627edd7b
content-length
8408
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Mon, 29 Jan 2024 21:43:25 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
anchor-element-cc5cab06.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		36 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/anchor-element-cc5cab06.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
cc5cab063183f0ea52ac3cae7d7df192d2e38df2708495cdad2f5bde6b8e8963
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=2adbfff1a9142957
content-length
56
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Mon, 29 Jan 2024 21:43:25 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
stage-marketing-6ac56411.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		3 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/stage-marketing-6ac56411.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
6ac56411cfcf674281828df96b51490734f0162f5ad70fe86f7c4561ec017edf
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=e59c3022eccff845
content-length
827
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Mon, 30 Sep 2024 02:57:18 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
web-quickfinder-24c65c2d.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		423 B
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/web-quickfinder-24c65c2d.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
24c65c2dbfc27da0d27761de40f96cdfe1fd531c373ae33f3e3ff8ea2787477f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=536184218744ae37
content-length
179
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Mon, 30 Sep 2024 02:57:18 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
alert-51999932.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		3 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/alert-51999932.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
51999932ea5c6703232e232988f7330051066e77797f9b9ce809667ef4d70342
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=f15ae2a268923a07
content-length
1142
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Tue, 10 Sep 2024 08:34:36 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
reactive-teaser-f36589c9.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		5 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/reactive-teaser-f36589c9.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
f36589c9357911ed6452b13ce02f69d07536e72775dcbe18af3ceef2abfe492d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=f4d55fc83f685b05
content-length
1485
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Wed, 06 Nov 2024 08:57:14 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
co2-uhr-0cfa99ba.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		8 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/co2-uhr-0cfa99ba.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
0cfa99ba59d798bbc7d45c39c1922a7c97c33a5c1622bf4e00f07a9a5b53f49c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=d647281ab7614797
content-length
1567
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
business-41c422ec.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/business-41c422ec.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
41c422ec3dc03f0a5b4555956950a8f66b1d19b286b62d0f77f89da21882ab1a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=1d9fe3072426d43b
content-length
1034
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Mon, 30 Sep 2024 02:57:18 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
db-logo.svg
assets.static-bahn.de/dam/jcr:47b6ca20-95d9-4102-bc5a-6ebb5634f009/ 		828 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/dam/jcr:47b6ca20-95d9-4102-bc5a-6ebb5634f009/db-logo.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Thu, 16 Jan 2025 14:07:58 GMT
server-timing
intid;desc=6a8103f37ef3a13f
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
image/svg+xml;charset=UTF-8
content-disposition
attachment; filename="db-logo.svg"
vary
Accept-Encoding
last-modified
Mon, 06 May 2024 11:38:03 GMT
x-frame-options
sameorigin
strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2592000
access-control-allow-origin
https://www.bahn.de
content-length
480
x-xss-protection
1; mode=block
179099-242764.jpg
assets.static-bahn.de/.imaging/focalpoint/1280x440/dam/jcr:21bd20bd-e313-4651-bdcc-15bb47a5828b/ 		30 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/1280x440/dam/jcr:21bd20bd-e313-4651-bdcc-15bb47a5828b/179099-242764.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
796124f8b99c13c9beb3168b903c8511ed3e3e4c8cd1f1b79329dd62e1a964d1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
private, no-transform, max-age=2585647
expires
Thu, 16 Jan 2025 12:22:05 GMT
access-control-allow-origin
https://www.bahn.de
content-length
30438
date
Tue, 17 Dec 2024 14:07:58 GMT
last-modified
Tue, 17 Dec 2024 12:22:07 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
sameorigin
quickfinder.DYRQFYJ-.js
www.bahn.de/web/assets/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/web/assets/quickfinder.DYRQFYJ-.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
46bf6b3e617cc5071b622620f70e54801a5333151f5c1feb3608e6616f9aa9f1
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src data:; img-src data:;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'none'; font-src data:; img-src data:;
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-content-type-options
nosniff
server-timing
intid;desc=c1dd4552e48f8647, intid;desc=c1dd4552e48f8647
content-length
2072
date
Tue, 17 Dec 2024 14:07:58 GMT
x-xss-protection
1; mode=block
content-type
application/javascript; charset=utf-8
last-modified
Tue, 10 Dec 2024 15:51:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
vendor-stable.ospwdBB_.js
www.bahn.de/web/assets/ 		131 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/web/assets/vendor-stable.ospwdBB_.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
0fd01a7b38caaa55834c8c8946a170b145895849ec1e11428b40ad40390c66ee
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src data:; img-src data:;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'none'; font-src data:; img-src data:;
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-content-type-options
nosniff
server-timing
intid;desc=0d6b69618b571799, intid;desc=0d6b69618b571799
content-length
51879
date
Tue, 17 Dec 2024 14:07:58 GMT
x-xss-protection
1; mode=block
content-type
application/javascript; charset=utf-8
last-modified
Mon, 09 Dec 2024 09:25:21 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
superviseAssetLoading.BO9mhUcb.js
www.bahn.de/web/assets/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/web/assets/superviseAssetLoading.BO9mhUcb.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
2b6fad22caedc0b0dcaeee69c06d5cd2ed34e2a6c84faebdc4d33c5a34c1f01a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src data:; img-src data:;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'none'; font-src data:; img-src data:;
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-content-type-options
nosniff
server-timing
intid;desc=de5218f45778c62c, intid;desc=de5218f45778c62c
content-length
4378
date
Tue, 17 Dec 2024 14:07:58 GMT
x-xss-protection
1; mode=block
content-type
application/javascript; charset=utf-8
last-modified
Tue, 10 Dec 2024 15:51:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
style.r_xRRR6-.css
www.bahn.de/web/assets/ 		955 KB
167 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/web/assets/style.r_xRRR6-.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
a327d330498b9198b61c33f43fb706f9e60f7da72116c2322f45cb41c2032579
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-content-type-options
nosniff
server-timing
intid;desc=ba7e7fb6fe4972ee, intid;desc=ba7e7fb6fe4972ee
content-length
170417
date
Tue, 17 Dec 2024 14:07:58 GMT
x-xss-protection
1; mode=block
content-type
text/css; charset=utf-8
last-modified
Tue, 10 Dec 2024 15:51:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
FV_2022_10_Komfortorientiertes_Paar_1Klasse_12487_om.jpg
assets.static-bahn.de/.imaging/focalpoint/752x376/dam/jcr:5f99ed6c-3c47-4bc4-9f60-b217380dd300/ 		29 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/752x376/dam/jcr:5f99ed6c-3c47-4bc4-9f60-b217380dd300/FV_2022_10_Komfortorientiertes_Paar_1Klasse_12487_om.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
16ea125efcb130439b818f653e68e39c035d40db37d4ee7faae3208ae4b14073
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
private, no-transform, max-age=1974257
expires
Thu, 09 Jan 2025 10:32:15 GMT
access-control-allow-origin
https://www.bahn.de
content-length
29297
x-serial
433
date
Tue, 17 Dec 2024 14:07:58 GMT
last-modified
Sun, 22 Sep 2024 18:41:12 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
sameorigin
icon_ticket_bahncard.svg
assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:1170073b-b971-4517-9384-55b4891c2653/ 		6 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:1170073b-b971-4517-9384-55b4891c2653/icon_ticket_bahncard.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
143149f2ee19257377ea6a0b58d25f2e9fe32998540ef0b62a878254684a3741
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2592000
x-content-type-options
nosniff
expires
Thu, 16 Jan 2025 14:07:58 GMT
server-timing
intid;desc=ddc6786fa23a87eb
access-control-allow-origin
https://www.bahn.de
content-length
6643
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
image/svg+xml;charset=UTF-8
last-modified
Mon, 30 Sep 2024 14:31:01 GMT
x-frame-options
sameorigin
icon_travel_bahnbonus.svg
assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:f6f2d500-0273-4a00-8038-da20081d1cac/ 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:f6f2d500-0273-4a00-8038-da20081d1cac/icon_travel_bahnbonus.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
633f9991eab769db4706b9e33dfb63a5ccb336271371493653ec1be2a29ed7a9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2592000
x-content-type-options
nosniff
expires
Thu, 16 Jan 2025 14:07:58 GMT
server-timing
intid;desc=ac5127e0edd86721
access-control-allow-origin
https://www.bahn.de
content-length
2637
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
image/svg+xml;charset=UTF-8
last-modified
Sat, 14 Sep 2024 11:37:37 GMT
x-frame-options
sameorigin
icon_travel_poi-berlin-alternative.png
assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:fdf2ec66-fd23-4dc2-80a7-db38003adc36/ 		4 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:fdf2ec66-fd23-4dc2-80a7-db38003adc36/icon_travel_poi-berlin-alternative.png
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
1af83a897c5f0ec33b084db0fd0abd60c9561ac6925813b3afe9af7f1bd3a969
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
private, no-transform, max-age=535289
expires
Mon, 23 Dec 2024 18:49:27 GMT
access-control-allow-origin
https://www.bahn.de
content-length
4460
x-serial
1338
date
Tue, 17 Dec 2024 14:07:58 GMT
last-modified
Fri, 25 Oct 2024 04:45:32 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
sameorigin
panthermedia_135167_3072x2048.jpg
assets.static-bahn.de/.imaging/focalpoint/640x320/dam/jcr:fa5be363-4a0e-4b5d-99c1-60b960dd3440/ 		63 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/640x320/dam/jcr:fa5be363-4a0e-4b5d-99c1-60b960dd3440/panthermedia_135167_3072x2048.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
fa719abef912812a769034b4c3b073e4f81647d132028b610f7ee1b47e617933
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
private, no-transform, max-age=1042954
expires
Sun, 29 Dec 2024 15:50:32 GMT
access-control-allow-origin
https://www.bahn.de
content-length
65009
date
Tue, 17 Dec 2024 14:07:58 GMT
last-modified
Sat, 02 Nov 2024 15:53:45 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
sameorigin
social-media-icons-bdbca9eb.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		9 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/social-media-icons-bdbca9eb.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
bdbca9ebb7897ae1c6c7a28be71388b2cd67d66cbacb176ed3808310e93c9ed8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=ee96e29bcbca9705
content-length
3671
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Wed, 03 Jul 2024 07:41:40 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
footer-image-bar-a1670e95.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/footer-image-bar-a1670e95.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
a1670e95449d401ce6259e0ff78d978284b5c2ef978570a0df4dcdb810620e7d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=5be4810261885c07
content-length
507
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
text/css;charset=UTF-8
last-modified
Mon, 30 Sep 2024 02:57:18 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
paypal.svg
assets.static-bahn.de/dam/jcr:41560da4-1f88-47f5-be6a-6a8db627f24f/ 		11 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/dam/jcr:41560da4-1f88-47f5-be6a-6a8db627f24f/paypal.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
e349f08ef2bbd0b0cbf65b912d0d1a9a6409253b7ab8e979473e0c3ce5deea07
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de tealium:; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Thu, 16 Jan 2025 14:07:58 GMT
server-timing
intid;desc=c4ca6f85f19be341
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
image/svg+xml;charset=UTF-8
content-disposition
attachment; filename="paypal.svg"
vary
Accept-Encoding
last-modified
Tue, 07 May 2024 07:24:48 GMT
x-frame-options
sameorigin
strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de tealium:; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2592000
access-control-allow-origin
https://www.bahn.de
content-length
4621
x-xss-protection
1; mode=block
icon_action_credit-card_1z1_fix.svg
assets.static-bahn.de/dam/jcr:edff799a-7517-4bff-9655-e569cb1269d9/ 		2 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/dam/jcr:edff799a-7517-4bff-9655-e569cb1269d9/icon_action_credit-card_1z1_fix.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
e3b61a0d1104a1e7143331130d523d2818cd93b466fbafd28034250ad09f7522
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2592000
x-content-type-options
nosniff
expires
Thu, 16 Jan 2025 14:07:58 GMT
server-timing
intid;desc=416d9aceb4b7a623
access-control-allow-origin
https://www.bahn.de
content-length
2531
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
image/svg+xml;charset=UTF-8
content-disposition
attachment; filename="icon_action_credit-card_1z1_fix.svg"
last-modified
Tue, 07 May 2024 07:26:09 GMT
x-frame-options
sameorigin
icon_action_SEPA_1z1_fix.svg
assets.static-bahn.de/dam/jcr:0850a93d-94a7-4d9c-88b4-23735103fa58/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/dam/jcr:0850a93d-94a7-4d9c-88b4-23735103fa58/icon_action_SEPA_1z1_fix.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
8d5865f67a25e1a395c3acff873f8a053bf8e1ee45028fce3de94348d92c8705
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de tealium:; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Thu, 16 Jan 2025 14:07:58 GMT
server-timing
intid;desc=0ddef65985980f49
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
image/svg+xml;charset=UTF-8
content-disposition
attachment; filename="icon_action_SEPA_1z1_fix.svg"
vary
Accept-Encoding
last-modified
Tue, 07 May 2024 07:26:17 GMT
x-frame-options
sameorigin
strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de tealium:; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2592000
access-control-allow-origin
https://www.bahn.de
content-length
1567
x-xss-protection
1; mode=block
icon_action_apple-pay_1z1_fix.svg
assets.static-bahn.de/dam/jcr:bf72ae9d-3274-4e8a-af14-1b5d88ca5ae7/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/dam/jcr:bf72ae9d-3274-4e8a-af14-1b5d88ca5ae7/icon_action_apple-pay_1z1_fix.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
b76a5e8ca4f9a0e58f9eb8b3c80c47dd7cf499386bfd8078f4e842b712324a6f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Thu, 16 Jan 2025 14:07:58 GMT
server-timing
intid;desc=150afd989630a2ff
date
Tue, 17 Dec 2024 14:07:58 GMT
last-modified
Tue, 07 May 2024 07:26:41 GMT
content-type
image/svg+xml;charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="icon_action_apple-pay_1z1_fix.svg"
x-frame-options
sameorigin
strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2592000
access-control-allow-origin
https://www.bahn.de
content-length
1264
x-xss-protection
1; mode=block
Bonvoyo-Pay-Chip_1z1_fix.svg
assets.static-bahn.de/dam/jcr:e6ec7ff7-1d87-4d66-b15c-3bfaf6d8c62b/ 		1 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/dam/jcr:e6ec7ff7-1d87-4d66-b15c-3bfaf6d8c62b/Bonvoyo-Pay-Chip_1z1_fix.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
9b8d845a3296010c1c63682b0ad2201f3b7103732cefb5ed3197fa95bea84ed8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2592000
x-content-type-options
nosniff
expires
Thu, 16 Jan 2025 14:07:58 GMT
server-timing
intid;desc=2ae2fe34041e54a5
access-control-allow-origin
https://www.bahn.de
content-length
1326
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
image/svg+xml;charset=UTF-8
content-disposition
attachment; filename="Bonvoyo-Pay-Chip_1z1_fix.svg"
last-modified
Tue, 12 Nov 2024 12:44:37 GMT
x-frame-options
sameorigin
scripts-3f4d8f4a.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		154 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
8c89815d2455181e61728f79dd1cb15013212119c617f55ad57ecfd271b16109
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=44a2c8f3e84d6479
access-control-allow-origin
*
content-length
56830
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
N6GiRGYhQB
www.bahn.de/9G22wU-N/0bg/fvQ/5yCfmEvLqW/YO7bXJczw4Dw/BCxDFUhs/Ri/ 		321 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/9G22wU-N/0bg/fvQ/5yCfmEvLqW/YO7bXJczw4Dw/BCxDFUhs/Ri/N6GiRGYhQB
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
e9d002f95e3eed117de92953f76a68dc1b6e0026c1fd23482f9ae2ddee80f190
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-xss-protection
1; mode=block
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
cache-control
max-age=21600
content-encoding
br
x-content-type-options
nosniff
expires
Wed, 15 Jan 2025 15:16:23 GMT
content-length
110099
date
Tue, 17 Dec 2024 14:07:58 GMT
stored-attribute-sha-checksum
e9d002f95e3eed117de92953f76a68dc1b6e0026c1fd23482f9ae2ddee80f190
last-modified
Wed, 11 Dec 2024 19:17:15 GMT
content-type
application/javascript
time-to-live-seconds
2001685
truncated
/ 		364 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e0c58646f6d51cae4b6a321a4cda8506061527ec8ed23b7bd6ecf3467e99a0e4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		455 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80da003d8010021f3babdeafc674e173263d44a224d742b2499ea57e5ef09b19

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		45 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bc25addd219ee127babf8f983627baefcceb59f88331ca84d393b9fc619c5e7e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer

Response headers

Content-Type
application/x-font-woff2;charset=utf-8
truncated
/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5584fe2257cfa5c4adb5512df868b82272393a03b87f977730f8084b5c393e2c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer

Response headers

Content-Type
application/x-font-woff2;charset=utf-8
truncated
/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8086f37b2fef5219c0b43c66e419e6e1825aabd68be129ed32a07ed15a5a594b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer

Response headers

Content-Type
application/x-font-woff2;charset=utf-8
chunk-Q7LAKEGH-5c678bb5.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		26 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/chunk-Q7LAKEGH-5c678bb5.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
437f5e58f4b18b42e0b4714a0ff5821529c3298e92b861c10388d82ab44a64f8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/auth-88794bbc.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=dba8e502837b8b53
access-control-allow-origin
*
content-length
10376
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
initUserContextService-cb2c61b0.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		67 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/initUserContextService-cb2c61b0.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
008c86a47b984b5509beb87fb2ce43060c8e6c5d126c690b9e01a24c152687ee
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/auth-88794bbc.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=45dd678272080ab7
access-control-allow-origin
*
content-length
24167
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Wed, 04 Dec 2024 16:41:30 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
isGkAdmin-5b6db602.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		11 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/isGkAdmin-5b6db602.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
96ec6a7dd6ee10a3e14f53801dd7140646fc4f0384d8c3cd51bf6eaa6917eed4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/auth-88794bbc.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=07cd586816255c2b
access-control-allow-origin
*
content-length
4815
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
N6GiRGYhQB
www.bahn.de/9G22wU-N/0bg/fvQ/5yCfmEvLqW/YO7bXJczw4Dw/BCxDFUhs/Ri/ 		18 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/9G22wU-N/0bg/fvQ/5yCfmEvLqW/YO7bXJczw4Dw/BCxDFUhs/Ri/N6GiRGYhQB
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/9G22wU-N/0bg/fvQ/5yCfmEvLqW/YO7bXJczw4Dw/BCxDFUhs/Ri/N6GiRGYhQB
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.bahn.de/

Response headers

x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
access-control-allow-credentials
true
x-content-type-options
nosniff
x_req_id
659dd82f-bd67-4900-a73f-2f1a5a47e9fb
access-control-allow-origin
https://www.bahn.de
content-length
18
date
Tue, 17 Dec 2024 14:07:58 GMT
x-xss-protection
1; mode=block
content-type
application/json
vary
Origin
access-control-allow-headers
Content-Type
truncated
/ 		516 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a60a6064ac1724bb0abd0c82cc440ed072cb972ec5262430b5b42c7c859d37d1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		208 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a30e6d88034ba9769cf08be9b3069814dfaf577fde4ad1d887b54abc2cdae057

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		548 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0e2fb2fa919688694a9e78981ffe2471094402e3e4b7918038f3eef7e9b07bd5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
385b89f7813e4dbf690ea1864d81549e33592c4e36c1f78de6b929cf7b8dfc66

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cb04d2be14960e9c632c828231484563e0ada2c15f8b43ab903328849be6ed61

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b432b7ab78b80c49e0893b5e1fb1c59a4a3341553f9617b628b34efcab3cff4c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a217d4782d409d6a264908367f91ebed4ccd62d8e7a645b68eda7c09e4ab49c9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
initTracking-ac6dfc7d.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		11 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/initTracking-ac6dfc7d.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
b128f300d0c17499e75251b4f35ff57185f26b27b4f83709fc17c15412b932f3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=546501df4ffcf949
content-length
4663
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
initDataLayer-1ac2185d.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		918 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/initDataLayer-1ac2185d.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
4a4ec7f60674089e5e12a8687cacd6350ddb55afde1467473dcf040eb77b237c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:58 GMT
server-timing
intid;desc=58bd9fb9b83c5ff7
access-control-allow-origin
*
content-length
478
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:58 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
navigation
www.bahn.de/.rest/ 		15 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.rest/navigation?root=a5a66ce9-1eaa-41d7-87d4-1c9e52ea2bb1&site=next-bahn-de&lang=de
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
e71b698c8d623cc25ccbfb1233c62d384a89ffbaddd4ace33e96a489b8addb6a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=277
content-encoding
gzip
x-content-type-options
nosniff
expires
Tue, 17 Dec 2024 14:12:36 GMT
server-timing
intid;desc=0bfbb4a497fe4a43, intid;desc=0bfbb4a497fe4a43
content-length
2662
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/json;charset=UTF-8
last-modified
Tue, 17 Dec 2024 14:07:21 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
accordion-c7a68c8e.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/accordion-c7a68c8e.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
4318ca74380b4528995463730e707813bff0c68437a6c88dcef6a4d8fe4ea39e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=dd5c3017a14f840d
access-control-allow-origin
*
content-length
1375
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
app-popup.vue-535b46ed.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		14 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-popup.vue-535b46ed.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
46e864b0635ccd6fa95713db12756bc277f1f752dfa0b5d846a1f6c050334e3b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=46f51dac960c1071
access-control-allow-origin
*
content-length
5233
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
slider-4507b279.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		397 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/slider-4507b279.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
b49ed5da77ae443d672a48773280af079ff68efdc9ab83ba97e576587bce4625
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=16086fc95582cacb
access-control-allow-origin
*
content-length
295
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
contentTeaserDropdown-1e1c4cc1.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/contentTeaserDropdown-1e1c4cc1.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
5b799ccd31a3b42e7cef954f06f3eafb1072334f722874573dd1b9bfbc21a160
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=486a886e73d69c35
content-length
732
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 30 Aug 2024 07:55:29 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
defineAuthButtonWebComponent-71cbdb39.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/defineAuthButtonWebComponent-71cbdb39.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
298a01f7d41b31d86637c793d92d3b87fb2a16844e73f3c608e71d4d7408d397
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=23de516404115bdf
access-control-allow-origin
*
content-length
1854
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
app-crm-teaser.vue-de673806.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-crm-teaser.vue-de673806.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
c6bdf99912aec10086b76d16e7c268a907a1003dead535b6df24feaade8c68a2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=aa132385f32e716b
content-length
1574
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
app-teaser-block-rondell.vue-ab27252d.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-teaser-block-rondell.vue-ab27252d.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
4444e84c7cf4693969f47c39937963860815c7f7a7a733f78423ac5de282856f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=75ace61e38d0823d
content-length
1003
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
app-co2-uhr.vue-9a19f99d.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		28 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-co2-uhr.vue-9a19f99d.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
046c459d461272639967c2f2ebef9384e4e679aa8cf947fe7e923ccbe238d66a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=d6a9692dd3996009
content-length
7999
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
wcagContentLink-c742f10f.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		268 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/wcagContentLink-c742f10f.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
8746be007a504a31a049853ffde3017ea0e55c666a0395eda49f9a6b81bbcab7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-3f4d8f4a.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=6851020f381dc89d
content-length
212
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Mon, 17 Jun 2024 14:42:33 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
index.html
www.bahn.de/.resources/bahn-common/webresources/storage/ Frame E23B 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common/webresources/storage/index.html
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/initTracking-ac6dfc7d.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
4f4d7324dacf6c67610831575018bec9b587949e7a879b124ffd7d6e30cf5edd
Security Headers
Name Value
Content-Security-Policy default-src 'self' p11.techlab-cdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' p11.techlab-cdn.com; frame-ancestors 'self' https:; img-src 'self' data:; object-src 'none';
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
public, max-age=300
content-encoding
gzip
content-length
926
content-security-policy
default-src 'self' p11.techlab-cdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' p11.techlab-cdn.com; frame-ancestors 'self' https:; img-src 'self' data:; object-src 'none';
content-type
text/html;charset=UTF-8
date
Tue, 17 Dec 2024 14:07:59 GMT
expires
Tue, 17 Dec 2024 14:12:59 GMT
last-modified
Wed, 23 Oct 2024 14:53:28 GMT
server-timing
intid;desc=98aa20d8ab682e31
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-akamai-transformed
9l 762 0 pmb=mTOE,1
x-content-type-options
nosniff
x-frame-options
sameorigin SAMEORIGIN
x-xss-protection
1; mode=block
utag.js
cms.static-bahn.de/tms/next-main/ 		248 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.static-bahn.de/tms/next-main/utag.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
88cefb63e5cc4eae461256d5effe49cf1203303f39a3690e452692ec3e03475d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
cache-control
max-age=0, no-cache
content-encoding
gzip
x-amz-version-id
QU44zk9_KFxDdnDio_h8uYEIO5DFFxNd
etag
W/"f5f20dc0fdd577ae5569811f91032c99"
pragma
no-cache
expires
Tue, 17 Dec 2024 14:07:59 GMT
content-length
69388
x-amz-cf-id
uG6biaxh4NXMVR2XvIFnPi-YNMJ5VinId67-IzGUxD8vESvahsxsEw==
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
text/javascript
last-modified
Tue, 10 Dec 2024 10:40:13 GMT
vary
Accept-Encoding
x-amz-cf-pop
FRA53-C1
x-amz-server-side-encryption
AES256
openid-configuration
accounts.bahn.de/auth/realms/db/.well-known/ 		9 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://accounts.bahn.de/auth/realms/db/.well-known/openid-configuration
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/initUserContextService-cb2c61b0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a298 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
6dca5ff62a7dbef057083c6f43d725f826c63a32197b6122fb6e015402fca77d
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://*.hcaptcha.com
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=16070400; includeSubDomains
cache-control
max-age=86400
content-encoding
gzip
access-control-allow-credentials
true
referrer-policy
no-referrer
x-content-type-options
nosniff
access-control-allow-origin
https://www.bahn.de
server-timing
intid;desc=a06e324817884da4, intid;desc=a06e324817884da4
content-length
2321
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/json;charset=UTF-8
vary
Origin, Accept-Encoding
x-frame-options
ALLOW-FROM https://*.hcaptcha.com
2becfbb420e6838cfd97566078369c14b6ed0011a38979
www.bahn.de/static/ Frame E23B 		155 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/static/2becfbb420e6838cfd97566078369c14b6ed0011a38979
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common/webresources/storage/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
085ab86e9b7c58da258f1889ec3487896df78fa4464412ea8861c18d8b415463
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/.resources/bahn-common/webresources/storage/index.html

Response headers

content-md5
5tSoYDQElgqdjPADt8ytlg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
etag
0x8DBD0917E1AA63B
access-control-allow-methods
GET, POST, HEAD
x-content-type-options
nosniff
expires
Tue, 17 Dec 2024 14:17:59 GMT
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript
last-modified
Thu, 19 Oct 2023 10:52:30 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
cache-control
max-age=600
timing-allow-origin
*
access-control-allow-origin
*
content-length
55885
x-xss-protection
1; mode=block
N6GiRGYhQB
www.bahn.de/9G22wU-N/0bg/fvQ/5yCfmEvLqW/YO7bXJczw4Dw/BCxDFUhs/Ri/ Frame E23B 		321 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/9G22wU-N/0bg/fvQ/5yCfmEvLqW/YO7bXJczw4Dw/BCxDFUhs/Ri/N6GiRGYhQB
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common/webresources/storage/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
e9d002f95e3eed117de92953f76a68dc1b6e0026c1fd23482f9ae2ddee80f190
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/.resources/bahn-common/webresources/storage/index.html

Response headers

x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-xss-protection
1; mode=block
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
cache-control
max-age=21600
content-encoding
br
x-content-type-options
nosniff
expires
Wed, 15 Jan 2025 15:16:23 GMT
content-length
110099
date
Tue, 17 Dec 2024 14:07:59 GMT
stored-attribute-sha-checksum
e9d002f95e3eed117de92953f76a68dc1b6e0026c1fd23482f9ae2ddee80f190
last-modified
Wed, 11 Dec 2024 19:17:15 GMT
content-type
application/javascript
time-to-live-seconds
2001685
adjustArrowsComponent-7e505fa8.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		28 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/adjustArrowsComponent-7e505fa8.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
bdd308f8bf48fd7673784e966b0b7188e228bf69edabdaaa7a74670cf684dfdf
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/slider-4507b279.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=fbba167d333aa8df
content-length
8595
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
TeaserSlider.vue_vue_type_script_setup_true_lang-a8e902e8.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		10 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/TeaserSlider.vue_vue_type_script_setup_true_lang-a8e902e8.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
7438e5ec695df692c4e3688d2dedfc77fd5940717996f96b2a76090ab3fd30dc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-crm-teaser.vue-de673806.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=b59401caea65b29d
content-length
3462
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
CrmContentTeaser.vue_vue_type_script_setup_true_lang-aae8759a.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		6 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/CrmContentTeaser.vue_vue_type_script_setup_true_lang-aae8759a.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
79f89ebff0d1886fa7102a0a8a1192910c87d7ed436e7daa612eef9eb75b1932
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-crm-teaser.vue-de673806.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=f4f605728031b34f
access-control-allow-origin
*
content-length
2148
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
useScreenReader-95c30407.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		337 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/useScreenReader-95c30407.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
192f5d45731ec93d84951c1a6c410bf0bd7db929c1b2bc18b8291613f3afe32f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-crm-teaser.vue-de673806.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=4743253620415ca7
access-control-allow-origin
*
content-length
208
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Mon, 29 Jan 2024 21:43:25 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
vSafeHtml-9a1bd5eb.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		21 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/vSafeHtml-9a1bd5eb.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
e2205ded16b7420a1d0a1a7e627db7d487fa36f8a77e13acd186f75049c4cc96
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-crm-teaser.vue-de673806.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=bba7d9b9a2b43335
access-control-allow-origin
*
content-length
8575
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 15 Nov 2024 13:56:46 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
Headline.vue_vue_type_script_setup_true_lang-3832d18b.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		458 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/Headline.vue_vue_type_script_setup_true_lang-3832d18b.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
e653cd8630de5a2d4b45c67cb919d524c3bba8c110730675001b6cdd3e2425c0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-crm-teaser.vue-de673806.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=932784e105bc5f05
access-control-allow-origin
*
content-length
336
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
userStore-d622652a.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		1 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/userStore-d622652a.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
8bbb9cea022d13e6474dd717ce4487deeeff1dabfae475fb2ecdb696239d4c89
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/defineAuthButtonWebComponent-71cbdb39.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=a6f28dc8dcd3363f
access-control-allow-origin
*
content-length
814
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
emptyUser-d56e155b.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		207 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/emptyUser-d56e155b.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
eec5b615214dd209e183d3257fa2d138b66c701a43bc036f2198e88e86583681
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/defineAuthButtonWebComponent-71cbdb39.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=d5875ba096d9019f
content-length
195
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
TeaserBlockRondell.vue_vue_type_script_setup_true_lang-d5b04a08.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/TeaserBlockRondell.vue_vue_type_script_setup_true_lang-d5b04a08.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
1136d63d2b26dbdf07518bbfdca50b00e00fff1d3f269e77a67d7935ceee5dbc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-teaser-block-rondell.vue-ab27252d.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=3f0e9749f2fc5327
content-length
884
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
useViewSize-21c43915.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		286 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/useViewSize-21c43915.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
cc20afc35842277ea302ac2b748d8017851d15488f69c7215dfd8aa8cdfba801
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-teaser-block-rondell.vue-ab27252d.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=1069f1a49ac3442f
content-length
239
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
useTracking-589d0e18.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		234 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/useTracking-589d0e18.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
844fa214daa5de5146be26f2dd6b9d826ea70c742fd55d8f0dee3e4b4a92973a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-co2-uhr.vue-9a19f99d.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=0f86776b908962b7
content-length
208
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
CircleLoader-373d5da2.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		424 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/CircleLoader-373d5da2.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
700e5cceb6acafc0f712b5518697cf267aa143302657c05c0be71548aeb8dfad
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-co2-uhr.vue-9a19f99d.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=e6a6de4962457a5d
content-length
281
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 06 Dec 2024 16:28:44 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
_plugin-vue_export-helper-c27b6911.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		154 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/_plugin-vue_export-helper-c27b6911.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
16fe62a5dfa72c729dce93e90845e370cc8de5ec7a44157fa6f89b6cc5808b2b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-co2-uhr.vue-9a19f99d.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:07:59 GMT
server-timing
intid;desc=0a6a106ec3e4cf13
access-control-allow-origin
*
content-length
157
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Mon, 17 Jun 2024 14:42:33 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
65319_1825202461.js
p11.techlab-cdn.com/e/ Frame E23B 		54 KB
18 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://p11.techlab-cdn.com/e/65319_1825202461.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/static/2becfbb420e6838cfd97566078369c14b6ed0011a38979
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f145 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
ad80a3f6b1b1b869088b872381b3179a21dccc4e465ec0a00c92824f6462c258

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-md5
TBz6CQ/Qf16sF8+q5U3Ixg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control
max-age=600
content-encoding
gzip
etag
"0x8DA7C6E5C88AF92"
timing-allow-origin
*
access-control-allow-methods
GET, POST, HEAD
expires
Tue, 17 Dec 2024 14:17:59 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
18223
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript
last-modified
Fri, 12 Aug 2022 14:24:26 GMT
vary
Accept-Encoding
65257_1825232097.js
p11.techlab-cdn.com/e/ Frame E23B 		14 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://p11.techlab-cdn.com/e/65257_1825232097.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/static/2becfbb420e6838cfd97566078369c14b6ed0011a38979
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f145 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
74a7a53097f5335e794968f4f7c27d089701fd635c8698c5f5fda7f30356cacb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-md5
7rdGFe+/Y2zHt4sXxqkzxw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=600
content-encoding
gzip
etag
0x8DAD39902829531
timing-allow-origin
*
access-control-allow-methods
GET, POST, HEAD
expires
Tue, 17 Dec 2024 14:17:59 GMT
access-control-allow-origin
*
content-length
6061
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript
last-modified
Thu, 01 Dec 2022 12:38:55 GMT
vary
Accept-Encoding
64885_1825202523.js
p11.techlab-cdn.com/e/ Frame E23B 		3 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://p11.techlab-cdn.com/e/64885_1825202523.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/static/2becfbb420e6838cfd97566078369c14b6ed0011a38979
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f145 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
422aa4e7ba5ff626a830dbbee358cb5055122a03b5c36b5f7608e1b34999e529

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-md5
DnvBZTKTbXGPNtxH2P6zMg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control
max-age=600
content-encoding
gzip
etag
"0x8DA25E9F9A41165"
timing-allow-origin
*
access-control-allow-methods
GET, POST, HEAD
expires
Tue, 17 Dec 2024 14:17:59 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
1470
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript
last-modified
Sun, 24 Apr 2022 12:00:07 GMT
vary
Accept-Encoding
65226_1825232035.js
p11.techlab-cdn.com/e/ Frame E23B 		70 KB
33 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://p11.techlab-cdn.com/e/65226_1825232035.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/static/2becfbb420e6838cfd97566078369c14b6ed0011a38979
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f145 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
724be3f7bc4ed3c63fc7680e963cc7c365190de82c1e00556d2ed89b35704c5c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-md5
8btfM5t1CjV45yZpx6RBaA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=600
content-encoding
gzip
etag
0x8DB99BC33706E1B
timing-allow-origin
*
access-control-allow-methods
GET, POST, HEAD
expires
Tue, 17 Dec 2024 14:17:59 GMT
access-control-allow-origin
*
content-length
33063
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
application/javascript
last-modified
Thu, 10 Aug 2023 16:09:39 GMT
vary
Accept-Encoding
consent-layer-loader.js
cms.static-bahn.de/cms/consent-layer/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-loader.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
62c132202985bafb7871640c8e3e686baef752615aa7a5d7d8e855b3170d7860
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
cache-control
max-age=31536000
content-encoding
gzip
x-amz-version-id
5CkQ4ThTdbvec21IQtOK.CsiFHzATWgh
etag
W/"b4f9005ef5124798f3b7b45605b23d63"
expires
Wed, 17 Dec 2025 14:07:59 GMT
content-length
2496
x-amz-cf-id
9N-sw-dMOie7eIgUXXrk9DveLXiVfog1gFZt3JQaZXk7TSBqeTihnQ==
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
text/javascript
last-modified
Wed, 27 Nov 2024 13:49:12 GMT
vary
Accept-Encoding
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
1x1.gif
cdn-at.bahn.de/
Redirect Chain
  • https://at.bahn.de/ccrm
  • https://cdn-at.bahn.de/1x1.gif
799 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-at.bahn.de/1x1.gif
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/
Protocol
H2
Server
2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
86927cafa657ae14a28bdca63befb837251fc4ce67683aa19fdccf4d1bfeef3b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

x-77-age
439185
x-77-nzt
A8O1ryc3Nzf/kbMGAJySIR83Nzf/OiMFAG09WgL+6XAA
etag
"07b81fc1dad971b1c82bff6798131113-1"
x-77-cache
HIT
x-amz-request-id
tx0000092244652ce7b2e70-006693d483-642d55a-prg
accept-ranges
bytes
x-77-pop
frankfurtDE
content-length
799
date
Tue, 17 Dec 2024 14:07:59 GMT
x-rgw-object-type
Normal
content-type
image/gif
last-modified
Tue, 09 Jan 2024 16:31:09 GMT
x-77-nzt-ray
25b02131c92549dbbf856167ff74f72d
server
CDN77-Turbo

Redirect headers

Transfer-Encoding
chunked
Cache-Control
max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Location
https://cdn-at.bahn.de/1x1.gif
Pragma
no-cache
Connection
close
cross-origin-resource-policy
cross-origin
X-Content-Type-Options
nosniff
Expires
Mon, 26 Jul 1997 05:00:00 GMT
P3P
policyref="https://at.bahn.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Date
Tue, 17 Dec 2024 14:07:58 GMT
X-Xss-Protection
0
Content-Type
text/html; charset=utf-8
Last-Modified
Di, 17 Dez 2024 02:07:59 GMT
utag.1.js
cms.static-bahn.de/tms/next-main/ 		72 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.static-bahn.de/tms/next-main/utag.1.js?utv=ut4.51.202411191152
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/tms/next-main/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
bef4a1a768c5ca55179d9e95790a800ecb0d2591e3c08ca626ea5bfc97f729be
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
cache-control
max-age=0, no-cache
content-encoding
gzip
x-amz-version-id
AZm09XZDLrFip0PlCxLxS8aKXvj1mRV9
etag
W/"659532a241939176b9351886ba35fabb"
pragma
no-cache
expires
Tue, 17 Dec 2024 14:07:59 GMT
content-length
23223
x-amz-cf-id
GHExmVrZwcOPbJLPiHqBykErEulqkr8VblEhkI6pZY8qtgH62ZEN6Q==
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
text/javascript
last-modified
Tue, 10 Dec 2024 10:40:13 GMT
vary
Accept-Encoding
x-amz-cf-pop
AMS1-P3
x-amz-server-side-encryption
AES256
utag.11.js
cms.static-bahn.de/tms/next-main/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.static-bahn.de/tms/next-main/utag.11.js?utv=ut4.51.202408221218
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/tms/next-main/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
7bb74e705e07e7b217429fa32c5b8cc4abf359110cb3082e5db73e5af105e25b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
cache-control
max-age=0, no-cache
content-encoding
gzip
x-amz-version-id
B3jjYn_HllKl_MKk1CHrmU2rBvkSD9Tn
etag
W/"74e07c9fbab6a13d1dc0150a1149586a"
pragma
no-cache
expires
Tue, 17 Dec 2024 14:07:59 GMT
content-length
1468
x-amz-cf-id
sYwJ_BLU5n93Nk3JFzZ0N9BSQu-nVKIcn4qzJ7IAmsGo2O2EuvcSPQ==
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
text/javascript
last-modified
Tue, 10 Dec 2024 10:40:13 GMT
vary
Accept-Encoding
x-amz-cf-pop
FRA60-P7
x-amz-server-side-encryption
AES256
N6GiRGYhQB
www.bahn.de/9G22wU-N/0bg/fvQ/5yCfmEvLqW/YO7bXJczw4Dw/BCxDFUhs/Ri/ Frame E23B 		18 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/9G22wU-N/0bg/fvQ/5yCfmEvLqW/YO7bXJczw4Dw/BCxDFUhs/Ri/N6GiRGYhQB
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/static/2becfbb420e6838cfd97566078369c14b6ed0011a38979
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.bahn.de/.resources/bahn-common/webresources/storage/index.html

Response headers

x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
access-control-allow-credentials
true
x-content-type-options
nosniff
x_req_id
3eebdaf7-f1b4-4b2e-8d9d-ab9beb168a60
access-control-allow-origin
https://www.bahn.de
content-length
18
date
Tue, 17 Dec 2024 14:07:59 GMT
x-xss-protection
1; mode=block
content-type
application/json
vary
Origin
access-control-allow-headers
Content-Type
consent-layer-standalone.7717b916fabb62210d3c.js
cms.static-bahn.de/cms/consent-layer/js/ 		177 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-standalone.7717b916fabb62210d3c.js
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-loader.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
3f7124c623773a5c5ce4d2f5e583f17bb84b2a34b1500689e2bb059803a1797d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
cache-control
max-age=31536000
content-encoding
gzip
etag
W/"411765a32d25158cb1187215f01c2c6e"
x-amz-version-id
U5CU5AthKfoMIuxlbZCp0dihpyd9gmCm
expires
Wed, 17 Dec 2025 14:07:59 GMT
content-length
134029
x-amz-cf-id
grtaT2AF7wv7Y4kFV776rXkY-7_RtwcDcE6tEli5t94ErS6jW-byoA==
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
text/javascript
last-modified
Tue, 01 Oct 2024 13:12:13 GMT
vary
Accept-Encoding
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
consent-layer.36e51dbb907185ca80ea.js
cms.static-bahn.de/cms/consent-layer/js/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.static-bahn.de/cms/consent-layer/js/consent-layer.36e51dbb907185ca80ea.js
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-loader.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
e766fb359568beeb057cad763aad94c203879805aa2ef226fa22718e2bda9d07
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
cache-control
max-age=31536000
content-encoding
gzip
x-amz-version-id
80Oj3ytmSQuZnxqh7A45fb4IFUyAPWUe
etag
W/"8afba61e81e69e5e64f56f005c40f9e8"
expires
Wed, 17 Dec 2025 14:07:59 GMT
content-length
6858
x-amz-cf-id
B3HEWpvbpnM4y6Ka77X5Us-JVAWVCCunHl8QmLDbbG5XVjH9sVMfpw==
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
text/javascript
last-modified
Wed, 27 Nov 2024 13:49:12 GMT
vary
Accept-Encoding
x-amz-cf-pop
FRA56-P4
x-amz-server-side-encryption
AES256
auth.v1.html
www.bahn.de/.resources/bahn-common-light/webresources/assets/html/ Frame 6F41
Redirect Chain
  • https://accounts.bahn.de/auth/realms/db/protocol/openid-connect/auth?redirect_uri=https%3A%2F%2Fwww.bahn.de%2F.resources%2Fbahn-common-light%2Fwebresources%2Fassets%2Fhtml%2Fauth.v1.html&client_id=...
  • https://www.bahn.de/.resources/bahn-common-light/webresources/assets/html/auth.v1.html
0
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/assets/html/auth.v1.html
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/initUserContextService-cb2c61b0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
public, max-age=31536000
content-encoding
gzip
content-length
20
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-type
text/html;charset=UTF-8
date
Tue, 17 Dec 2024 14:07:59 GMT
expires
Wed, 17 Dec 2025 14:07:59 GMT
last-modified
Fri, 22 Sep 2023 07:01:04 GMT
server-timing
intid;desc=81908a809e081207
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mTOE,1
x-content-type-options
nosniff
x-frame-options
sameorigin SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-store, must-revalidate, max-age=0
content-length
0
date
Tue, 17 Dec 2024 14:07:59 GMT
location
https://www.bahn.de/.resources/bahn-common-light/webresources/assets/html/auth.v1.html#error=login_required&state=9E4xJAFNPP&iss=https%3A%2F%2Faccounts.bahn.de%2Fauth%2Frealms%2Fdb
referrer-policy
no-referrer
server-timing
intid;desc=481673dda421a71d intid;desc=481673dda421a71d
strict-transport-security
max-age=16070400; includeSubDomains
x-content-type-options
nosniff
x-xss-protection
1; mode=block
4.9c8bc8dc11ca483724ec.js
cms.static-bahn.de/cms/consent-layer/js/ 		188 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.static-bahn.de/cms/consent-layer/js/4.9c8bc8dc11ca483724ec.js
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-loader.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
e5e35fc8bfa93524820225bb7c6aef150b37341ac1fb064744aaf3313e13de78
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
cache-control
max-age=31536000
content-encoding
gzip
x-amz-version-id
JWrpAGTB8Tk56a7Cam.BuRiCbuQjXJvB
etag
W/"48737c1dbf20650eedc1ee39850a1bc9"
expires
Wed, 17 Dec 2025 14:07:59 GMT
content-length
137259
x-amz-cf-id
uTJ_8I4xmrbxR8cIPQs1-YqThAUKfG2ogkhMA-tBdIRFVO5jGExOPQ==
date
Tue, 17 Dec 2024 14:07:59 GMT
content-type
text/javascript
last-modified
Wed, 27 Nov 2024 13:49:12 GMT
vary
Accept-Encoding
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
truncated
/ 		208 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9ba7319051bb586b77a46b5aa7a664f577f1e95a78be1129f12476deeef241c7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
N6GiRGYhQB
www.bahn.de/9G22wU-N/0bg/fvQ/5yCfmEvLqW/YO7bXJczw4Dw/BCxDFUhs/Ri/ 		18 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/9G22wU-N/0bg/fvQ/5yCfmEvLqW/YO7bXJczw4Dw/BCxDFUhs/Ri/N6GiRGYhQB
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/9G22wU-N/0bg/fvQ/5yCfmEvLqW/YO7bXJczw4Dw/BCxDFUhs/Ri/N6GiRGYhQB
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.bahn.de/

Response headers

x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
access-control-allow-credentials
true
x-content-type-options
nosniff
x_req_id
f9b48a3d-a531-4b6b-8447-2fc01d16ac32
access-control-allow-origin
https://www.bahn.de
content-length
18
date
Tue, 17 Dec 2024 14:08:00 GMT
x-xss-protection
1; mode=block
content-type
application/json
vary
Origin
access-control-allow-headers
Content-Type
c7cb42b4-a325-4d47-8a50-9d1fc0c566ea
https://www.bahn.de/ Frame 		0
0
CO2Uhr_Hintergrund_abgedunkelt%20(1).jpeg
assets.static-bahn.de/.imaging/focalpoint/1280x440/dam/jcr:e21b6e1d-c3e8-4a94-ac24-25bfedb30fb2/ 		24 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/1280x440/dam/jcr:e21b6e1d-c3e8-4a94-ac24-25bfedb30fb2/CO2Uhr_Hintergrund_abgedunkelt%20(1).jpeg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
c2be139b6050da9378be40d66b19404cbb665e6f1af561da0acbd4953e21a1d2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
private, no-transform, max-age=289806
expires
Fri, 20 Dec 2024 22:38:05 GMT
access-control-allow-origin
https://www.bahn.de
content-length
24246
x-serial
2024
date
Tue, 17 Dec 2024 14:07:59 GMT
last-modified
Wed, 20 Nov 2024 22:38:06 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
sameorigin
user-context-data
www.bahn.de/web/api/kundenkonto/ 		90 B
879 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/web/api/kundenkonto/user-context-data
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/initUserContextService-cb2c61b0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
efb6f8479192826d16401c81a6d66e06b75793cf696d4cd917084715316a4df8
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/
x-correlation-id
1c22b8db-101a-4d48-94b5-77d551f34288_6f643e26-48f3-4771-b9db-06d66d55dfbd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
accept
application/json;charset=utf-8
content-type
application/json;charset=utf-8

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
cache-control
private, max-age=60
etag
W/"5a-g3GO6Iib84nBrmVNuRHICMdTzDM"
x-content-type-options
nosniff
server-timing
intid;desc=76b3c682c72aecd6, intid;desc=76b3c682c72aecd6
content-length
90
date
Tue, 17 Dec 2024 14:08:00 GMT
x-xss-protection
1; mode=block
content-type
application/json; charset=utf-8
vary
accept,authorization,cookie
x-frame-options
SAMEORIGIN
truncated
/ 		448 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f7c24dba7a46112b0f5d36478b8329b6cb76304b48a1b8395b2c4b32b838ac1f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		536 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5d9306f5f844bdca438a99633a6ab1e553e33635d363c533897ceb536698d9e7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
Fa%CC%88cher_BC_Klassisch_Smartphone_2000x1000px2%201.jpg
assets.static-bahn.de/.imaging/focalpoint/752x376/dam/jcr:64d2be29-1b87-4710-967f-0b898868d42d/ 		8 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/752x376/dam/jcr:64d2be29-1b87-4710-967f-0b898868d42d/Fa%CC%88cher_BC_Klassisch_Smartphone_2000x1000px2%201.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
44ee59cbe10ad7cdf3b45f5d2b9f473f24731a3ee64542caf51e844ab8ab30a7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
private, no-transform, max-age=1638741
expires
Sun, 05 Jan 2025 13:20:21 GMT
access-control-allow-origin
https://www.bahn.de
content-length
7696
x-serial
1062
date
Tue, 17 Dec 2024 14:08:00 GMT
last-modified
Mon, 14 Oct 2024 04:51:57 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
sameorigin
Baustelle_DB225415_Header+St%C3%B6rer_4z2_c.jpg
assets.static-bahn.de/.imaging/focalpoint/752x376/dam/jcr:5d7aa809-ad5b-489b-b855-0491074b41fb/ 		18 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/752x376/dam/jcr:5d7aa809-ad5b-489b-b855-0491074b41fb/Baustelle_DB225415_Header+St%C3%B6rer_4z2_c.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
211809cce3f0505b31704d838afbf4622730f9bf7986795558a7ae5c17027425
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
private, no-transform, max-age=2067067
expires
Fri, 10 Jan 2025 12:19:07 GMT
access-control-allow-origin
https://www.bahn.de
content-length
18336
x-serial
417
date
Tue, 17 Dec 2024 14:08:00 GMT
last-modified
Tue, 24 Sep 2024 11:36:59 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
sameorigin
Engadin_Teaser.jpg
assets.static-bahn.de/.imaging/focalpoint/752x376/dam/jcr:f4324713-1f4d-47ed-b31e-8c7330cd40c6/ 		59 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/752x376/dam/jcr:f4324713-1f4d-47ed-b31e-8c7330cd40c6/Engadin_Teaser.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
a37350ea84b29b4a3e1937538ba4f316ff514e7226489f80dbdceba6f73ef536
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
private, no-transform, max-age=2105798
expires
Fri, 10 Jan 2025 23:04:38 GMT
access-control-allow-origin
https://www.bahn.de
content-length
60178
x-serial
149
date
Tue, 17 Dec 2024 14:08:00 GMT
last-modified
Wed, 11 Dec 2024 23:05:21 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
sameorigin
FV_2022_23_Mittleres_Alter_Alleinreisend_geniesst_Fahrt-0223_om.jpg
assets.static-bahn.de/.imaging/focalpoint/752x376/dam/jcr:017038e3-c1b7-4900-87f8-e473baf229b7/ 		21 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/752x376/dam/jcr:017038e3-c1b7-4900-87f8-e473baf229b7/FV_2022_23_Mittleres_Alter_Alleinreisend_geniesst_Fahrt-0223_om.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
979cf8e7aebcef80e442eb448aeca22cd0c199f0107cef9e19fc7c75e5fdae8b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
private, no-transform, max-age=755206
expires
Thu, 26 Dec 2024 07:54:46 GMT
access-control-allow-origin
https://www.bahn.de
content-length
21790
x-serial
933
date
Tue, 17 Dec 2024 14:08:00 GMT
last-modified
Fri, 01 Nov 2024 08:24:23 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
sameorigin
230221_Wagenreihung_Next_DB_Nav.png
assets.static-bahn.de/.imaging/focalpoint/752x376/dam/jcr:aab352f6-e21b-4c2a-8a08-ffa1a6d982f7/ 		10 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/752x376/dam/jcr:aab352f6-e21b-4c2a-8a08-ffa1a6d982f7/230221_Wagenreihung_Next_DB_Nav.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
74ed3da3c8d46f93e88789d8a9b07ed31e3033ad9b86a21f6c4c93958e235b78
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
private, no-transform, max-age=1280510
expires
Wed, 01 Jan 2025 09:49:50 GMT
access-control-allow-origin
https://www.bahn.de
content-length
10366
date
Tue, 17 Dec 2024 14:08:00 GMT
last-modified
Wed, 06 Nov 2024 23:05:55 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
sameorigin
Stillen_01103_sRGB.jpg
assets.static-bahn.de/.imaging/focalpoint/752x376/dam/jcr:43a25eb3-5192-493b-bfe1-9b429b594514/ 		30 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/752x376/dam/jcr:43a25eb3-5192-493b-bfe1-9b429b594514/Stillen_01103_sRGB.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62f1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
cf6dba6a0e981046bf556ab96231583791e3e7358060a9d54dfabd66ba9ead50
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
private, no-transform, max-age=1649273
expires
Sun, 05 Jan 2025 16:15:53 GMT
access-control-allow-origin
https://www.bahn.de
content-length
30907
date
Tue, 17 Dec 2024 14:08:00 GMT
last-modified
Sun, 10 Nov 2024 11:56:23 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
sameorigin
favicon.ico
www.bahn.de/ 		5 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
ae0400d6155fbbd61c93d4f5546e8a2e6c96f6aed576f5728f8500e8e9f6f816
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=1034486
content-encoding
gzip
etag
"1536-621be2dbb0cc0"
x-content-type-options
nosniff
expires
Sun, 29 Dec 2024 13:29:26 GMT
accept-ranges
bytes
content-length
1002
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:08:00 GMT
content-type
image/vnd.microsoft.icon
last-modified
Tue, 10 Sep 2024 06:42:35 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
id
www.bahn.de/st/ 		48 B
750 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/st/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&mid=21108426928312595022481672673541103632&ts=1734444480115
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/tms/next-main/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
jag /
Resource Hash
8daf0e512d5b7c8d6a0955c14936d9aa288471da4d7cabbff520ac251b97cb51
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
cache-control
private, no-cache, no-store, no-transform
x-content-type-options
nosniff
expires
Tue, 17 Dec 2024 14:08:00 GMT
access-control-allow-origin
*
p3p
CP="This is not a P3P policy"
content-length
48
x-xss-protection
1; mode=block
date
Tue, 17 Dec 2024 14:08:00 GMT
content-type
application/x-javascript;charset=utf-8
server
jag
x-frame-options
SAMEORIGIN
sdk.js
ucm-eu.verint-cdn.com/files/sites/next-bahn-de/live/ 		63 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ucm-eu.verint-cdn.com/files/sites/next-bahn-de/live/sdk.js
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/tms/next-main/utag.11.js?utv=ut4.51.202408221218
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:e600:1b:1f8f:6780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
d599d9a26e991e7669751ad91fca74c6db6c17210005c9e65a2504b86f402b0e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
cache-control
public, max-age=3600
content-encoding
br
age
1308
via
1.1 6def1f0ddc805dce17407cce01d5b32c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
EXvCuJdDjhjKR7GH2fYnYL22QfYhylXIsV0Ky4PBKa2ORgjLeRMMIQ==
date
Tue, 17 Dec 2024 13:46:12 GMT
content-type
application/javascript; charset=utf-8
x-powered-by
Express
vary
Accept-Encoding
x-amz-cf-pop
FRA56-C1
s64995189298889
www.bahn.de/st/b/ss/dbbahnprod/1/JS-2.23.0/ 		43 B
805 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/st/b/ss/dbbahnprod/1/JS-2.23.0/s64995189298889?AQB=1&ndh=1&pf=1&t=17%2F11%2F2024%2015%3A8%3A0%202%20-60&sdid=352004C1B78C8C08-2BB7810D4EE32EEF&mid=21108426928312595022481672673541103632&ce=UTF-8&ns=deutschebahn&cdp=2&pageName=bahn-de_startseite&g=https%3A%2F%2Fwww.bahn.de%2F&cc=EUR&ch=Content&c3=Anonym&v3=Anonym&c4=Content&v4=Content&c22=https%3A%2F%2Fwww.bahn.de%2F&v22=https%3A%2F%2Fwww.bahn.de%2F&c24=bahn-de_startseite&v24=bahn-de_startseite&v46=no%20visitor%20cookie&v47=32&c69=Logout&v69=Logout&c74=bahn-de_startseite&v74=bahn-de_startseite&c75=https%3A%2F%2Fwww.bahn.de%2F&v75=https%3A%2F%2Fwww.bahn.de%2F&v97=Nein&v106=None&v110=bahn-de&v111=www.bahn.de&v112=startseite&v113=Content&v115=https%3A%2F%2Fwww.bahn.de%2F&v117=de&v118=Landscape&v119=undefined_1600x1200&v120=startseite&v121=Logout&v122=Anonym&v123=PK&v126=false&v186=view%3Eut4.51.202412100645&v187=prd--default&v199=next-main%20%3E%20true&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&AQE=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

etag
3724691160933531648-4618633922105222023
x-content-type-options
nosniff
expires
Tue, 17 Dec 2024 14:08:00 GMT
p3p
CP="This is not a P3P policy"
date
Tue, 17 Dec 2024 14:08:00 GMT
last-modified
Wed, 18 Dec 2024 14:08:00 GMT
content-type
image/gif;charset=utf-8
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
cache-control
private, no-cache, no-store, no-transform
pragma
no-cache
access-control-allow-origin
*
content-length
43
x-xss-protection
1; mode=block
server
jag
2VwfARuJAzeMmnZHy6KR3.json
cdn.optimizely.com/datafiles/ 		7 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/datafiles/2VwfARuJAzeMmnZHy6KR3.json
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/auth-88794bbc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4239 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b99bca84b3ea6868c9b60f850196d3dc0fbfec09f19807cc0df0e1ce7e7bff1f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

access-control-max-age
604800
access-control-expose-headers
Access-Control-Allow-Origin, Content-Length
content-encoding
gzip
cf-cache-status
HIT
etag
"c7820863f6cd904e2c2751a73d06409c"
x-amz-version-id
eg8MzcJI8mgi.evEAJS5QYU2x4xQ2_sH
age
2
access-control-allow-methods
GET, HEAD, OPTIONS
date
Tue, 17 Dec 2024 14:08:00 GMT
x-amz-meta-revision
294
content-type
application/json; charset=utf-8
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Thu, 17 Oct 2024 07:27:48 GMT
x-amz-id-2
8rKe6ZdVVffyZwakiTTwcNpJTHLhKyHl+k/IFl12oZgXTXVjdCpGftPquln+DxNQEnb8nT5exaP+sXOSvggOPQ==
access-control-allow-headers
*
x-amz-replication-status
COMPLETED
cache-control
max-age=120
x-amz-meta-pci_enabled
False
access-control-allow-credentials
false
x-amz-request-id
12MQG9F3HJRZ6N7T
cf-ray
8f377b954d459f35-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1406
server
cloudflare
x-amz-server-side-encryption
AES256
N6GiRGYhQB
www.bahn.de/9G22wU-N/0bg/fvQ/5yCfmEvLqW/YO7bXJczw4Dw/BCxDFUhs/Ri/ Frame E23B 		18 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/9G22wU-N/0bg/fvQ/5yCfmEvLqW/YO7bXJczw4Dw/BCxDFUhs/Ri/N6GiRGYhQB
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/static/2becfbb420e6838cfd97566078369c14b6ed0011a38979
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f148 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.bahn.de/.resources/bahn-common/webresources/storage/index.html

Response headers

x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
access-control-allow-credentials
true
x-content-type-options
nosniff
x_req_id
1bb448f7-b46a-4635-898d-8ffa20b59d7a
access-control-allow-origin
https://www.bahn.de
content-length
18
date
Tue, 17 Dec 2024 14:08:00 GMT
x-xss-protection
1; mode=block
content-type
application/json
vary
Origin
access-control-allow-headers
Content-Type

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.bahn.de
URL
blob:https://www.bahn.de/c7cb42b4-a325-4d47-8a50-9d1fc0c566ea

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| bahn object| digitalData string| WEB_CMS_BASE_URL string| WEB_UI_BASE_URL string| WEB_GK_UI_PATH object| skyframe object| consentLayer object| cmsFrontendConfig object| _cf object| bmak string| _sdTrace object| abTestingService object| authentication object| personalisationService object| asyncServices object| __VUE_INSTANCE_SETTERS__ object| __VUE_SSR_SETTERS__ object| classValidatorMetadataStorage string| view object| tmsTagConfig function| isInIframe object| utag function| loadLibrary object| utag_cfg_ovrd object| utag_data function| DataLayerHelper object| teal object| helper object| webpack_consent-layer string| globalAccount object| s function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq object| s_c_il number| s_c_in boolean| __VUE__ string| lastBuiltCorrelationId object| adobe function| Visitor function| uwsReady object| optimizely object| s_i_dbbahnprod

15 Cookies

Domain/Path Name / Value
accounts.bahn.de/auth/realms/db/ Name: AUTH_SESSION_ID
Value: 55cc11f4-6b5c-460b-ae44-1eaf06a0928d.idm-rh-sso-597c7fdbbf-m7h5d-40762
accounts.bahn.de/auth/realms/db/ Name: AUTH_SESSION_ID_LEGACY
Value: 55cc11f4-6b5c-460b-ae44-1eaf06a0928d.idm-rh-sso-597c7fdbbf-m7h5d-40762
accounts.bahn.de/auth/realms/db/ Name: IDM_SID
Value: 9bb3cbd7-ebbe-4820-a9eb-56c152c46a34
accounts.bahn.de/auth/realms/db/ Name: TS0135fa4a
Value: 0144e11a91d4adb3891e7b987de87a68e678440a29f6ed6a093fde16ddffd37ec93d43136b288659328e91b539419db6c42b2759f4
.bahn.de/ Name: bm_sz
Value: C3E70F6BF4CC33283E58EEB67A675A22~YAAQFvAQAmM0UrOTAQAAa27y1Bp0yd67V345cM6nHYH0sHHGTcE+O7JulF4rifbeUHHRCLOLQUH5Zl1JPCWSwMGTFXj1i2t+hXPR0Z+oxFy5DYBXZFeuM5eI/34vidTwmp4uZXO3faghmKENXktFMeZyS0ioP5alDaSoiOOeVQjtsT6kWCnWGpZCWJ+WiqxGumB+Qz7/BXZY3P81eHW+u1XNCneGbj8ZY3znHdqZO0TmpjccDEqXWVc/GrBsW8/YWM2ajj+Jxrz56DJz0/lqraNmH4tpO8yOJpzmdnUIgMjrK9X803eJlHIO+32tjJKyLV7i1WOoW0K3tNU3YexWvd8BgU2XS3sOIXusI8sxza09phuxUJyTorNBcqbaG0yULUPoSDSR/CZcXfIh~4539458~4408888
.bahn.de/ Name: request_consent_v
Value: 3
.accounts.bahn.de/ Name: TS016c400a
Value: 0144e11a91d4adb3891e7b987de87a68e678440a29f6ed6a093fde16ddffd37ec93d43136b288659328e91b539419db6c42b2759f4
accounts.bahn.de/ Name: TS51bc32fa027
Value: 0850f34bcdab2000353b43d4e6faf8442fc32f357e95abb1c925eb7247246e838f663846864688920869deb3571130009a2a5990679af2fc8fbd939e4e383aaa3c51ca75ed081ac5eb8bbde4824f290359da355b88f8dd87c502fbccc92cf76f
www.bahn.de/ Name: TS01309da6
Value: 0144e11a91111f7c4d4d8da61821c803bed40326eac7a8efa3845e398643681e97fa26cd823154efc48e6c141a6d8a60b01d8f9b0a
.bahn.de/ Name: utag_main
Value: v_id:0193d4f2734200027336d62dc8ce05065001405d00b08$_sn:1$_se:1%3Bexp-session$_ss:1%3Bexp-session$_st:1734446279310%3Bexp-session$ses_id:1734444479310%3Bexp-session$_pn:1%3Bexp-session$vapi_domain:bahn.de
.bahn.de/ Name: s_ecid
Value: MCMID%7C21108426928312595022481672673541103632
.bahn.de/ Name: AMCVS_5FA50A5953FB37E50A4C98BC%40AdobeOrg
Value: 1
.bahn.de/ Name: AMCV_5FA50A5953FB37E50A4C98BC%40AdobeOrg
Value: 179643557%7CMCIDTS%7C20075%7CMCMID%7C21108426928312595022481672673541103632%7CMCAID%7CNONE%7CMCOPTOUT-1734451680s%7CNONE%7CvVersion%7C5.5.0
.bahn.de/ Name: s_cc
Value: true
.bahn.de/ Name: _abck
Value: 4F2F70D20AFCBA64CFF97A23C41FFBEF~-1~YAAQFvAQAnA1UrOTAQAAv3ny1A37o4NGF9SVbd+dBjgF8+pe/NIBzeej9n9vu5Arc5e15PGmAlghv9vuWxdELwahkJbe3iovxnaRtW3XowfZHWB5JijhXaDQfHvRVJl6L+vMPPhRNfipBvS2DeXqG5y4O372gyDwaLuUJiXaXskGPdu5D4ICFf7SypWyYfynEPyREdsdIqjZwXgq+mDUciUxM412k16iT/tdbEXRsyONxD4LNnI0b/S7XWlo+0rt4b3a5FZQpf9IgbW3l1i2yUN/R+OamALzHMLkSAK/LnpDepeRO2GYccXrDKCWUwP7DtyA+ki/51a9Xw6lgnyvxohKQwI6lRKcnKi1n3E8p5QJyHsIvcgSd3C9D/tbunYf7wC/zgSRstzJeTVnP3dJu9qOIp/cUX+uWn3FEUyIgqe7b8s8xnI3badoZdZi9j0jF3YazGHHVns8lxdTL993WH3V5aTKNiyYWg==~-1~||0||~-1

2 Console Messages

Source Level URL
Text
rendering warning URL: https://www.bahn.de/
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0E0B00DFC0C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://www.bahn.de/.resources/bahn-common/webresources/storage/index.html
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A010B10DFC0C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.bahn.de
assets.static-bahn.de
at.bahn.de
cdn-at.bahn.de
cdn.optimizely.com
cms.static-bahn.de
dokioav.kvk-kreuger.de
p11.techlab-cdn.com
ucm-eu.verint-cdn.com
www.bahn.de
www.bahn.de
172.67.161.243
213.202.235.8
2600:9000:206f:e600:1b:1f8f:6780:93a1
2606:4700::6812:4239
2a02:26f0:3500:18::1724:a298
2a02:26f0:480:22::1726:62f1
2a02:26f0:480:d::210:f145
2a02:26f0:480:d::210:f148
2a02:6ea0:c700::11
008c86a47b984b5509beb87fb2ce43060c8e6c5d126c690b9e01a24c152687ee
046c459d461272639967c2f2ebef9384e4e679aa8cf947fe7e923ccbe238d66a
085ab86e9b7c58da258f1889ec3487896df78fa4464412ea8861c18d8b415463
0cfa99ba59d798bbc7d45c39c1922a7c97c33a5c1622bf4e00f07a9a5b53f49c
0e2fb2fa919688694a9e78981ffe2471094402e3e4b7918038f3eef7e9b07bd5
0fd01a7b38caaa55834c8c8946a170b145895849ec1e11428b40ad40390c66ee
1136d63d2b26dbdf07518bbfdca50b00e00fff1d3f269e77a67d7935ceee5dbc
143149f2ee19257377ea6a0b58d25f2e9fe32998540ef0b62a878254684a3741
16ea125efcb130439b818f653e68e39c035d40db37d4ee7faae3208ae4b14073
16fe62a5dfa72c729dce93e90845e370cc8de5ec7a44157fa6f89b6cc5808b2b
192f5d45731ec93d84951c1a6c410bf0bd7db929c1b2bc18b8291613f3afe32f
1af83a897c5f0ec33b084db0fd0abd60c9561ac6925813b3afe9af7f1bd3a969
1e3bb9a127ff1d24a72eed1ef82992f1eb50447d3876960dfa17c95dd43ca14d
208bbc2656308c9781171f668ea799664d72a7114e6384f658cb74c56dd04cf7
211809cce3f0505b31704d838afbf4622730f9bf7986795558a7ae5c17027425
24c65c2dbfc27da0d27761de40f96cdfe1fd531c373ae33f3e3ff8ea2787477f
298a01f7d41b31d86637c793d92d3b87fb2a16844e73f3c608e71d4d7408d397
2b6fad22caedc0b0dcaeee69c06d5cd2ed34e2a6c84faebdc4d33c5a34c1f01a
385b89f7813e4dbf690ea1864d81549e33592c4e36c1f78de6b929cf7b8dfc66
393d2314006bd812564c2c756e1603ae51b6bb091102b6df9af74810c93de0a4
39a8afd2ac324ec8f3be4b639ff479708afe857427c8dbf74f9f62d553791bf2
3f7124c623773a5c5ce4d2f5e583f17bb84b2a34b1500689e2bb059803a1797d
41c422ec3dc03f0a5b4555956950a8f66b1d19b286b62d0f77f89da21882ab1a
422aa4e7ba5ff626a830dbbee358cb5055122a03b5c36b5f7608e1b34999e529
4318ca74380b4528995463730e707813bff0c68437a6c88dcef6a4d8fe4ea39e
437f5e58f4b18b42e0b4714a0ff5821529c3298e92b861c10388d82ab44a64f8
4444e84c7cf4693969f47c39937963860815c7f7a7a733f78423ac5de282856f
44ee59cbe10ad7cdf3b45f5d2b9f473f24731a3ee64542caf51e844ab8ab30a7
46bf6b3e617cc5071b622620f70e54801a5333151f5c1feb3608e6616f9aa9f1
46ce05d42c0ace6157a2a88e54fee3c5de0527ba259f3964c650f4c0b8114e9c
46e864b0635ccd6fa95713db12756bc277f1f752dfa0b5d846a1f6c050334e3b
4a4ec7f60674089e5e12a8687cacd6350ddb55afde1467473dcf040eb77b237c
4f4d7324dacf6c67610831575018bec9b587949e7a879b124ffd7d6e30cf5edd
51999932ea5c6703232e232988f7330051066e77797f9b9ce809667ef4d70342
5584fe2257cfa5c4adb5512df868b82272393a03b87f977730f8084b5c393e2c
5b799ccd31a3b42e7cef954f06f3eafb1072334f722874573dd1b9bfbc21a160
5d9306f5f844bdca438a99633a6ab1e553e33635d363c533897ceb536698d9e7
62c132202985bafb7871640c8e3e686baef752615aa7a5d7d8e855b3170d7860
633f9991eab769db4706b9e33dfb63a5ccb336271371493653ec1be2a29ed7a9
6ac56411cfcf674281828df96b51490734f0162f5ad70fe86f7c4561ec017edf
6c059abac5c683fe35dfd4a055e7e285eae8047dca3b771ce565316db2fadc12
6dca5ff62a7dbef057083c6f43d725f826c63a32197b6122fb6e015402fca77d
700e5cceb6acafc0f712b5518697cf267aa143302657c05c0be71548aeb8dfad
724be3f7bc4ed3c63fc7680e963cc7c365190de82c1e00556d2ed89b35704c5c
7438e5ec695df692c4e3688d2dedfc77fd5940717996f96b2a76090ab3fd30dc
74a7a53097f5335e794968f4f7c27d089701fd635c8698c5f5fda7f30356cacb
74ed3da3c8d46f93e88789d8a9b07ed31e3033ad9b86a21f6c4c93958e235b78
796124f8b99c13c9beb3168b903c8511ed3e3e4c8cd1f1b79329dd62e1a964d1
79f89ebff0d1886fa7102a0a8a1192910c87d7ed436e7daa612eef9eb75b1932
7bb74e705e07e7b217429fa32c5b8cc4abf359110cb3082e5db73e5af105e25b
8086f37b2fef5219c0b43c66e419e6e1825aabd68be129ed32a07ed15a5a594b
80da003d8010021f3babdeafc674e173263d44a224d742b2499ea57e5ef09b19
844fa214daa5de5146be26f2dd6b9d826ea70c742fd55d8f0dee3e4b4a92973a
86927cafa657ae14a28bdca63befb837251fc4ce67683aa19fdccf4d1bfeef3b
8746be007a504a31a049853ffde3017ea0e55c666a0395eda49f9a6b81bbcab7
88cefb63e5cc4eae461256d5effe49cf1203303f39a3690e452692ec3e03475d
8bbb9cea022d13e6474dd717ce4487deeeff1dabfae475fb2ecdb696239d4c89
8c89815d2455181e61728f79dd1cb15013212119c617f55ad57ecfd271b16109
8d5865f67a25e1a395c3acff873f8a053bf8e1ee45028fce3de94348d92c8705
8daf0e512d5b7c8d6a0955c14936d9aa288471da4d7cabbff520ac251b97cb51
92c83c47df93cddd85943d22351e61d3cf969bbe15df1b9c10ca2be26d362d86
96ec6a7dd6ee10a3e14f53801dd7140646fc4f0384d8c3cd51bf6eaa6917eed4
979cf8e7aebcef80e442eb448aeca22cd0c199f0107cef9e19fc7c75e5fdae8b
9b8d845a3296010c1c63682b0ad2201f3b7103732cefb5ed3197fa95bea84ed8
9ba7319051bb586b77a46b5aa7a664f577f1e95a78be1129f12476deeef241c7
a1670e95449d401ce6259e0ff78d978284b5c2ef978570a0df4dcdb810620e7d
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a217d4782d409d6a264908367f91ebed4ccd62d8e7a645b68eda7c09e4ab49c9
a30e6d88034ba9769cf08be9b3069814dfaf577fde4ad1d887b54abc2cdae057
a327d330498b9198b61c33f43fb706f9e60f7da72116c2322f45cb41c2032579
a37350ea84b29b4a3e1937538ba4f316ff514e7226489f80dbdceba6f73ef536
a60a6064ac1724bb0abd0c82cc440ed072cb972ec5262430b5b42c7c859d37d1
ad80a3f6b1b1b869088b872381b3179a21dccc4e465ec0a00c92824f6462c258
ae0400d6155fbbd61c93d4f5546e8a2e6c96f6aed576f5728f8500e8e9f6f816
b128f300d0c17499e75251b4f35ff57185f26b27b4f83709fc17c15412b932f3
b432b7ab78b80c49e0893b5e1fb1c59a4a3341553f9617b628b34efcab3cff4c
b49ed5da77ae443d672a48773280af079ff68efdc9ab83ba97e576587bce4625
b76a5e8ca4f9a0e58f9eb8b3c80c47dd7cf499386bfd8078f4e842b712324a6f
b99bca84b3ea6868c9b60f850196d3dc0fbfec09f19807cc0df0e1ce7e7bff1f
bc25addd219ee127babf8f983627baefcceb59f88331ca84d393b9fc619c5e7e
bdbca9ebb7897ae1c6c7a28be71388b2cd67d66cbacb176ed3808310e93c9ed8
bdd308f8bf48fd7673784e966b0b7188e228bf69edabdaaa7a74670cf684dfdf
bef4a1a768c5ca55179d9e95790a800ecb0d2591e3c08ca626ea5bfc97f729be
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
c2be139b6050da9378be40d66b19404cbb665e6f1af561da0acbd4953e21a1d2
c6bdf99912aec10086b76d16e7c268a907a1003dead535b6df24feaade8c68a2
cb04d2be14960e9c632c828231484563e0ada2c15f8b43ab903328849be6ed61
cc20afc35842277ea302ac2b748d8017851d15488f69c7215dfd8aa8cdfba801
cc5cab063183f0ea52ac3cae7d7df192d2e38df2708495cdad2f5bde6b8e8963
cf6dba6a0e981046bf556ab96231583791e3e7358060a9d54dfabd66ba9ead50
d599d9a26e991e7669751ad91fca74c6db6c17210005c9e65a2504b86f402b0e
da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe
e0c58646f6d51cae4b6a321a4cda8506061527ec8ed23b7bd6ecf3467e99a0e4
e2205ded16b7420a1d0a1a7e627db7d487fa36f8a77e13acd186f75049c4cc96
e349f08ef2bbd0b0cbf65b912d0d1a9a6409253b7ab8e979473e0c3ce5deea07
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b61a0d1104a1e7143331130d523d2818cd93b466fbafd28034250ad09f7522
e5e35fc8bfa93524820225bb7c6aef150b37341ac1fb064744aaf3313e13de78
e653cd8630de5a2d4b45c67cb919d524c3bba8c110730675001b6cdd3e2425c0
e71b698c8d623cc25ccbfb1233c62d384a89ffbaddd4ace33e96a489b8addb6a
e766fb359568beeb057cad763aad94c203879805aa2ef226fa22718e2bda9d07
e9d002f95e3eed117de92953f76a68dc1b6e0026c1fd23482f9ae2ddee80f190
ebd2c53dc1e1739c079620657c5ac09d27d9772bb325b972d1db0f354774fb19
ec7662f145b14d83d447479c11e54008c6b3018bac093b4ac2f2d3388560f215
eec5b615214dd209e183d3257fa2d138b66c701a43bc036f2198e88e86583681
efb6f8479192826d16401c81a6d66e06b75793cf696d4cd917084715316a4df8
f36589c9357911ed6452b13ce02f69d07536e72775dcbe18af3ceef2abfe492d
f63e965aba1ae9858d79ea3319493a85f248e7a72e73a4d147fd33c21fe0d0ed
f7c24dba7a46112b0f5d36478b8329b6cb76304b48a1b8395b2c4b32b838ac1f
fa719abef912812a769034b4c3b073e4f81647d132028b610f7ee1b47e617933