urlscan.io logo urlscan.io
SecurityTrails logo

emesa.mopinion.com Open in urlscan Pro
2a05:d018:f65:f801:5331:cde1:dd22:6415  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://thankyou.qualifioapp.com/t/DAAEAAAAAAAAABIIflCnUnYhWmDknmZhZnfebkUY7QA=?https://emesa.mopinion.com/survey/public/take-sur...
Effective URL: https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55
Submission: On August 11 via api from BE — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 4 countries across 2 domains to perform 10 HTTP transactions. The main IP is 2a05:d018:f65:f801:5331:cde1:dd22:6415, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is emesa.mopinion.com.
TLS certificate: Issued by RapidSSL TLS ECC CA G1 on July 24th 2023. Valid for: a year.
This is the only time emesa.mopinion.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 178.33.132.141 16276 (OVH)
1 4 2a05:d018:f65... 16509 (AMAZON-02)
2 2600:9000:223... 16509 (AMAZON-02)
2 2a05:d018:f65... 16509 (AMAZON-02)
3 161.35.244.235 14061 (DIGITALOC...)
10 4
1    178.33.132.141 (France)

ASN16276 (OVH, FR)
PTR: mail.thankyou.qualifioapp.com
thankyou.qualifioapp.com
4    2a05:d018:f65:f801:5331:cde1:dd22:6415 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
emesa.mopinion.com
2    2600:9000:223d:5c00:0:c708:1080:93a1 (United States)

ASN16509 (AMAZON-02, US)
cacheorcheck.mopinion.com
2    2a05:d018:f65:f802:d2c:4250:587b:c589 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
survey.mopinion.com
3    161.35.244.235 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
fonts.mopinion.com
gstatic.mopinion.com
Apex Domain
Subdomains		 Transfer
11 mopinion.com
emesa.mopinion.com
cacheorcheck.mopinion.com — Cisco Umbrella Rank: 41554
survey.mopinion.com
fonts.mopinion.com — Cisco Umbrella Rank: 66520
gstatic.mopinion.com
157 KB
1 qualifioapp.com
thankyou.qualifioapp.com
199 B
10 2
Domain Requested by
4 emesa.mopinion.com 1 redirects emesa.mopinion.com
2 gstatic.mopinion.com fonts.mopinion.com
2 survey.mopinion.com emesa.mopinion.com
2 cacheorcheck.mopinion.com emesa.mopinion.com
1 fonts.mopinion.com emesa.mopinion.com
1 thankyou.qualifioapp.com 1 redirects
10 6

This site contains links to these domains. Also see Links.

Domain
mopinion.com
Subject Issuer Validity Valid
*.mopinion.com
RapidSSL TLS ECC CA G1		 2023-07-24 -
2024-08-18		 a year crt.sh

This page contains 1 frames:

Primary Page: https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55
Frame ID: F9A5C027E30AFBBD32A30BCC598A4DC2
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Feedback form by Mopinion

Page URL History Show full URLs

  1. https://thankyou.qualifioapp.com/t/DAAEAAAAAAAAABIIflCnUnYhWmDknmZhZnfebkUY7QA=?https://emesa.mopinion.com/su... HTTP 302
    https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55?thumbs=po... HTTP 302
    https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55 Page URL

Page Statistics

10
Requests

100 %
HTTPS

60 %
IPv6

2
Domains

6
Subdomains

4
IPs

4
Countries

154 kB
Transfer

529 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://thankyou.qualifioapp.com/t/DAAEAAAAAAAAABIIflCnUnYhWmDknmZhZnfebkUY7QA=?https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55?thumbs=positive HTTP 302
    https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55?thumbs=positive HTTP 302
    https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 8cd8bb53b49853e6e50ae1b59082e2695efbdf55
emesa.mopinion.com/survey/public/take-survey/
Redirect Chain
  • https://thankyou.qualifioapp.com/t/DAAEAAAAAAAAABIIflCnUnYhWmDknmZhZnfebkUY7QA=?https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55?thumbs=positive
  • https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55?thumbs=positive
  • https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55
5 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a05:d018:f65:f801:5331:cde1:dd22:6415 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
bf144261c87d603a8a10bab471dfe8e3e3ee0e1b8b87d9df89c989eeefce2d78
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src *; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src *; worker-src blob:
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

access-control-allow-headers
Access-Control-Allow-Origin,X-Requested-With,Cache-Control,token,Content-Type,key,Content-Encoding
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-security-policy
default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src *; worker-src blob:
content-type
text/html; charset=UTF-8
date
Fri, 11 Aug 2023 04:20:18 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
referrer-policy
same-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-security-policy
default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src *; worker-src blob:
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block

Redirect headers

access-control-allow-headers
Access-Control-Allow-Origin,X-Requested-With,Cache-Control,token,Content-Type,key,Content-Encoding
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
content-security-policy
default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src *; worker-src blob:
content-type
text/html; charset=UTF-8
date
Fri, 11 Aug 2023 04:20:18 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55
pragma
no-cache
referrer-policy
same-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-security-policy
default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src *; worker-src blob:
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
take_survey.css
emesa.mopinion.com/assets/css/ 		9 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://emesa.mopinion.com/assets/css/take_survey.css?v=1.5
Requested by
Host: emesa.mopinion.com
URL: https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a05:d018:f65:f801:5331:cde1:dd22:6415 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
ce3af9146c303535260d8f2d8ed4dc061438f38b11720280171d11d9fa42c6cf
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com app.getbeamer.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com youtube.com www.youtube.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com app.getbeamer.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com *.google.nl *.google.de *.google.fr *.google.co.uk *.google.se *.google.com.au *.google.ca *.google.be *.google.it *.google.ie *.google.is *.google.dk *.google.no *.google.ch *.google.at mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net app.getbeamer.com heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com *.doubleclick.net backend.getbeamer.com sentry.io *.ingest.sentry.io heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src 'self' youtube.com www.youtube.com player.vimeo.com groove-widget-production.s3.amazonaws.com js.stripe.com app.getbeamer.com changelog.mopinion.com; object-src 'none'; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com app.getbeamer.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com youtube.com www.youtube.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com app.getbeamer.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com *.google.nl *.google.de *.google.fr *.google.co.uk *.google.se *.google.com.au *.google.ca *.google.be *.google.it *.google.ie *.google.is *.google.dk *.google.no *.google.ch *.google.at mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net app.getbeamer.com heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com *.doubleclick.net backend.getbeamer.com sentry.io *.ingest.sentry.io heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src 'self' youtube.com www.youtube.com player.vimeo.com groove-widget-production.s3.amazonaws.com js.stripe.com app.getbeamer.com changelog.mopinion.com; object-src 'none'; worker-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-content-security-policy
default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com app.getbeamer.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com youtube.com www.youtube.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com app.getbeamer.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com *.google.nl *.google.de *.google.fr *.google.co.uk *.google.se *.google.com.au *.google.ca *.google.be *.google.it *.google.ie *.google.is *.google.dk *.google.no *.google.ch *.google.at mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net app.getbeamer.com heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com *.doubleclick.net backend.getbeamer.com sentry.io *.ingest.sentry.io heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src 'self' youtube.com www.youtube.com player.vimeo.com groove-widget-production.s3.amazonaws.com js.stripe.com app.getbeamer.com changelog.mopinion.com; object-src 'none'; worker-src blob:
date
Fri, 11 Aug 2023 04:20:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com app.getbeamer.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com youtube.com www.youtube.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com app.getbeamer.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com *.google.nl *.google.de *.google.fr *.google.co.uk *.google.se *.google.com.au *.google.ca *.google.be *.google.it *.google.ie *.google.is *.google.dk *.google.no *.google.ch *.google.at mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net app.getbeamer.com heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com *.doubleclick.net backend.getbeamer.com sentry.io *.ingest.sentry.io heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src 'self' youtube.com www.youtube.com player.vimeo.com groove-widget-production.s3.amazonaws.com js.stripe.com app.getbeamer.com changelog.mopinion.com; object-src 'none'; worker-src blob:
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 17 Jun 2020 09:03:25 GMT
server
nginx
etag
W/"5ee9dc5d-2368"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=604800
access-control-allow-headers
Access-Control-Allow-Origin,X-Requested-With,Cache-Control,token,Content-Type,key,Content-Encoding
expires
Fri, 18 Aug 2023 04:20:18 GMT
survey.min.js
emesa.mopinion.com/assets/surveys/2.0/js/ 		266 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://emesa.mopinion.com/assets/surveys/2.0/js/survey.min.js
Requested by
Host: emesa.mopinion.com
URL: https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a05:d018:f65:f801:5331:cde1:dd22:6415 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a61ec66b389600a899aca6d5eae3de6d03f4a961ef123e5ad74e087616931651
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com app.getbeamer.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com youtube.com www.youtube.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com app.getbeamer.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com *.google.nl *.google.de *.google.fr *.google.co.uk *.google.se *.google.com.au *.google.ca *.google.be *.google.it *.google.ie *.google.is *.google.dk *.google.no *.google.ch *.google.at mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net app.getbeamer.com heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com *.doubleclick.net backend.getbeamer.com sentry.io *.ingest.sentry.io heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src 'self' youtube.com www.youtube.com player.vimeo.com groove-widget-production.s3.amazonaws.com js.stripe.com app.getbeamer.com changelog.mopinion.com; object-src 'none'; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com app.getbeamer.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com youtube.com www.youtube.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com app.getbeamer.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com *.google.nl *.google.de *.google.fr *.google.co.uk *.google.se *.google.com.au *.google.ca *.google.be *.google.it *.google.ie *.google.is *.google.dk *.google.no *.google.ch *.google.at mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net app.getbeamer.com heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com *.doubleclick.net backend.getbeamer.com sentry.io *.ingest.sentry.io heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src 'self' youtube.com www.youtube.com player.vimeo.com groove-widget-production.s3.amazonaws.com js.stripe.com app.getbeamer.com changelog.mopinion.com; object-src 'none'; worker-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://emesa.mopinion.com/survey/public/take-survey/8cd8bb53b49853e6e50ae1b59082e2695efbdf55
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-content-security-policy
default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com app.getbeamer.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com youtube.com www.youtube.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com app.getbeamer.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com *.google.nl *.google.de *.google.fr *.google.co.uk *.google.se *.google.com.au *.google.ca *.google.be *.google.it *.google.ie *.google.is *.google.dk *.google.no *.google.ch *.google.at mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net app.getbeamer.com heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com *.doubleclick.net backend.getbeamer.com sentry.io *.ingest.sentry.io heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src 'self' youtube.com www.youtube.com player.vimeo.com groove-widget-production.s3.amazonaws.com js.stripe.com app.getbeamer.com changelog.mopinion.com; object-src 'none'; worker-src blob:
date
Fri, 11 Aug 2023 04:20:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com app.getbeamer.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com youtube.com www.youtube.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com app.getbeamer.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com *.google.nl *.google.de *.google.fr *.google.co.uk *.google.se *.google.com.au *.google.ca *.google.be *.google.it *.google.ie *.google.is *.google.dk *.google.no *.google.ch *.google.at mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net app.getbeamer.com heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com *.doubleclick.net backend.getbeamer.com sentry.io *.ingest.sentry.io heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src 'self' youtube.com www.youtube.com player.vimeo.com groove-widget-production.s3.amazonaws.com js.stripe.com app.getbeamer.com changelog.mopinion.com; object-src 'none'; worker-src blob:
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 10 Aug 2023 14:08:05 GMT
server
nginx
etag
W/"64d4ef45-427ff"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
access-control-allow-headers
Access-Control-Allow-Origin,X-Requested-With,Cache-Control,token,Content-Type,key,Content-Encoding
expires
Fri, 18 Aug 2023 04:20:18 GMT
json-config
cacheorcheck.mopinion.com/survey/public/ 		199 KB
26 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cacheorcheck.mopinion.com/survey/public/json-config?key=8cd8bb53b49853e6e50ae1b59082e2695efbdf55&domain=emesa.mopinion.com&withBase=true
Requested by
Host: emesa.mopinion.com
URL: https://emesa.mopinion.com/assets/surveys/2.0/js/survey.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:5c00:0:c708:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx / Mopinion.com
Resource Hash
766ff476719fe98f1e575183e3b1e5ae234655f635e022a701fd792d2a18ffeb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 16:50:12 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
via
1.1 474733f16f494ddb794b4f7dfd7de966.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-powered-by
Mopinion.com
age
41407
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Thu, 10 Aug 2023 10:04:55 GMT
server
nginx
x-frame-options
SAMEORIGIN
access-control-allow-methods
*
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
X-Api-Version, X-Request-Id, X-Response-Time
cache-control
public, max-age=86400
vary
Accept-Encoding
access-control-allow-headers
Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Expose-Headers,Cache-Control,Last-Modified,X-Frame-Options,Strict-Transport-Security,X-Content-Type-Options,X-XSS-Protection,Server,Origin,Accept,Accept-Version,Content-Length,Content-MD5,Content-Type,Date,X-Api-Version,X-Response-Time,X-PINGOTHER,X-CSRF-Token,Authorization
x-amz-cf-id
jmEGFfhrI-v6p3DVF5GaeGEGrq_XqgS6ydfQWHAjdWM95aTkfQ0b-w==
image
cacheorcheck.mopinion.com/survey/public/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cacheorcheck.mopinion.com/survey/public/image?file=https://s3-eu-west-1.amazonaws.com/efm/logo/_upload_ZRtcBL64tY3u.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:5c00:0:c708:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx / Mopinion.com
Resource Hash
2e6f4d378b56af1dcb401a82365fe03237725f8f2de05e596cfde4ade4e4d075
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 14:00:09 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
via
1.1 e94c77a12a65a84cbcef7856ed7e0fb8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
age
51610
x-powered-by
Mopinion.com
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Thu, 10 Aug 2023 10:04:58 GMT
server
nginx
x-frame-options
SAMEORIGIN
access-control-allow-methods
*
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-Api-Version, X-Request-Id, X-Response-Time
cache-control
public, max-age=86400
access-control-allow-headers
Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Expose-Headers,Cache-Control,Last-Modified,X-Frame-Options,Strict-Transport-Security,X-Content-Type-Options,X-XSS-Protection,Server,Origin,Accept,Accept-Version,Content-Length,Content-MD5,Content-Type,Date,X-Api-Version,X-Response-Time,X-PINGOTHER,X-CSRF-Token,Authorization
x-amz-cf-id
VQdrVB3Uad2AzowF2YR-0dKYPSlfS_qsmrdCemoPIP0SnyJybwjNRA==
data
survey.mopinion.com/api/1/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://survey.mopinion.com/api/1/data
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a05:d018:f65:f802:d2c:4250:587b:c589 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://emesa.mopinion.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-headers
Access-Control-Allow-Origin,X-Requested-With,Cache-Control,token,Content-Type,key,Content-Encoding
access-control-allow-origin
*
allow
POST, OPTIONS
content-length
0
content-type
text/html; charset=utf-8
date
Fri, 11 Aug 2023 04:20:19 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-xss-protection
1; mode=block
data
survey.mopinion.com/api/1/ 		90 B
435 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://survey.mopinion.com/api/1/data
Requested by
Host: emesa.mopinion.com
URL: https://emesa.mopinion.com/assets/surveys/2.0/js/survey.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a05:d018:f65:f802:d2c:4250:587b:c589 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
2050a3771da4812cab56ac73032789a01bef070ad0b9aae663fbbab64b68b6ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 11 Aug 2023 04:20:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Access-Control-Allow-Origin,X-Requested-With,Cache-Control,token,Content-Type,key,Content-Encoding
x-xss-protection
1; mode=block
css
fonts.mopinion.com/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.mopinion.com/css?family=Nunito|Nunito+Sans|Open+Sans
Requested by
Host: emesa.mopinion.com
URL: https://emesa.mopinion.com/assets/surveys/2.0/js/survey.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
161.35.244.235 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
acf8f2314a3655f039771f2184f9296ba4e686be29328b7a0341ed986eddf57e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Fri, 11 Aug 2023 04:20:19 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
transfer-encoding
chunked
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 11 Aug 2023 04:20:19 GMT
server
nginx
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 10 Aug 2024 04:20:19 GMT
pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp5F5bxqqtQ1yiU4G1ilXs1Ul.woff2
gstatic.mopinion.com/s/nunitosans/v15/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://gstatic.mopinion.com/s/nunitosans/v15/pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp5F5bxqqtQ1yiU4G1ilXs1Ul.woff2
Requested by
Host: fonts.mopinion.com
URL: https://fonts.mopinion.com/css?family=Nunito|Nunito+Sans|Open+Sans
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
161.35.244.235 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
38a3a7b587a96ccb845942e710e2f7063a11406ecd054e98772160e2e49a77ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.mopinion.com/
Origin
https://emesa.mopinion.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Fri, 11 Aug 2023 04:20:19 GMT
x-content-type-options
nosniff
age
524400
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13860
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 00:20:32 GMT
server
nginx
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 10 Aug 2024 04:20:19 GMT
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
gstatic.mopinion.com/s/opensans/v35/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://gstatic.mopinion.com/s/opensans/v35/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Requested by
Host: fonts.mopinion.com
URL: https://fonts.mopinion.com/css?family=Nunito|Nunito+Sans|Open+Sans
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
161.35.244.235 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.mopinion.com/
Origin
https://emesa.mopinion.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Fri, 11 Aug 2023 04:20:19 GMT
x-content-type-options
nosniff
age
571109
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18664
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:19:23 GMT
server
nginx
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 10 Aug 2024 04:20:19 GMT

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| srv object| mopinionSurvey object| loadParams

5 Cookies

Domain/Path Name / Value
emesa.mopinion.com/survey/public/take-survey Name: 8cd8bb53b49853e6e50ae1b59082e2695efbdf55
Value: %3Fthumbs%3Dpositive
emesa.mopinion.com/ Name: SESS_ID
Value: 4d5ad4198c7c648fddfd337ad20a6a95
emesa.mopinion.com/ Name: PHPSESSID
Value: 7b00dd6ad68326799a238bdf6def4e0f
emesa.mopinion.com/ Name: AWSALB
Value: A2U5NK068l5N0V4yC4PRxwNqt1oEVmMb2rgDIcVjtb5NCfjSapuDGjWkxvZgiqUEMWd6CrgcOpUPCKurDZ2NkoxfpLY6vcaQQnGuAkqtktZRTY7y1E2YW8OtZ70j
emesa.mopinion.com/ Name: AWSALBCORS
Value: A2U5NK068l5N0V4yC4PRxwNqt1oEVmMb2rgDIcVjtb5NCfjSapuDGjWkxvZgiqUEMWd6CrgcOpUPCKurDZ2NkoxfpLY6vcaQQnGuAkqtktZRTY7y1E2YW8OtZ70j

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src *; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src *; worker-src blob:
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block