Submitted URL: http://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DH...
Effective URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DH...
Submission: On February 21 via api from IE — Scanned from DE

Summary

This website contacted 14 IPs in 2 countries across 9 domains to perform 44 HTTP transactions. The main IP is 52.203.10.41, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is app.vanta.com. The Cisco Umbrella rank of the primary domain is 346603.
TLS certificate: Issued by Amazon RSA 2048 M01 on March 25th 2023. Valid for: a year.
This is the only time app.vanta.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
16 vanta.com
app.vanta.com — Cisco Umbrella Rank: 346603
static.vanta.com — Cisco Umbrella Rank: 640984
7 MB
7 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1356
q.stripe.com
m.stripe.com
152 KB
4 auryc.com
client-api.auryc.com — Cisco Umbrella Rank: 9901
1 KB
4 heapanalytics.com
cdn.heapanalytics.com — Cisco Umbrella Rank: 1016
heapanalytics.com
229 KB
4 gstatic.com
fonts.gstatic.com
138 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1444
16 KB
2 browser-intake-datadoghq.com
rum.browser-intake-datadoghq.com — Cisco Umbrella Rank: 2446
688 B
1 trychameleon.com
fast.trychameleon.com — Cisco Umbrella Rank: 17453
2 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 48
1 KB
44 9
Domain Requested by
12 static.vanta.com app.vanta.com
static.vanta.com
4 client-api.auryc.com static.vanta.com
4 fonts.gstatic.com app.vanta.com
fonts.googleapis.com
4 app.vanta.com 1 redirects static.vanta.com
3 q.stripe.com app.vanta.com
3 js.stripe.com static.vanta.com
js.stripe.com
3 cdn.heapanalytics.com app.vanta.com
cdn.heapanalytics.com
2 m.stripe.network js.stripe.com
m.stripe.network
2 rum.browser-intake-datadoghq.com static.vanta.com
1 m.stripe.com m.stripe.network
1 heapanalytics.com
1 fast.trychameleon.com static.vanta.com
1 fonts.googleapis.com app.vanta.com
44 13

This site contains links to these domains. Also see Links.

Domain
www.vanta.com
Subject Issuer Validity Valid
vanta.com
Amazon RSA 2048 M01
2023-03-25 -
2024-04-22
a year crt.sh
static.vanta.com
E1
2024-01-11 -
2024-04-10
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
cdn.heapanalytics.com
Amazon RSA 2048 M01
2023-06-29 -
2024-07-27
a year crt.sh
fast.trychameleon.com
R3
2024-01-19 -
2024-04-18
3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA
2024-02-07 -
2024-05-09
3 months crt.sh
*.browser-intake-datadoghq.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-06-17 -
2024-06-18
a year crt.sh
*.auryc.com
R3
2024-01-24 -
2024-04-23
3 months crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2023-12-20 -
2024-03-21
3 months crt.sh
heapanalytics.com
Amazon RSA 2048 M02
2023-11-09 -
2024-12-08
a year crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1
2023-12-22 -
2024-03-21
3 months crt.sh

This page contains 3 frames:

Primary Page: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Frame ID: F9F61E910DEFAFD7D51488BDE2A5E6DF
Requests: 34 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 7DD1840EEAEBC99E681DA5F6C4CE4378
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 3AEE04753AB956FD7BE21B3F70E0236A
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

Vanta

Page URL History Show full URLs

  1. http://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.c... HTTP 301
    https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.c... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • heap-\d+\.js

Page Statistics

44
Requests

91 %
HTTPS

36 %
IPv6

9
Domains

13
Subdomains

14
IPs

2
Countries

8208 kB
Transfer

34224 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational HTTP 301
    https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/
Redirect Chain
  • http://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType...
  • https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskTyp...
1 KB
2 KB
Document
General
Full URL
https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.10.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-10-41.compute-1.amazonaws.com
Software
cloudflare /
Resource Hash
2deb95ef88cf7806b256a593b9d984b3f6015f9e3d3623da948a499e570be835
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
85909926cb1b0846-IAD
content-encoding
br
content-length
496
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
content-type
text/html; charset=utf-8
date
Wed, 21 Feb 2024 17:09:39 GMT
etag
W/"7295d0ae83c5a747c48ca22dac003e24"
expect-ct
max-age=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u9dN384ASVR2qg8Gnd4a%2Bn02Lyuf4h%2F%2BHgZw4OOxLHx0rJ4u9NvNAneCFUQMiO%2FSlks6Pgs7BjZ0%2Ffp%2Fr8peY1PSD91ahEhMr%2BQ7zTqBviNiF8ohWewL8utf%2FwLAtp5GKog7"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=15552000
uuid
ff0384e0-d0db-11ee-b1d2-d1778df70cf3
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-robots-tag
noindex
x-xss-protection
0

Redirect headers

Connection
keep-alive
Content-Length
134
Content-Type
text/html
Date
Wed, 21 Feb 2024 17:09:38 GMT
Location
https://app.vanta.com:443/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Server
awselb/2.0
index.ef32215b.css
static.vanta.com/static/
44 KB
11 KB
Stylesheet
General
Full URL
https://static.vanta.com/static/index.ef32215b.css
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
810ec34dabbebed972e1a0a93eb83928d505aeb41e4ab8a8205ae0a18616368e
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:39 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"3ef9496dca9e65924b7c5698e274ca74"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FdAGug5oNYF0PIhW49uo%2FQYklJhEcVyt%2FjvHn%2B2cn2Ew2vsLGrEE4Vae7p1DggJqH5Ck%2BV0fTEPoVneptROh7IFYKh3SHAeDJ6It6MkXeud2z8vhPR1swF4huBY5Jx6JKLICjsvoa2dowGrxTE%2BU"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
859099285e416644-AMS
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2
fonts.gstatic.com/s/inter/v12/
37 KB
37 KB
Font
General
Full URL
https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
39e72c0794c12f2dbb14a0f61ca946b535f795b1478fcf795bd26e5cb52ded34
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://app.vanta.com/
Origin
https://app.vanta.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 07:48:48 GMT
x-content-type-options
nosniff
age
33651
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37780
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 20:54:10 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Feb 2025 07:48:48 GMT
L0x8DFMnlVwD4h3hu_qnZypEiw.woff2
fonts.gstatic.com/s/domine/v19/
27 KB
27 KB
Font
General
Full URL
https://fonts.gstatic.com/s/domine/v19/L0x8DFMnlVwD4h3hu_qnZypEiw.woff2
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
331215b2d754c35f93a1868c74124b059095b34b1b49625c9bf149a0e8a19518
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://app.vanta.com/
Origin
https://app.vanta.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 23:46:04 GMT
x-content-type-options
nosniff
age
62615
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
27612
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 19:06:08 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 19 Feb 2025 23:46:04 GMT
css2
fonts.googleapis.com/
13 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Domine:wght@400;600&family=Inter:wght@300;400;500;600;700&display=swap
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b2c69d708a8abc8a503d23d344b9eeab2159d0a609d60620a7f6c58212f5b8e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 21 Feb 2024 17:09:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 21 Feb 2024 17:09:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 21 Feb 2024 17:09:39 GMT
index.679bda3d.css
static.vanta.com/static/
478 KB
82 KB
Stylesheet
General
Full URL
https://static.vanta.com/static/index.679bda3d.css
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0bfba3c3fd364f0ddfaa9ace74f3fa25df63ac491e541b8e342195d51a52afd4
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:39 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"0cb873f58d8a3509f6cfa8daea508ccc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=robg7iP%2BYIk5cRElK51WlcqZLPQrdRWV9xulYKfXE8sAtKWfCP91az9ZRXMXEF4r%2FyR%2BFDl58Jdnho3Lippj5yvHN%2B9wRR0LKaM8o2%2BGqnb%2FOPIeHZQFQg%2B%2BedsLsjOg39Z4Qv59l2C%2FMt8L0t7M"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
859099284e3b6644-AMS
index.fd190e71.css
static.vanta.com/static/
566 B
648 B
Stylesheet
General
Full URL
https://static.vanta.com/static/index.fd190e71.css
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9beae50b8ea51cca1e4fe63ceee608977173aeb44a1d1fa6297d93a3e77f5bd8
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:39 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"c78a3167656670f91dc7e03525ef6920"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J9JRmvDwb1MQt%2BNQvHIo5vihzlRMG%2FCoprDeORsbgyjkmJ8gFVrEkmj78O4r94jUMMr7sNE6ImtP7KaBCixpCGjM8STGAeczX5l64aqNR41OgBAvu8L%2BNKpU%2BZIJ48%2BxG7eIPjMQ8aDXguO6GMU6"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
859099284e3e6644-AMS
index.04727e09.css
static.vanta.com/static/
574 B
668 B
Stylesheet
General
Full URL
https://static.vanta.com/static/index.04727e09.css
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f48582eae2169bd5126b907566d7c70af153b9daff643866b5b98fdac29bd5e7
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:39 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"595ce78ec4af2ff37e22c6bf1a059ff7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rsaGk9rXKEUEjCHtKmfRt4xARrnrtoQs8y2dxM0w8KW073EHUAUEjf4N0KArpkURNjtYg%2BYFpZEUcm9vKJPiLN0hmO8%2FtcOKTHnki%2FXMZimARUY3yAkxSm%2FWGUWBN1gbmxOMB%2BvWmjFVoTmhfYx7"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
859099285e436644-AMS
entry.js
static.vanta.com/static/
600 B
583 B
Script
General
Full URL
https://static.vanta.com/static/entry.js
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
789066657a624ce038d2023f0cf18b10ea28981632fd3e72e6ec69fbd613d90b
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:39 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"2ddb57804f772378ad574d41479472c4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8SC8tNw2uNUsB7OYTaecWD6TXbAJM5jQtUUL1zz7EFCEiadjQUP4Q3zyKwCJ9%2BRyqNJ4huldVmJwZXymioWfPz2Y45hmgCKSJXMyFql72q8tmD8rYY1FOonc3TOQFs%2F6zHvj0%2Ba2bs%2FIZGd3mEpO"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
85909929284a6644-AMS
index.2cc4f499.js
static.vanta.com/static/
16 MB
3 MB
Script
General
Full URL
https://static.vanta.com/static/index.2cc4f499.js
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/entry.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd5a92c88316ca463ea150865cfc8dc17929e4aa6ec7ba786e300cf27e8aae69
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:39 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"7e7503ef77b023e134fe639adee92f30"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jn6HrUyoY%2BOLoKqr%2FOk0hYV5pfnzmqEA0awbk6HJUrilQbDzqumReDbSdQLukB87%2FkEP21prMWaem6kEqWXt21nNopAjqB90MuSWlfi04VEBNYBdwJ%2B08uCbBvcN0AZig%2F%2F8KNAdwnmXf%2FhgORC3"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
85909929993c6644-AMS
index.runtime.1320a9f6.js
static.vanta.com/static/
4 KB
4 KB
Script
General
Full URL
https://static.vanta.com/static/index.runtime.1320a9f6.js
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/entry.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2abd13aeaa208c5820eedbbf03d2eec6c6702a69255cb1f0809eb358455c710
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:39 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"26454de25b56f7d65e2ed5ff786c8296"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fHwGowdCh%2BggS2bCxu4BglXD6lI2vKfrrNEoGpbFYzy%2FMNGNg2PHfUdF9ZMW%2FT1b6ockUYUpkdQlKvO%2B%2BT5bpjZkXTol%2Fbvoo%2Fmx76GdcG9IUxY7PcWceLOu7%2FrLmp781cdpw8wWkwwlu%2FbigxTk"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
8590992999426644-AMS
index.runtime.5cdcfecc.js
static.vanta.com/static/
31 KB
10 KB
Script
General
Full URL
https://static.vanta.com/static/index.runtime.5cdcfecc.js
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/entry.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ece27120b58c0646ec50fd3b78f13d0bb73e7f3cbac1fbcb9d04bb2584454533
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:39 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"e4cf59026960f0e01da9c37d08a72da7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FaSA8tHdHgZz%2BZc7XTDJ7ShI0YEBhXgGoQEaEXOFIxnd5APO0Y%2BWz%2BAX2VWbARYAgLIxK2zHCZqixe86YMfziNNn4yxAnw50Gt7%2BWRIRi312sfrilYDv3SZF717CruyQQ4sslkLo1PPtz3bKt%2Fpc"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
8590992999466644-AMS
index.66c781cc.js
static.vanta.com/static/
14 MB
3 MB
Script
General
Full URL
https://static.vanta.com/static/index.66c781cc.js
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/entry.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e13e3921dc321693454c42f7c27b102136ea2d5264b8d6294b47f801cc72cb69
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:39 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"6931c26451cabdd1a5be87979bf79d02"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XEu%2Fh%2Be%2BzhKGlM4YFoWXKY%2F%2F1rxXlgwhwUtC3lU60kiA79EWAOvQQKSxLB4BHGIAnjRYHALYrIYa%2B6e6OlUcHk%2BLRKK%2BAeKcz8h60f3vF2ACtfxBQkEvyIQ1J9Ax0fOcrMLgIXSixelbLRWtiovX"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
8590992999496644-AMS
heap-948124972.js
cdn.heapanalytics.com/js/
119 KB
38 KB
Script
General
Full URL
https://cdn.heapanalytics.com/js/heap-948124972.js
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-5.fra56.r.cloudfront.net
Software
nginx / Express
Resource Hash
c65c5cc8c4671fa42f3d76452be2f573e438aff75ae43eddc9924cb7ee64f9a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:08:14 GMT
content-encoding
br
via
1.1 2e4a0520ad8fe16707823b20e9441e08.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
x-amz-cf-pop
FRA56-C2
age
86
x-powered-by
Express
etag
W/"1da84-3KFjoFIMnEpnyeIFs0m3cnwGaRo"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=120
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
ZVC_vyCJ_VTExamQaaS5A8Iiza85F3e6E7oePsipPHcdhv7wsljhHA==
messo.min.js
fast.trychameleon.com/messo/SOeAVlYm1Kff6u9J5AFDbaPsfTr9EOOBq2sZLM1LYalxB9-1KFOH1-CwwKM1tlygzuj0fF/
4 KB
2 KB
Script
General
Full URL
https://fast.trychameleon.com/messo/SOeAVlYm1Kff6u9J5AFDbaPsfTr9EOOBq2sZLM1LYalxB9-1KFOH1-CwwKM1tlygzuj0fF/messo.min.js
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.66c781cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
990151cb10e0ca555e02f771cfdcd347522fbff5a89de93bf8043b3c99d6f03c
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:41 GMT
content-encoding
br
via
1.1 chameleon.io (Hyoid)
strict-transport-security
max-age=31557600
last-modified
Fri, 22 Sep 2023 21:19:38 GMT
etag
"d712cb51ddca79bec27267c5dda35ad1"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, no-cache
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1476
v3
js.stripe.com/
600 KB
147 KB
Script
General
Full URL
https://js.stripe.com/v3
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.66c781cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-49.muc50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
fd14ad513302b20c3cfc56ddf50e0cbb6c7b37e90929c09cdc0983215e8d305f
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:14 GMT
content-encoding
br
via
1.1 c7e33a86531bfe239a9c43428fc5c122.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
age
37
x-amz-cf-pop
MUC50-P2
x-cache
Hit from cloudfront
last-modified
Tue, 20 Feb 2024 22:05:19 GMT
server
Cloudfront
etag
W/"9faf3c098157e1e5f44858d831bb11ed"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
E92RyF-XR3skYEBd0BlQsIMOYFgh3Gp2PhcWrRejzTQj79H_4VGWvw==
470f9c29-ec9e-47ea-80ad-94ec8b37abc2
https://app.vanta.com/
78 B
0
Other
General
Full URL
blob:https://app.vanta.com/470f9c29-ec9e-47ea-80ad-94ec8b37abc2
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0fe02f62f7609cef88ad3183a29e22e6e7b91ab5dcfaa60ec1afdb6c2adb5cb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Length
78
Content-Type
application/javascript
8cc34014-770a-4ab9-ac83-c21d0d71dcc9
https://app.vanta.com/
25 KB
0
Other
General
Full URL
blob:https://app.vanta.com/8cc34014-770a-4ab9-ac83-c21d0d71dcc9
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef42f4aa8f0b88e6d1cf013c7b79133dc4e036a011a70a25fb3113d7685520f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Length
25814
Content-Type
graphql
app.vanta.com/
25 B
495 B
Fetch
General
Full URL
https://app.vanta.com/graphql?operation=userContext
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.2cc4f499.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.10.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-10-41.compute-1.amazonaws.com
Software
/
Resource Hash
c7682fb89236766d039f9c72f89dca916ef0003a9c43eba22ca9704194c15115
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

apollographql-client-name
web-client
x-csrf-token
this_csrf_header_is_constant
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
x-datadog-sampling-priority
1
content-type
application/json
accept
*/*
Referer
https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
apollographql-client-version
39220e
x-datadog-parent-id
3346976979140827872
x-datadog-trace-id
8841208954493407699
graphql-schema-version
39220e

Response headers

date
Wed, 21 Feb 2024 17:09:41 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-dns-prefetch-control
off
uuid
00991900-d0dc-11ee-9925-89312916e669
content-length
25
x-xss-protection
0
referrer-policy
same-origin
etag
W/"19-AWcZ0/oWRZgbXds9xsp8WpnG9lI"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://app.vanta.com
x-download-options
noopen
access-control-allow-credentials
true
x-robots-tag
noindex
rum
rum.browser-intake-datadoghq.com/api/v2/
53 B
344 B
Fetch
General
Full URL
https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.46.0%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aweb-client%2Cversion%3Af018081a5d16d6afcef00fd9e0a1dac45a187f92&dd-api-key=pub5be58c436de630b41550fa3f1691dcfb&dd-evp-origin-version=4.46.0&dd-evp-origin=browser&dd-request-id=f25eec9e-fa65-44f8-944b-07e43065fdf6&batch_time=1708535381780
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.2cc4f499.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b900:3169:462d:2c37:b982 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
62a8861c690530c4839336e3adeca2f4c657b9be080566a900f4b46982e347a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.vanta.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 21 Feb 2024 17:09:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
f25eec9e-fa65-44f8-944b-07e43065fdf6
fa-regular-400.a2c46ca3.woff2
static.vanta.com/static/
388 KB
390 KB
Font
General
Full URL
https://static.vanta.com/static/fa-regular-400.a2c46ca3.woff2
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.04727e09.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b7265fb8e98286a6e61d73e4278df35c0e911db1e8a94c82836d0b21088125b
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

Referer
https://static.vanta.com/static/index.04727e09.css
Origin
https://app.vanta.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:41 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
397196
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
"360b3ff42fc66112960a975a4ed00125"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TJGZBstN7o8L6Rja0khIEt5UDBiXW25NdLrhM6oM2KBA1khsq7v0HZqSFL%2Fxskh35BGwmZ18GFdfeuf2cJOcTvNUEDNHmYWRCoWSnACYdGreX6EWFUOOUtsVnn8e6X9bLnC0vF3%2BEn00p8KtAVOe"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
85909938ae2f66a6-AMS
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/
46 KB
46 KB
Font
General
Full URL
https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Domine:wght@400;600&family=Inter:wght@300;400;500;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://app.vanta.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 07:31:43 GMT
x-content-type-options
nosniff
age
34678
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46704
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 23:49:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Feb 2025 07:31:43 GMT
container.js
cdn.heapanalytics.com/js/replay/2792-Main-prod-heap/
9 KB
5 KB
Script
General
Full URL
https://cdn.heapanalytics.com/js/replay/2792-Main-prod-heap/container.js
Requested by
Host: cdn.heapanalytics.com
URL: https://cdn.heapanalytics.com/js/heap-948124972.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-5.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3c32d161cfee462cdfb38beec0dc3bbe9d111724d93cd3e286aa043bb2b011b3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id
D_480R1RW1qeCSUaWI.7kASZs_uYmMEg
content-encoding
gzip
via
1.1 2e4a0520ad8fe16707823b20e9441e08.cloudfront.net (CloudFront)
date
Wed, 21 Feb 2024 10:43:14 GMT
x-amz-cf-pop
FRA56-C2
age
30894
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
4577
last-modified
Wed, 06 Dec 2023 01:28:26 GMT
server
AmazonS3
etag
"a816523d8c1a522488e9c713f4bf003b"
content-type
application/javascript
cache-control
public,max-age=86400
accept-ranges
bytes
x-amz-cf-id
87_hnFVkro5yT05-RGyJLrZ6P-IryemZp9plo1uf10LXosHAocAsZg==
graphql
app.vanta.com/
23 B
494 B
Fetch
General
Full URL
https://app.vanta.com/graphql?operation=getUserLogin
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.2cc4f499.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.10.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-10-41.compute-1.amazonaws.com
Software
/
Resource Hash
6bbaeca3971834b646b6ac5ef10a82be7f6fccb409950f00d40206db70fe329f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

apollographql-client-name
web-client
x-csrf-token
this_csrf_header_is_constant
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
x-datadog-sampling-priority
1
content-type
application/json
accept
*/*
Referer
https://app.vanta.com/login?continue=https%3A%2F%2Fapp.vanta.com%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Ftests%253Ftab%253DHR%2526status%253DNEEDS_REMEDIATION%2526status%253DDUE_SOON%2526status%253DOVERDUE%2526taskType%253DTEST%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational
apollographql-client-version
39220e
x-datadog-parent-id
7224522398613855309
x-datadog-trace-id
4651585016531031212
graphql-schema-version
39220e

Response headers

date
Wed, 21 Feb 2024 17:09:41 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-dns-prefetch-control
off
uuid
00bd90f0-d0dc-11ee-8325-fd93464d7c4e
content-length
23
x-xss-protection
0
referrer-policy
same-origin
etag
W/"17-3u7w0oqvZTJFDVUjVePifsLb5k0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://app.vanta.com
x-download-options
noopen
access-control-allow-credentials
true
x-robots-tag
noindex
releasesettings
client-api.auryc.com/
2 B
160 B
XHR
General
Full URL
https://client-api.auryc.com/releasesettings?lib=Web
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.2cc4f499.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.66.73.214 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
214.73.66.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-authorized-identity
2792-Main-prod-heap
Referer
https://app.vanta.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
x-authorized-token
b8f4daa15b465e82641d4ee5be8cbc25

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000 ; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 21 Feb 2024 17:09:41 GMT
server
istio-envoy
vary
accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://app.vanta.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
4
x-xss-protection
1; mode=block
expires
0
releasesettings
client-api.auryc.com/ Frame
0
0
Preflight
General
Full URL
https://client-api.auryc.com/releasesettings?lib=Web
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.66.73.214 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
214.73.66.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
x-authorized-identity,x-authorized-token
Access-Control-Request-Method
GET
Origin
https://app.vanta.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
x-authorized-identity, x-authorized-token
access-control-allow-methods
OPTIONS,HEAD,GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://app.vanta.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
date
Wed, 21 Feb 2024 17:09:41 GMT
expires
0
pragma
no-cache
server
istio-envoy
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
x-frame-options
DENY
x-xss-protection
1; mode=block
login-bg.e278c91b.png
static.vanta.com/static/
147 KB
149 KB
Image
General
Full URL
https://static.vanta.com/static/login-bg.e278c91b.png
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/login?continue=https%3A%2F%2Fapp.vanta.com%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Ftests%253Ftab%253DHR%2526status%253DNEEDS_REMEDIATION%2526status%253DDUE_SOON%2526status%253DOVERDUE%2526taskType%253DTEST%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb6cf50663ee1130f5bd005ef4569175e096afb8f8ec037abce21a5dcea49e8f
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:42 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
150990
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
"2c3f5c35f6491fe91af16525ac0776e6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EQ1J4mP2NVUAwm%2FpO8sG5FBhAnpoul3ApGaOulg%2FtLG%2FoP2FeTfp9Gsw1MIKwkJLo6uAQW%2FBb6vvrafFxZtRZg5ARqpVZvPHT8fGqMgEbvA6mRSz8%2Ff37tyGwJSNYBpiEtZwmlpxIyUNR7PVRdtK"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
85909939aba1437a-EWR
L0x8DFMnlVwD4h3hu_qn.woff2
fonts.gstatic.com/s/domine/v20/
27 KB
27 KB
Font
General
Full URL
https://fonts.gstatic.com/s/domine/v20/L0x8DFMnlVwD4h3hu_qn.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Domine:wght@400;600&family=Inter:wght@300;400;500;600;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4ca7a2bf57b8f60a37d94646e7e67ffda591d8816c58a054d8ff1cc4103ba902
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://app.vanta.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 03:22:29 GMT
x-content-type-options
nosniff
age
136032
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28060
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 22:44:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 19 Feb 2025 03:22:29 GMT
fa-solid-900.606c9fa0.woff2
static.vanta.com/static/
318 KB
320 KB
Font
General
Full URL
https://static.vanta.com/static/fa-solid-900.606c9fa0.woff2
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.fd190e71.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4ce23501f658a336323bd90b52746e73e0ddca6be18651594d169b263db5410
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

Referer
https://static.vanta.com/static/index.fd190e71.css
Origin
https://app.vanta.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:42 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
325592
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
"fe9f0be7aa9c07747ec8302c87649404"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VD2WAcWZSalqEoBAhLAMPKwBnJ%2FQCzrfG0io%2FOsGlF0SbSD7BQAg3VGwj0lgWuOXshqOT1ca%2BAq24rYFK%2ByaY4PhWJkfFKLrNleGbB%2FPCIgxcAVLUITa8Y8hlR69ibIfCL4%2BaZSILyRqicHke6hE"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
859099396fc666a6-AMS
auryc.lib.js
cdn.heapanalytics.com/js/replay/libs/latest/
695 KB
186 KB
Script
General
Full URL
https://cdn.heapanalytics.com/js/replay/libs/latest/auryc.lib.js
Requested by
Host: cdn.heapanalytics.com
URL: https://cdn.heapanalytics.com/js/replay/2792-Main-prod-heap/container.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
13.32.27.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-5.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7453f365efcae51a65348be81f1fa623448c5df91843e1d242915c3dbd202064

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id
aitZvcoPD_hHYU9VIsednC_iAFYeXHQg
content-encoding
gzip
via
1.1 22b9ddafebf39d72780d68dad970d218.cloudfront.net (CloudFront)
date
Wed, 21 Feb 2024 07:21:14 GMT
age
35309
x-amz-cf-pop
FRA56-C2
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
189887
last-modified
Tue, 13 Feb 2024 17:59:41 GMT
server
AmazonS3
etag
"49a5e68ece9e7831ecfad5e0b2ea3cd0"
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
nWFpHCy-TBgs6TGnTn5-WOwbEGyrtFzQvejDr_Vh-VSrs0hGcOJquA==
siteconfig
client-api.auryc.com/ Frame
0
0
Preflight
General
Full URL
https://client-api.auryc.com/siteconfig?lib=web
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.66.73.214 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
214.73.66.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-authorized-identity,x-authorized-token
Access-Control-Request-Method
GET
Origin
https://app.vanta.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type, x-authorized-identity, x-authorized-token
access-control-allow-methods
OPTIONS,HEAD,GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://app.vanta.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
date
Wed, 21 Feb 2024 17:09:42 GMT
expires
0
pragma
no-cache
server
istio-envoy
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
x-frame-options
DENY
x-xss-protection
1; mode=block
siteconfig
client-api.auryc.com/
2 KB
1 KB
XHR
General
Full URL
https://client-api.auryc.com/siteconfig?lib=web
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.2cc4f499.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.66.73.214 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
214.73.66.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
66a4e2b283fdd7f741f768185a427d4358582b27919de28b6eae69adabe2f532
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-authorized-identity
2792-Main-prod-heap
Referer
https://app.vanta.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
x-authorized-token
b8f4daa15b465e82641d4ee5be8cbc25
Content-Type
application/json

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000 ; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 21 Feb 2024 17:09:42 GMT
server
istio-envoy
vary
accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://app.vanta.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
x-xss-protection
1; mode=block
expires
0
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 7DD1
200 B
1 KB
Document
General
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-49.muc50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.vanta.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
879
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 21 Feb 2024 16:55:07 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Wed, 14 Feb 2024 22:10:56 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 c7e33a86531bfe239a9c43428fc5c122.cloudfront.net (CloudFront)
x-amz-cf-id
Vt5Z8Zxdj1Ipl6zEHBpj7MSaSvkls2kJXQ28Y2sd6WZDpKEaECje4w==
x-amz-cf-pop
MUC50-P2
x-cache
Hit from cloudfront
x-content-type-options
nosniff
m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
js.stripe.com/v3/fingerprinted/js/ Frame 7DD1
526 B
1 KB
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-49.muc50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 16:55:07 GMT
via
1.1 c7e33a86531bfe239a9c43428fc5c122.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
age
879
x-amz-cf-pop
MUC50-P2
x-cache
Hit from cloudfront
content-length
526
last-modified
Wed, 14 Feb 2024 22:10:55 GMT
server
Cloudfront
etag
"d96c709017743c0759cf3853d1806ba5"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
TtRcKTvkbcxD95gV7jl2ss4DPvEdmUbvfQee_VPWr4LmPLyLjHUNLg==
csp-report
q.stripe.com/ Frame 7DD1
0
717 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.186.23.98 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 21 Feb 2024 17:09:43 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1708535383140844
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
0
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1708535383140577
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame 7DD1
0
718 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.186.23.98 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 21 Feb 2024 17:09:43 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1708535383140828
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
0
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1708535383140511
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
rum
rum.browser-intake-datadoghq.com/api/v2/
53 B
344 B
Fetch
General
Full URL
https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.46.0%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aweb-client%2Cversion%3Af018081a5d16d6afcef00fd9e0a1dac45a187f92&dd-api-key=pub5be58c436de630b41550fa3f1691dcfb&dd-evp-origin-version=4.46.0&dd-evp-origin=browser&dd-request-id=bd5137b7-fbd1-47df-b1a6-f42753b342b5&batch_time=1708535382647
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.2cc4f499.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b900:3169:462d:2c37:b982 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3d7c42563c38950a120b013a30533eab998e7bbf798f4fe58cfdafc08dcce80
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.vanta.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 21 Feb 2024 17:09:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
bd5137b7-fbd1-47df-b1a6-f42753b342b5
inner.html
m.stripe.network/ Frame 3AEE
930 B
2 KB
Document
General
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225b:c800:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
3
cache-control
max-age=300, public
content-length
930
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 21 Feb 2024 17:09:40 GMT
etag
"06bfcd88af438673a8bf9b845a11aa6e"
last-modified
Fri, 30 Jun 2023 14:32:28 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding, Origin
via
1.1 f4c3162878591c5abd76f8ee1f873476.cloudfront.net (CloudFront)
x-amz-cf-id
wS-agb7iSP9jkp_TRd4G9-eUNCPHOvz3wS0AmtzdK-SVZuTj0jdmeA==
x-amz-cf-pop
MUC50-P1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
766b5926-236d-4228-a618-991d7e954c31
https://app.vanta.com/
85 B
0
Other
General
Full URL
blob:https://app.vanta.com/766b5926-236d-4228-a618-991d7e954c31
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3b272e43c528bdb75ea6aacc0fdd09ce62573a3849869f7ea80d532de6a8c57d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Length
85
Content-Type
application/javascript
csp-report
q.stripe.com/ Frame 3AEE
0
491 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DHR%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.186.23.98 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 21 Feb 2024 17:09:43 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1708535383141234
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
x-stripe-server-envoy-upstream-service-time-ms
0
x-stripe-client-envoy-start-time-us
1708535383140731
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
expires
0
out-4.5.43.js
m.stripe.network/ Frame 3AEE
87 KB
15 KB
Script
General
Full URL
https://m.stripe.network/out-4.5.43.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225b:c800:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 17:09:04 GMT
content-encoding
br
via
1.1 f4c3162878591c5abd76f8ee1f873476.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
last-modified
Fri, 30 Jun 2023 14:32:28 GMT
server
Cloudfront
age
39
x-content-type-options
nosniff
etag
W/"69cb7809b5011312e716f29b3d19dce6"
x-amz-cf-pop
MUC50-P1
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
x-amz-cf-id
_Bq4W97_qBQHb0iOVV04wi9KfP1K-SJPTH__jTkONt03gsQQzbw5Lg==
h
heapanalytics.com/
37 B
261 B
Image
General
Full URL
https://heapanalytics.com/h?a=948124972&u=1002972513661258&v=5444670712086864&s=3200738353716579&b=web&tv=4.0&z=0&h=%2Flogin&q=%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdomain-redirect%252F657234bfea18d7882cf36ac6%252F%253Fcontinue%253Dhttps%25253A%25252F%25252Fapp.vanta.com%25252Ftests%25253Ftab%25253DHR%252526status%25253DNEEDS_REMEDIATION%252526status%25253DDUE_SOON%252526status%25253DOVERDUE%252526taskType%25253DTEST%252526utm_campaign%25253DWeeklySummary%252526utm_medium%25253Demail%252526utm_source%25253Doperational&d=app.vanta.com&t=Vanta&ts=1708535381823&sch=1200&scw=1600&st=1708535382818
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.206.130.49 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.vanta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 21 Feb 2024 17:09:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
etag
W/"25-4iFqfptz9csCeTUceM5hwzR1zqc"
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
37
6
m.stripe.com/ Frame 3AEE
156 B
670 B
XHR
General
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.111.178 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
a67390cd27f8d64a87ca89a11241a51b796eb1e790938b6f41998ec5fea92d57
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
green
date
Wed, 21 Feb 2024 17:09:43 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1708535383309933
server
nginx
content-type
application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms
5
access-control-allow-origin
https://m.stripe.network
x-stripe-client-envoy-start-time-us
1708535383309471
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
598342ad-a2a5-4f2a-8cb4-39ffdfd9bdc5
https://app.vanta.com/
85 B
0
Other
General
Full URL
blob:https://app.vanta.com/598342ad-a2a5-4f2a-8cb4-39ffdfd9bdc5
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3b272e43c528bdb75ea6aacc0fdd09ce62573a3849869f7ea80d532de6a8c57d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Length
85
Content-Type
application/javascript

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| s object| scriptSrcs object| scriptIds number| scriptIdx string| scriptUrl object| scriptId function| parcelRequiree1d7 object| regeneratorRuntime object| DD_LOGS object| DD_RUM object| __core-js_shared__ object| core object| vttjs function| WebVTT function| setImmediate function| clearImmediate function| parcelRequire9fc0 object| ChiliPiper boolean| _pdfjsCompatibilityChecked object| heap object| chmln string| __AURYC_JSLIB_PATH__ object| aurycReadyCb object| auryc object| aurycEventPropertiesCb object| webpackChunkStripeJSouter function| noop function| Stripe boolean| aurycInit number| aurycLoadedTime object| aurycJsLibConfig function| launchAurycEventMarker object| aurycBehaviorAPI object| aurycRecordAPI object| aurycFeedbackAPI

5 Cookies

Domain/Path Name / Value
.vanta.com/ Name: _hp2_id.948124972
Value: %7B%22userId%22%3A%221002972513661258%22%2C%22pageviewId%22%3A%225444670712086864%22%2C%22sessionId%22%3A%223200738353716579%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
.vanta.com/ Name: _hp2_ses_props.948124972
Value: %7B%22z%22%3A0%2C%22ts%22%3A1708535381823%2C%22d%22%3A%22app.vanta.com%22%2C%22h%22%3A%22%2Flogin%22%2C%22t%22%3A%22Vanta%22%2C%22q%22%3A%22%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdomain-redirect%252F657234bfea18d7882cf36ac6%252F%253Fcontinue%253Dhttps%25253A%25252F%25252Fapp.vanta.com%25252Ftests%25253Ftab%25253DHR%252526status%25253DNEEDS_REMEDIATION%252526status%25253DDUE_SOON%252526status%25253DOVERDUE%252526taskType%25253DTEST%252526utm_campaign%25253DWeeklySummary%252526utm_medium%25253Demail%252526utm_source%25253Doperational%22%7D
app.vanta.com/ Name: _dd_s
Value: logs=1&id=335a75d5-c516-41ed-a78c-00dedcea4f7f&created=1708535381549&expire=1708536281551&rum=1
.vanta.com/ Name: userty.core.p.b970b0
Value: __2VySWQiOiIzODk3ZGE5MzI2ZWE0NmRlMTExNTRkZWE1MmI2Y2VjOSJ9eyJ1c
.vanta.com/ Name: userty.core.s.b970b0
Value: __SI6MTcwODUzNzE4Mjc0Mywic2lkIjoiNGQ1NjVkZjY1ZGU0ZTg3Nzc2NGRhNThjN2E0M2QwM2EiLCJzdCI6MTcwODUzNTM4Mjc0MywicHYiOjEsInJlYWR5Ijp0cnVlLCJ3cyI6IntcIndcIjoxNjAwLFwiaFwiOjEyMDB9In0=eyJzZ

2 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
other warning URL: https://app.vanta.com/login?continue=https%3A%2F%2Fapp.vanta.com%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Ftests%253Ftab%253DHR%2526status%253DNEEDS_REMEDIATION%2526status%253DDUE_SOON%2526status%253DOVERDUE%2526taskType%253DTEST%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.vanta.com
cdn.heapanalytics.com
client-api.auryc.com
fast.trychameleon.com
fonts.googleapis.com
fonts.gstatic.com
heapanalytics.com
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com
rum.browser-intake-datadoghq.com
static.vanta.com
108.138.36.49
13.32.27.5
151.101.194.137
2600:1f18:24e6:b900:3169:462d:2c37:b982
2600:9000:225b:c800:19:7d10:bd80:93a1
2a00:1450:4001:829::200a
2a00:1450:4001:830::2003
2a06:98c1:3120::3
34.66.73.214
44.206.130.49
44.240.111.178
52.203.10.41
54.173.8.131
54.186.23.98
0bfba3c3fd364f0ddfaa9ace74f3fa25df63ac491e541b8e342195d51a52afd4
0fe02f62f7609cef88ad3183a29e22e6e7b91ab5dcfaa60ec1afdb6c2adb5cb7
2b7265fb8e98286a6e61d73e4278df35c0e911db1e8a94c82836d0b21088125b
2deb95ef88cf7806b256a593b9d984b3f6015f9e3d3623da948a499e570be835
331215b2d754c35f93a1868c74124b059095b34b1b49625c9bf149a0e8a19518
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
39e72c0794c12f2dbb14a0f61ca946b535f795b1478fcf795bd26e5cb52ded34
3b272e43c528bdb75ea6aacc0fdd09ce62573a3849869f7ea80d532de6a8c57d
3c32d161cfee462cdfb38beec0dc3bbe9d111724d93cd3e286aa043bb2b011b3
4ca7a2bf57b8f60a37d94646e7e67ffda591d8816c58a054d8ff1cc4103ba902
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
62a8861c690530c4839336e3adeca2f4c657b9be080566a900f4b46982e347a6
66a4e2b283fdd7f741f768185a427d4358582b27919de28b6eae69adabe2f532
6bbaeca3971834b646b6ac5ef10a82be7f6fccb409950f00d40206db70fe329f
7453f365efcae51a65348be81f1fa623448c5df91843e1d242915c3dbd202064
789066657a624ce038d2023f0cf18b10ea28981632fd3e72e6ec69fbd613d90b
810ec34dabbebed972e1a0a93eb83928d505aeb41e4ab8a8205ae0a18616368e
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
990151cb10e0ca555e02f771cfdcd347522fbff5a89de93bf8043b3c99d6f03c
9beae50b8ea51cca1e4fe63ceee608977173aeb44a1d1fa6297d93a3e77f5bd8
a4ce23501f658a336323bd90b52746e73e0ddca6be18651594d169b263db5410
a67390cd27f8d64a87ca89a11241a51b796eb1e790938b6f41998ec5fea92d57
b2abd13aeaa208c5820eedbbf03d2eec6c6702a69255cb1f0809eb358455c710
b2c69d708a8abc8a503d23d344b9eeab2159d0a609d60620a7f6c58212f5b8e0
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c65c5cc8c4671fa42f3d76452be2f573e438aff75ae43eddc9924cb7ee64f9a1
c7682fb89236766d039f9c72f89dca916ef0003a9c43eba22ca9704194c15115
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e13e3921dc321693454c42f7c27b102136ea2d5264b8d6294b47f801cc72cb69
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d7c42563c38950a120b013a30533eab998e7bbf798f4fe58cfdafc08dcce80
ece27120b58c0646ec50fd3b78f13d0bb73e7f3cbac1fbcb9d04bb2584454533
ef42f4aa8f0b88e6d1cf013c7b79133dc4e036a011a70a25fb3113d7685520f0
f48582eae2169bd5126b907566d7c70af153b9daff643866b5b98fdac29bd5e7
fb6cf50663ee1130f5bd005ef4569175e096afb8f8ec037abce21a5dcea49e8f
fd14ad513302b20c3cfc56ddf50e0cbb6c7b37e90929c09cdc0983215e8d305f
fd5a92c88316ca463ea150865cfc8dc17929e4aa6ec7ba786e300cf27e8aae69