idp.ecovadis-survey.com Open in urlscan Pro
2620:1ec:bdf::45 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.ecovadis-survey.com/app/
Effective URL:
https://idp.ecovadis-survey.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dbellucci%26redirect_uri%...
Submission: On July 13 via api (July 13th 2023, 5:33:35 pm UTC) from PH — Scanned from DE

Summary HTTP 30 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 7 domains to perform 30 HTTP transactions. The main IP is 2620:1ec:bdf::45, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is idp.ecovadis-survey.com. The Cisco Umbrella rank of the primary domain is 508794.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on February 20th 2023. Valid for: a year.

This is the only time idp.ecovadis-survey.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 24	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	34.250.244.242 34.250.244.242	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:249... 2600:9000:2491:f200:1b:df26:7b40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
1	52.222.169.77 52.222.169.77	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223f:7400:1f:aa31:7740:93a1	16509 (AMAZON-02) (AMAZON-02)
30	7

24 2620:1ec:bdf::45 (United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.ecovadis-survey.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
idp.ecovadis-survey.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.250.244.242 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-244-242.eu-west-1.compute.amazonaws.com

dub01.online.tableau.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2491:f200:1b:df26:7b40:93a1 (United States)

ASN16509 (AMAZON-02, US)

embedding.tableauusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.169.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-169-77.cdg52.r.cloudfront.net

static.site24x7rum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:7400:1f:aa31:7740:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.pendo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	ecovadis-survey.com 1 redirects www.ecovadis-survey.com — Cisco Umbrella Rank: 342997 idp.ecovadis-survey.com — Cisco Umbrella Rank: 508794	6 MB
2	tableau.com dub01.online.tableau.com — Cisco Umbrella Rank: 231754	46 KB
1	pendo.io cdn.pendo.io — Cisco Umbrella Rank: 1108	142 KB
1	site24x7rum.com static.site24x7rum.com — Cisco Umbrella Rank: 22495	409 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	76 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 88	1 KB
1	tableauusercontent.com embedding.tableauusercontent.com — Cisco Umbrella Rank: 721272	161 KB
30	7

	Domain	Requested by
13	idp.ecovadis-survey.com	1 redirects www.ecovadis-survey.com idp.ecovadis-survey.com
11	www.ecovadis-survey.com	www.ecovadis-survey.com
2	dub01.online.tableau.com	www.ecovadis-survey.com dub01.online.tableau.com
1	cdn.pendo.io	www.ecovadis-survey.com
1	static.site24x7rum.com	www.ecovadis-survey.com
1	www.googletagmanager.com	www.ecovadis-survey.com
1	fonts.googleapis.com	www.ecovadis-survey.com
1	embedding.tableauusercontent.com	www.ecovadis-survey.com
30	8

This site contains links to these domains. Also see Links.

Domain
www.ecovadis-survey.com
support.ecovadis.com

Subject Issuer	Validity	Valid
*.ecovadis-survey.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-20` - `2024-03-22`	a year	crt.sh
dub01.online.tableau.com Amazon RSA 2048 M02	`2023-02-09` - `2023-12-21`	10 months	crt.sh
tableauusercontent.com Amazon RSA 2048 M02	`2023-02-23` - `2023-11-24`	9 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.site24x7rum.com Amazon RSA 2048 M01	`2023-07-01` - `2024-07-29`	a year	crt.sh
cdn.pendo.io Amazon RSA 2048 M02	`2023-06-30` - `2024-07-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://idp.ecovadis-survey.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dbellucci%26redirect_uri%3Dhttps%253A%252F%252Fwww.ecovadis-survey.com%252Fapp%252F%2523%252Fsso-callback%253F%26response_type%3Did_token%2520token%26scope%3Dopenid%2520profile%2520actinguserid%2520anakinapi%2520idpapi%2520offline_access%26response_mode%3Dfragment%26nonce%3Dv0gdcu1jaem%26language%3Den-GB
Frame ID: AC6C7CBD20285087E0C1F1662E6D3A60
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | Ecovadis Platform

Page URL History Show full URLs

https://www.ecovadis-survey.com/app/ Page URL
https://idp.ecovadis-survey.com/connect/authorize/callback?client_id=bellucci&redirect_uri=https%3A%2F%2Fwww... HTTP 302
https://idp.ecovadis-survey.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dbell... Page URL

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

30
Requests

100 %
HTTPS

71 %
IPv6

7
Domains

8
Subdomains

7
IPs

3
Countries

6237 kB
Transfer

19530 kB
Size

6
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ecovadis-survey.com/app/#/password-reset?language=en-GB
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://support.ecovadis.com/hc/en-us/articles/115003531211-Legal-Notice-Data-Protection
Title: Legal notice - Data protection

Search URL Search Domain Scan URL

URL: https://support.ecovadis.com/
Title: Need help?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.ecovadis-survey.com/app/ Page URL
https://idp.ecovadis-survey.com/connect/authorize/callback?client_id=bellucci&redirect_uri=https%3A%2F%2Fwww.ecovadis-survey.com%2Fapp%2F%23%2Fsso-callback%3F&response_type=id_token%20token&scope=openid%20profile%20actinguserid%20anakinapi%20idpapi%20offline_access&response_mode=fragment&nonce=v0gdcu1jaem&language=en-GB HTTP 302
https://idp.ecovadis-survey.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dbellucci%26redirect_uri%3Dhttps%253A%252F%252Fwww.ecovadis-survey.com%252Fapp%252F%2523%252Fsso-callback%253F%26response_type%3Did_token%2520token%26scope%3Dopenid%2520profile%2520actinguserid%2520anakinapi%2520idpapi%2520offline_access%26response_mode%3Dfragment%26nonce%3Dv0gdcu1jaem%26language%3Den-GB Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
www.ecovadis-survey.com/app/ 2 KB
3 KB 157ms
66ms Document
text/html 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ecovadis-survey.com/app/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

af2b16c4690803ae0f4a422617c583968d9e3d95c0640d39d5e84222d3763839

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' .site24x7rum.com .google-analytics.com .googletagmanager.com ajax.googleapis.com .uservoice.com .tableau.com .tableauusercontent.com .stripe.com .datatables.net .ecovadis-survey.com .hotjar.com .storage.googleapis.com .pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com .datatables.net .jsdelivr.net .storage.googleapis.com .pendo.io .ecovadis-survey.com; connect-src 'self' col.site24x7rum.com .ecovadis-survey.com .google-analytics.com com sentry.io .visualstudio.com https://data.eu.pendo.io/ .blob.core.windows.net .g.doubleclick.net .hotjar.com wss://.hotjar.com .pendo.io .storage.googleapis.com; frame-src 'self' .googletagmanager.com .online.tableau.com .stripe.com https://pendo-eu-extensions.storage.googleapis.com/ .hotjar.com/ .pendo.io https://portal.productboard.com/;img-src 'self' blob: data: .google-analytics.com .stripe.com https://data.eu.pendo.io .storage.googleapis.com .slgnt.eu https://ecovadis.slgnt.eu .google.com .google.pl .storage.googleapis.com .pendo.io * ; manifest-src 'self' .ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors .pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-length: 1864
content-md5: K3Zr0Xkhpvnjk3DuVnCvSA==
content-security-policy: default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' *.site24x7rum.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.uservoice.com *.tableau.com *.tableauusercontent.com *.stripe.com *.datatables.net *.ecovadis-survey.com *.hotjar.com *.storage.googleapis.com *.pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com *.datatables.net *.jsdelivr.net *.storage.googleapis.com *.pendo.io *.ecovadis-survey.com; connect-src 'self' col.site24x7rum.com *.ecovadis-survey.com *.google-analytics.com com sentry.io *.visualstudio.com https://data.eu.pendo.io/ *.blob.core.windows.net *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.pendo.io *.storage.googleapis.com; frame-src 'self' *.googletagmanager.com *.online.tableau.com *.stripe.com https://pendo-eu-extensions.storage.googleapis.com/ *.hotjar.com/ *.pendo.io https://portal.productboard.com/;img-src 'self' blob: data: *.google-analytics.com *.stripe.com https://data.eu.pendo.io *.storage.googleapis.com *.slgnt.eu https://ecovadis.slgnt.eu *.google.com *.google.pl *.storage.googleapis.com *.pendo.io * ; manifest-src 'self' *.ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors *.pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
content-type: text/html
date: Thu, 13 Jul 2023 17:33:29 GMT
etag: "0x8DB810BC91505CD"
last-modified: Mon, 10 Jul 2023 06:06:22 GMT
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref: 20230713T173329Z-84n8x52th102b7cn1ugye9denw00000000hg0000000123un
x-cache: CONFIG_NOCACHE
x-content-type-options: nosniff
x-frame-options: DENY
x-ms-request-id: 6c3f7245-601e-0093-77b0-b531a4000000

GET
H/1.1 200
OK tableau-2.min.js Show response
dub01.online.tableau.com/javascripts/api/ 396 B
1 KB 154ms
33ms Script
application/javascript 34.250.244.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dub01.online.tableau.com/javascripts/api/tableau-2.min.js

Requested by

Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.250.244.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-250-244-242.eu-west-1.compute.amazonaws.com

Software

Tableau /

Resource Hash

31f0249e6eaf9542391d9872a054497646614d5ce96d7a5dce08751cff0b4027

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NON"
x-tableau: Tableau Server
Connection: keep-alive
Content-Length: 274
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 06 Jul 2023 22:35:29 GMT
server: Tableau
etag: "18c-5ffd9222a0fa9-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
content-type: application/javascript
cache-control: no-cache, no-store
accept-ranges: bytes
expires: Fri, 12 Jul 2024 17:33:29 GMT

GET
H2 200 tableau.embedding.3.0.0.min.js Show response
embedding.tableauusercontent.com/ 161 KB
161 KB 55ms
6ms Script
application/javascript 2600:9000:2491:f200:1b:df26:7b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://embedding.tableauusercontent.com/tableau.embedding.3.0.0.min.js
Requested by: Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2491:f200:1b:df26:7b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d632e8d8ae3ad0746868c263443ac606500433723439f29e8a051e12361a1137

Request headers

Referer
Origin: https://www.ecovadis-survey.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 04:05:17 GMT
via: 1.1 6be461c5a9399007c1540eee90371674.cloudfront.net (CloudFront)
last-modified: Wed, 01 Dec 2021 16:49:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P7
age: 48493
etag: "d950cf0596c9c38ec36f818dbb025344"
access-control-max-age: 3600
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
accept-ranges: bytes
content-length: 164485
x-amz-cf-id: Edp00L_npFbc7LrKT8fooV3tws6gOr5ZmRwLkxE5JCjnIxm-OzA7IA==

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 40ms
17ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:300|Noto+Sans:400,700&subset=cyrillic,cyrillic-ext,devanagari,greek,greek-ext,latin-ext,vietnamese

Requested by

Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3a3c2069acf9dd3818bd1b586b70dd311eafd458788f5a390f05464106b87f25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 13 Jul 2023 17:33:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 13 Jul 2023 17:33:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Jul 2023 17:33:29 GMT

GET
H2 200 1.b9803aed91b83dcc5eaf.css
www.ecovadis-survey.com/app/ 8 MB
2 MB 35ms
34ms Stylesheet
text/css 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ecovadis-survey.com/app/1.b9803aed91b83dcc5eaf.css

Requested by

Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

eef9637eed44aeb352679aab8d5f2331bd506e554f423a0f9b48b9a57919cb5d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' .site24x7rum.com .google-analytics.com .googletagmanager.com ajax.googleapis.com .uservoice.com .tableau.com .tableauusercontent.com .stripe.com .datatables.net .ecovadis-survey.com .hotjar.com .storage.googleapis.com .pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com .datatables.net .jsdelivr.net .storage.googleapis.com .pendo.io .ecovadis-survey.com; connect-src 'self' col.site24x7rum.com .ecovadis-survey.com .google-analytics.com com sentry.io .visualstudio.com https://data.eu.pendo.io/ .blob.core.windows.net .g.doubleclick.net .hotjar.com wss://.hotjar.com .pendo.io .storage.googleapis.com; frame-src 'self' .googletagmanager.com .online.tableau.com .stripe.com https://pendo-eu-extensions.storage.googleapis.com/ .hotjar.com/ .pendo.io https://portal.productboard.com/;img-src 'self' blob: data: .google-analytics.com .stripe.com https://data.eu.pendo.io .storage.googleapis.com .slgnt.eu https://ecovadis.slgnt.eu .google.com .google.pl .storage.googleapis.com .pendo.io * ; manifest-src 'self' .ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors .pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:29 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' *.site24x7rum.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.uservoice.com *.tableau.com *.tableauusercontent.com *.stripe.com *.datatables.net *.ecovadis-survey.com *.hotjar.com *.storage.googleapis.com *.pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com *.datatables.net *.jsdelivr.net *.storage.googleapis.com *.pendo.io *.ecovadis-survey.com; connect-src 'self' col.site24x7rum.com *.ecovadis-survey.com *.google-analytics.com com sentry.io *.visualstudio.com https://data.eu.pendo.io/ *.blob.core.windows.net *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.pendo.io *.storage.googleapis.com; frame-src 'self' *.googletagmanager.com *.online.tableau.com *.stripe.com https://pendo-eu-extensions.storage.googleapis.com/ *.hotjar.com/ *.pendo.io https://portal.productboard.com/;img-src 'self' blob: data: *.google-analytics.com *.stripe.com https://data.eu.pendo.io *.storage.googleapis.com *.slgnt.eu https://ecovadis.slgnt.eu *.google.com *.google.pl *.storage.googleapis.com *.pendo.io * ; manifest-src 'self' *.ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors *.pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
x-cache: TCP_HIT
referrer-policy: no-referrer
last-modified: Mon, 10 Jul 2023 06:06:22 GMT
etag: W/"0x8DB810BC90BDF68"
rule-microfrontendroutercachedisable-v: 5.1
vary: Accept-Encoding
x-azure-ref: 20230713T173329Z-84n8x52th102b7cn1ugye9denw00000000hg0000000123v1
content-type: text/css
x-frame-options: DENY
x-ms-request-id: 122d033b-a01e-008c-2eb0-b382a0000000
cache-control: public, max-age=43200
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 200 runtime~main.40a674bf.js Show response
www.ecovadis-survey.com/app/static/js/ 3 KB
3 KB 36ms
35ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ecovadis-survey.com/app/static/js/runtime~main.40a674bf.js

Requested by

Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

fd73a8243fd6dfe86ab13d1dbebea51e019172b225bbad557948c3bd617f022a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' .site24x7rum.com .google-analytics.com .googletagmanager.com ajax.googleapis.com .uservoice.com .tableau.com .tableauusercontent.com .stripe.com .datatables.net .ecovadis-survey.com .hotjar.com .storage.googleapis.com .pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com .datatables.net .jsdelivr.net .storage.googleapis.com .pendo.io .ecovadis-survey.com; connect-src 'self' col.site24x7rum.com .ecovadis-survey.com .google-analytics.com com sentry.io .visualstudio.com https://data.eu.pendo.io/ .blob.core.windows.net .g.doubleclick.net .hotjar.com wss://.hotjar.com .pendo.io .storage.googleapis.com; frame-src 'self' .googletagmanager.com .online.tableau.com .stripe.com https://pendo-eu-extensions.storage.googleapis.com/ .hotjar.com/ .pendo.io https://portal.productboard.com/;img-src 'self' blob: data: .google-analytics.com .stripe.com https://data.eu.pendo.io .storage.googleapis.com .slgnt.eu https://ecovadis.slgnt.eu .google.com .google.pl .storage.googleapis.com .pendo.io * ; manifest-src 'self' .ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors .pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:29 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' *.site24x7rum.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.uservoice.com *.tableau.com *.tableauusercontent.com *.stripe.com *.datatables.net *.ecovadis-survey.com *.hotjar.com *.storage.googleapis.com *.pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com *.datatables.net *.jsdelivr.net *.storage.googleapis.com *.pendo.io *.ecovadis-survey.com; connect-src 'self' col.site24x7rum.com *.ecovadis-survey.com *.google-analytics.com com sentry.io *.visualstudio.com https://data.eu.pendo.io/ *.blob.core.windows.net *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.pendo.io *.storage.googleapis.com; frame-src 'self' *.googletagmanager.com *.online.tableau.com *.stripe.com https://pendo-eu-extensions.storage.googleapis.com/ *.hotjar.com/ *.pendo.io https://portal.productboard.com/;img-src 'self' blob: data: *.google-analytics.com *.stripe.com https://data.eu.pendo.io *.storage.googleapis.com *.slgnt.eu https://ecovadis.slgnt.eu *.google.com *.google.pl *.storage.googleapis.com *.pendo.io * ; manifest-src 'self' *.ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors *.pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
x-cache: TCP_HIT
referrer-policy: no-referrer
last-modified: Mon, 10 Jul 2023 06:06:24 GMT
etag: W/"0x8DB810BCAC3AEDC"
rule-microfrontendroutercachedisable-v: 5.1
vary: Accept-Encoding
x-azure-ref: 20230713T173329Z-84n8x52th102b7cn1ugye9denw00000000hg0000000123v2
content-type: application/javascript
x-frame-options: DENY
x-ms-request-id: bf92d24d-201e-0066-249f-b5a58e000000
cache-control: public, max-age=43200
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 200 styles.819f5bb0.chunk.js Show response
www.ecovadis-survey.com/app/static/js/ 499 KB
80 KB 37ms
35ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ecovadis-survey.com/app/static/js/styles.819f5bb0.chunk.js

Requested by

Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

d7e09892ac7ba50dd1770d4f6fea49d7d49d29375388397aee75ffeb1a16d68f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' .site24x7rum.com .google-analytics.com .googletagmanager.com ajax.googleapis.com .uservoice.com .tableau.com .tableauusercontent.com .stripe.com .datatables.net .ecovadis-survey.com .hotjar.com .storage.googleapis.com .pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com .datatables.net .jsdelivr.net .storage.googleapis.com .pendo.io .ecovadis-survey.com; connect-src 'self' col.site24x7rum.com .ecovadis-survey.com .google-analytics.com com sentry.io .visualstudio.com https://data.eu.pendo.io/ .blob.core.windows.net .g.doubleclick.net .hotjar.com wss://.hotjar.com .pendo.io .storage.googleapis.com; frame-src 'self' .googletagmanager.com .online.tableau.com .stripe.com https://pendo-eu-extensions.storage.googleapis.com/ .hotjar.com/ .pendo.io https://portal.productboard.com/;img-src 'self' blob: data: .google-analytics.com .stripe.com https://data.eu.pendo.io .storage.googleapis.com .slgnt.eu https://ecovadis.slgnt.eu .google.com .google.pl .storage.googleapis.com .pendo.io * ; manifest-src 'self' .ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors .pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:29 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' *.site24x7rum.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.uservoice.com *.tableau.com *.tableauusercontent.com *.stripe.com *.datatables.net *.ecovadis-survey.com *.hotjar.com *.storage.googleapis.com *.pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com *.datatables.net *.jsdelivr.net *.storage.googleapis.com *.pendo.io *.ecovadis-survey.com; connect-src 'self' col.site24x7rum.com *.ecovadis-survey.com *.google-analytics.com com sentry.io *.visualstudio.com https://data.eu.pendo.io/ *.blob.core.windows.net *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.pendo.io *.storage.googleapis.com; frame-src 'self' *.googletagmanager.com *.online.tableau.com *.stripe.com https://pendo-eu-extensions.storage.googleapis.com/ *.hotjar.com/ *.pendo.io https://portal.productboard.com/;img-src 'self' blob: data: *.google-analytics.com *.stripe.com https://data.eu.pendo.io *.storage.googleapis.com *.slgnt.eu https://ecovadis.slgnt.eu *.google.com *.google.pl *.storage.googleapis.com *.pendo.io * ; manifest-src 'self' *.ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors *.pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
x-cache: TCP_HIT
referrer-policy: no-referrer
last-modified: Mon, 10 Jul 2023 06:06:24 GMT
etag: W/"0x8DB810BCACA3D9F"
rule-microfrontendroutercachedisable-v: 5.1
vary: Accept-Encoding
x-azure-ref: 20230713T173329Z-84n8x52th102b7cn1ugye9denw00000000hg0000000123v3
content-type: application/javascript
x-frame-options: DENY
x-ms-request-id: c7ed88ca-f01e-0028-5940-b58b06000000
cache-control: public, max-age=43200
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 200 messages.b5de0bbc.chunk.js Show response
www.ecovadis-survey.com/app/static/js/ 485 KB
118 KB 56ms
55ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ecovadis-survey.com/app/static/js/messages.b5de0bbc.chunk.js

Requested by

Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

ff88f038cdc023fd089b59a903155e7c35fc248aba07ac2b44375b93ca12d10d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' .site24x7rum.com .google-analytics.com .googletagmanager.com ajax.googleapis.com .uservoice.com .tableau.com .tableauusercontent.com .stripe.com .datatables.net .ecovadis-survey.com .hotjar.com .storage.googleapis.com .pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com .datatables.net .jsdelivr.net .storage.googleapis.com .pendo.io .ecovadis-survey.com; connect-src 'self' col.site24x7rum.com .ecovadis-survey.com .google-analytics.com com sentry.io .visualstudio.com https://data.eu.pendo.io/ .blob.core.windows.net .g.doubleclick.net .hotjar.com wss://.hotjar.com .pendo.io .storage.googleapis.com; frame-src 'self' .googletagmanager.com .online.tableau.com .stripe.com https://pendo-eu-extensions.storage.googleapis.com/ .hotjar.com/ .pendo.io https://portal.productboard.com/;img-src 'self' blob: data: .google-analytics.com .stripe.com https://data.eu.pendo.io .storage.googleapis.com .slgnt.eu https://ecovadis.slgnt.eu .google.com .google.pl .storage.googleapis.com .pendo.io * ; manifest-src 'self' .ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors .pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:29 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' *.site24x7rum.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.uservoice.com *.tableau.com *.tableauusercontent.com *.stripe.com *.datatables.net *.ecovadis-survey.com *.hotjar.com *.storage.googleapis.com *.pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com *.datatables.net *.jsdelivr.net *.storage.googleapis.com *.pendo.io *.ecovadis-survey.com; connect-src 'self' col.site24x7rum.com *.ecovadis-survey.com *.google-analytics.com com sentry.io *.visualstudio.com https://data.eu.pendo.io/ *.blob.core.windows.net *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.pendo.io *.storage.googleapis.com; frame-src 'self' *.googletagmanager.com *.online.tableau.com *.stripe.com https://pendo-eu-extensions.storage.googleapis.com/ *.hotjar.com/ *.pendo.io https://portal.productboard.com/;img-src 'self' blob: data: *.google-analytics.com *.stripe.com https://data.eu.pendo.io *.storage.googleapis.com *.slgnt.eu https://ecovadis.slgnt.eu *.google.com *.google.pl *.storage.googleapis.com *.pendo.io * ; manifest-src 'self' *.ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors *.pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
x-cache: TCP_HIT
referrer-policy: no-referrer
last-modified: Mon, 10 Jul 2023 06:06:24 GMT
etag: W/"0x8DB810BCAA7516E"
rule-microfrontendroutercachedisable-v: 5.1
vary: Accept-Encoding
x-azure-ref: 20230713T173329Z-84n8x52th102b7cn1ugye9denw00000000hg0000000123v4
content-type: application/javascript
x-frame-options: DENY
x-ms-request-id: 44ed1640-301e-007a-4faa-b3f7ee000000
cache-control: public, max-age=43200
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 200 main.6498a7a3.chunk.js Show response
www.ecovadis-survey.com/app/static/js/ 2 MB
749 KB 37ms
36ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ecovadis-survey.com/app/static/js/main.6498a7a3.chunk.js

Requested by

Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1b7e1c21283955a079e4b1e0458fa479df16e096c63044b8e6fd24b10e3812a1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' .site24x7rum.com .google-analytics.com .googletagmanager.com ajax.googleapis.com .uservoice.com .tableau.com .tableauusercontent.com .stripe.com .datatables.net .ecovadis-survey.com .hotjar.com .storage.googleapis.com .pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com .datatables.net .jsdelivr.net .storage.googleapis.com .pendo.io .ecovadis-survey.com; connect-src 'self' col.site24x7rum.com .ecovadis-survey.com .google-analytics.com com sentry.io .visualstudio.com https://data.eu.pendo.io/ .blob.core.windows.net .g.doubleclick.net .hotjar.com wss://.hotjar.com .pendo.io .storage.googleapis.com; frame-src 'self' .googletagmanager.com .online.tableau.com .stripe.com https://pendo-eu-extensions.storage.googleapis.com/ .hotjar.com/ .pendo.io https://portal.productboard.com/;img-src 'self' blob: data: .google-analytics.com .stripe.com https://data.eu.pendo.io .storage.googleapis.com .slgnt.eu https://ecovadis.slgnt.eu .google.com .google.pl .storage.googleapis.com .pendo.io * ; manifest-src 'self' .ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors .pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:29 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' *.site24x7rum.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.uservoice.com *.tableau.com *.tableauusercontent.com *.stripe.com *.datatables.net *.ecovadis-survey.com *.hotjar.com *.storage.googleapis.com *.pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com *.datatables.net *.jsdelivr.net *.storage.googleapis.com *.pendo.io *.ecovadis-survey.com; connect-src 'self' col.site24x7rum.com *.ecovadis-survey.com *.google-analytics.com com sentry.io *.visualstudio.com https://data.eu.pendo.io/ *.blob.core.windows.net *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.pendo.io *.storage.googleapis.com; frame-src 'self' *.googletagmanager.com *.online.tableau.com *.stripe.com https://pendo-eu-extensions.storage.googleapis.com/ *.hotjar.com/ *.pendo.io https://portal.productboard.com/;img-src 'self' blob: data: *.google-analytics.com *.stripe.com https://data.eu.pendo.io *.storage.googleapis.com *.slgnt.eu https://ecovadis.slgnt.eu *.google.com *.google.pl *.storage.googleapis.com *.pendo.io * ; manifest-src 'self' *.ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors *.pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
x-cache: TCP_HIT
referrer-policy: no-referrer
last-modified: Mon, 10 Jul 2023 06:06:24 GMT
etag: W/"0x8DB810BCA7E72AB"
rule-microfrontendroutercachedisable-v: 5.1
vary: Accept-Encoding
x-azure-ref: 20230713T173329Z-84n8x52th102b7cn1ugye9denw00000000hg0000000123v5
content-type: application/javascript
x-frame-options: DENY
x-ms-request-id: 00d1087e-601e-0077-619f-b53f3a000000
cache-control: public, max-age=43200
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 222 KB
76 KB 51ms
26ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NQVHVVG

Requested by

Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ce141c12fa3237af6c67da3a702b3d41c5ae4a86f736d3d38b717219cd0cf047

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77796
x-xss-protection: 0
last-modified: Thu, 13 Jul 2023 15:32:57 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 13 Jul 2023 17:33:29 GMT

GET
H/1.1 200
OK tableau-2.9.2.min.js Show response
dub01.online.tableau.com/javascripts/api/ 197 KB
45 KB 77ms
75ms Script
application/javascript 34.250.244.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dub01.online.tableau.com/javascripts/api/tableau-2.9.2.min.js

Requested by

Host: dub01.online.tableau.com
URL: https://dub01.online.tableau.com/javascripts/api/tableau-2.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.250.244.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-250-244-242.eu-west-1.compute.amazonaws.com

Software

Tableau /

Resource Hash

35a9d821a2812ff8f18ec2d1b69ba65eb524cd3aacddd487cc0c5380ff5743df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 13 Jul 2023 17:33:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NON"
x-tableau: Tableau Server
Connection: keep-alive
Content-Length: 45627
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 06 Jul 2023 22:35:30 GMT
server: Tableau
etag: "312ee-5ffd922307f7b-gzip"
vary: X-Forwarded-Proto,Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
expires: Fri, 12 Jul 2024 17:33:29 GMT

GET
H/1.1 200
OK site24x7rum-min.js Show response
static.site24x7rum.com/beacon/ 1 B
409 B 90ms
17ms Script
application/javascript 52.222.169.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.site24x7rum.com/beacon/site24x7rum-min.js?appKey=b4665f2193a97efeb69fd609e267c258
Requested by: Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.169.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-169-77.cdg52.r.cloudfront.net
Software: ZGS /
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 13 Jul 2023 16:29:07 GMT
Via: 1.1 a1e152cd91a0e624aecabbad581ffcb2.cloudfront.net (CloudFront)
Server: ZGS
X-Amz-Cf-Pop: CDG52-P2
Age: 3863
X-Cache: Hit from cloudfront
Content-Type: application/javascript;charset=ISO-8859-1
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 1
X-Amz-Cf-Id: qAXvMeFk-WZF1-KdNP7nnBC7C-_y-zdKj6Lc7czcSQkZxLaHgr21lw==

GET
H2 200 11.970cf75d.chunk.js Show response
www.ecovadis-survey.com/app/static/js/ 1 MB
317 KB 27ms
26ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ecovadis-survey.com/app/static/js/11.970cf75d.chunk.js

Requested by

Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/static/js/runtime~main.40a674bf.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c5d815b40984bcac0c19a6fb730dfad5a2824d28e52dcf3f8d8801b8b54f1da3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' .site24x7rum.com .google-analytics.com .googletagmanager.com ajax.googleapis.com .uservoice.com .tableau.com .tableauusercontent.com .stripe.com .datatables.net .ecovadis-survey.com .hotjar.com .storage.googleapis.com .pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com .datatables.net .jsdelivr.net .storage.googleapis.com .pendo.io .ecovadis-survey.com; connect-src 'self' col.site24x7rum.com .ecovadis-survey.com .google-analytics.com com sentry.io .visualstudio.com https://data.eu.pendo.io/ .blob.core.windows.net .g.doubleclick.net .hotjar.com wss://.hotjar.com .pendo.io .storage.googleapis.com; frame-src 'self' .googletagmanager.com .online.tableau.com .stripe.com https://pendo-eu-extensions.storage.googleapis.com/ .hotjar.com/ .pendo.io https://portal.productboard.com/;img-src 'self' blob: data: .google-analytics.com .stripe.com https://data.eu.pendo.io .storage.googleapis.com .slgnt.eu https://ecovadis.slgnt.eu .google.com .google.pl .storage.googleapis.com .pendo.io * ; manifest-src 'self' .ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors .pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:30 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' *.site24x7rum.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.uservoice.com *.tableau.com *.tableauusercontent.com *.stripe.com *.datatables.net *.ecovadis-survey.com *.hotjar.com *.storage.googleapis.com *.pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com *.datatables.net *.jsdelivr.net *.storage.googleapis.com *.pendo.io *.ecovadis-survey.com; connect-src 'self' col.site24x7rum.com *.ecovadis-survey.com *.google-analytics.com com sentry.io *.visualstudio.com https://data.eu.pendo.io/ *.blob.core.windows.net *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.pendo.io *.storage.googleapis.com; frame-src 'self' *.googletagmanager.com *.online.tableau.com *.stripe.com https://pendo-eu-extensions.storage.googleapis.com/ *.hotjar.com/ *.pendo.io https://portal.productboard.com/;img-src 'self' blob: data: *.google-analytics.com *.stripe.com https://data.eu.pendo.io *.storage.googleapis.com *.slgnt.eu https://ecovadis.slgnt.eu *.google.com *.google.pl *.storage.googleapis.com *.pendo.io * ; manifest-src 'self' *.ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors *.pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
x-cache: TCP_HIT
referrer-policy: no-referrer
last-modified: Mon, 10 Jul 2023 06:06:22 GMT
etag: W/"0x8DB810BC92F19AF"
rule-microfrontendroutercachedisable-v: 5.1
vary: Accept-Encoding
x-azure-ref: 20230713T173330Z-84n8x52th102b7cn1ugye9denw00000000hg00000001240a
content-type: application/javascript
x-frame-options: DENY
x-ms-request-id: 85e7b3db-b01e-0029-4a5e-b3d4da000000
cache-control: public, max-age=43200
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 200 recharts.6af7a609.chunk.js Show response
www.ecovadis-survey.com/app/static/js/ 311 KB
103 KB 35ms
34ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ecovadis-survey.com/app/static/js/recharts.6af7a609.chunk.js

Requested by

Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/static/js/runtime~main.40a674bf.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8bed3bc28855d22ca4197fb16022ef004b5d32f61c45e42fd18625b17a91732e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' .site24x7rum.com .google-analytics.com .googletagmanager.com ajax.googleapis.com .uservoice.com .tableau.com .tableauusercontent.com .stripe.com .datatables.net .ecovadis-survey.com .hotjar.com .storage.googleapis.com .pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com .datatables.net .jsdelivr.net .storage.googleapis.com .pendo.io .ecovadis-survey.com; connect-src 'self' col.site24x7rum.com .ecovadis-survey.com .google-analytics.com com sentry.io .visualstudio.com https://data.eu.pendo.io/ .blob.core.windows.net .g.doubleclick.net .hotjar.com wss://.hotjar.com .pendo.io .storage.googleapis.com; frame-src 'self' .googletagmanager.com .online.tableau.com .stripe.com https://pendo-eu-extensions.storage.googleapis.com/ .hotjar.com/ .pendo.io https://portal.productboard.com/;img-src 'self' blob: data: .google-analytics.com .stripe.com https://data.eu.pendo.io .storage.googleapis.com .slgnt.eu https://ecovadis.slgnt.eu .google.com .google.pl .storage.googleapis.com .pendo.io * ; manifest-src 'self' .ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors .pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:30 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' *.site24x7rum.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.uservoice.com *.tableau.com *.tableauusercontent.com *.stripe.com *.datatables.net *.ecovadis-survey.com *.hotjar.com *.storage.googleapis.com *.pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com *.datatables.net *.jsdelivr.net *.storage.googleapis.com *.pendo.io *.ecovadis-survey.com; connect-src 'self' col.site24x7rum.com *.ecovadis-survey.com *.google-analytics.com com sentry.io *.visualstudio.com https://data.eu.pendo.io/ *.blob.core.windows.net *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.pendo.io *.storage.googleapis.com; frame-src 'self' *.googletagmanager.com *.online.tableau.com *.stripe.com https://pendo-eu-extensions.storage.googleapis.com/ *.hotjar.com/ *.pendo.io https://portal.productboard.com/;img-src 'self' blob: data: *.google-analytics.com *.stripe.com https://data.eu.pendo.io *.storage.googleapis.com *.slgnt.eu https://ecovadis.slgnt.eu *.google.com *.google.pl *.storage.googleapis.com *.pendo.io * ; manifest-src 'self' *.ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors *.pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
x-cache: TCP_HIT
referrer-policy: no-referrer
last-modified: Mon, 10 Jul 2023 06:06:24 GMT
etag: W/"0x8DB810BCAB1D735"
rule-microfrontendroutercachedisable-v: 5.1
vary: Accept-Encoding
x-azure-ref: 20230713T173330Z-84n8x52th102b7cn1ugye9denw00000000hg000000012418
content-type: application/javascript
x-frame-options: DENY
x-ms-request-id: 7fc3647e-601e-0067-365e-b3fa52000000
cache-control: public, max-age=43200
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 200 3.8a4d88cd.chunk.js Show response
www.ecovadis-survey.com/app/static/js/ 1 MB
505 KB 35ms
35ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ecovadis-survey.com/app/static/js/3.8a4d88cd.chunk.js

Requested by

Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/static/js/runtime~main.40a674bf.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e7077bfb725513b0997a9ee634523c831e23db691e3024774240cab84756710b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' .site24x7rum.com .google-analytics.com .googletagmanager.com ajax.googleapis.com .uservoice.com .tableau.com .tableauusercontent.com .stripe.com .datatables.net .ecovadis-survey.com .hotjar.com .storage.googleapis.com .pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com .datatables.net .jsdelivr.net .storage.googleapis.com .pendo.io .ecovadis-survey.com; connect-src 'self' col.site24x7rum.com .ecovadis-survey.com .google-analytics.com com sentry.io .visualstudio.com https://data.eu.pendo.io/ .blob.core.windows.net .g.doubleclick.net .hotjar.com wss://.hotjar.com .pendo.io .storage.googleapis.com; frame-src 'self' .googletagmanager.com .online.tableau.com .stripe.com https://pendo-eu-extensions.storage.googleapis.com/ .hotjar.com/ .pendo.io https://portal.productboard.com/;img-src 'self' blob: data: .google-analytics.com .stripe.com https://data.eu.pendo.io .storage.googleapis.com .slgnt.eu https://ecovadis.slgnt.eu .google.com .google.pl .storage.googleapis.com .pendo.io * ; manifest-src 'self' .ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors .pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:30 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' *.site24x7rum.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.uservoice.com *.tableau.com *.tableauusercontent.com *.stripe.com *.datatables.net *.ecovadis-survey.com *.hotjar.com *.storage.googleapis.com *.pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com *.datatables.net *.jsdelivr.net *.storage.googleapis.com *.pendo.io *.ecovadis-survey.com; connect-src 'self' col.site24x7rum.com *.ecovadis-survey.com *.google-analytics.com com sentry.io *.visualstudio.com https://data.eu.pendo.io/ *.blob.core.windows.net *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.pendo.io *.storage.googleapis.com; frame-src 'self' *.googletagmanager.com *.online.tableau.com *.stripe.com https://pendo-eu-extensions.storage.googleapis.com/ *.hotjar.com/ *.pendo.io https://portal.productboard.com/;img-src 'self' blob: data: *.google-analytics.com *.stripe.com https://data.eu.pendo.io *.storage.googleapis.com *.slgnt.eu https://ecovadis.slgnt.eu *.google.com *.google.pl *.storage.googleapis.com *.pendo.io * ; manifest-src 'self' *.ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors *.pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
x-cache: TCP_HIT
referrer-policy: no-referrer
last-modified: Mon, 10 Jul 2023 06:06:23 GMT
etag: W/"0x8DB810BC9BF5D87"
rule-microfrontendroutercachedisable-v: 5.1
vary: Accept-Encoding
x-azure-ref: 20230713T173330Z-84n8x52th102b7cn1ugye9denw00000000hg000000012419
content-type: application/javascript
x-frame-options: DENY
x-ms-request-id: 37d0ddd9-301e-0027-6a5c-b5fd6a000000
cache-control: public, max-age=43200
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 200 6.259e96d9.chunk.js
www.ecovadis-survey.com/app/static/js/ 4 MB
1 MB 33ms
33ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ecovadis-survey.com/app/static/js/6.259e96d9.chunk.js

Requested by

Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/static/js/runtime~main.40a674bf.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' .site24x7rum.com .google-analytics.com .googletagmanager.com ajax.googleapis.com .uservoice.com .tableau.com .tableauusercontent.com .stripe.com .datatables.net .ecovadis-survey.com .hotjar.com .storage.googleapis.com .pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com .datatables.net .jsdelivr.net .storage.googleapis.com .pendo.io .ecovadis-survey.com; connect-src 'self' col.site24x7rum.com .ecovadis-survey.com .google-analytics.com com sentry.io .visualstudio.com https://data.eu.pendo.io/ .blob.core.windows.net .g.doubleclick.net .hotjar.com wss://.hotjar.com .pendo.io .storage.googleapis.com; frame-src 'self' .googletagmanager.com .online.tableau.com .stripe.com https://pendo-eu-extensions.storage.googleapis.com/ .hotjar.com/ .pendo.io https://portal.productboard.com/;img-src 'self' blob: data: .google-analytics.com .stripe.com https://data.eu.pendo.io .storage.googleapis.com .slgnt.eu https://ecovadis.slgnt.eu .google.com .google.pl .storage.googleapis.com .pendo.io * ; manifest-src 'self' .ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors .pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:30 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' *.site24x7rum.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.uservoice.com *.tableau.com *.tableauusercontent.com *.stripe.com *.datatables.net *.ecovadis-survey.com *.hotjar.com *.storage.googleapis.com *.pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com *.datatables.net *.jsdelivr.net *.storage.googleapis.com *.pendo.io *.ecovadis-survey.com; connect-src 'self' col.site24x7rum.com *.ecovadis-survey.com *.google-analytics.com com sentry.io *.visualstudio.com https://data.eu.pendo.io/ *.blob.core.windows.net *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.pendo.io *.storage.googleapis.com; frame-src 'self' *.googletagmanager.com *.online.tableau.com *.stripe.com https://pendo-eu-extensions.storage.googleapis.com/ *.hotjar.com/ *.pendo.io https://portal.productboard.com/;img-src 'self' blob: data: *.google-analytics.com *.stripe.com https://data.eu.pendo.io *.storage.googleapis.com *.slgnt.eu https://ecovadis.slgnt.eu *.google.com *.google.pl *.storage.googleapis.com *.pendo.io * ; manifest-src 'self' *.ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors *.pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
x-cache: TCP_HIT
referrer-policy: no-referrer
last-modified: Mon, 10 Jul 2023 06:06:23 GMT
etag: W/"0x8DB810BC9F1B0B6"
rule-microfrontendroutercachedisable-v: 5.1
vary: Accept-Encoding
x-azure-ref: 20230713T173330Z-84n8x52th102b7cn1ugye9denw00000000hg00000001241a
content-type: application/javascript
x-frame-options: DENY
x-ms-request-id: 68a633df-501e-0053-4340-b5c99a000000
cache-control: public, max-age=43200
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 200 pendo.js
cdn.pendo.io/agent/static/33d4609f-63f4-450b-591e-282584b1664d/ 429 KB
142 KB 315ms
8ms Script
application/json 2600:9000:223f:7400:1f:aa31:7740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pendo.io/agent/static/33d4609f-63f4-450b-591e-282584b1664d/pendo.js
Requested by: Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:7400:1f:aa31:7740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:29:22 GMT
content-encoding: gzip
via: 1.1 b30b1c2659a3fb836783824fe37110ee.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 271
x-guploader-uploadid: ADPycduS5HVBXcLL6zt1hio-wAM0L6b2rRakSoJwrDU8skTQrTM655d5i-ldVE8jQCp_3qFEWlyFL8BeHy6MYSizcV8EVHgL-3F7
x-cache: Hit from cloudfront
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 144618
last-modified: Thu, 06 Jul 2023 18:08:45 GMT
server: UploadServer
etag: "b932449f1af175c1ecbf8494eac7c0bb"
vary: Accept-Encoding
x-goog-generation: 1688666925511787
content-type: application/json
access-control-allow-origin: *
x-goog-hash: crc32c=jlVcPQ==, md5=uTJEnxrxdcHsv4SU6sfAuw==
access-control-expose-headers: *
cache-control: max-age=450
x-goog-stored-content-length: 144618
accept-ranges: bytes
x-amz-cf-id: HeifPATSQUcoI-FcOhSlNKF4FUhQmTqsM9Sfqgt7Ih1OkD1MYY6Cuw==
expires: Thu, 13 Jul 2023 17:36:29 GMT

GET
H2 200 getAllApplicationLanguages Show response
www.ecovadis-survey.com/Anakin.WebApi/api/user/language/ 615 B
944 B 221ms
220ms XHR
application/json 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ecovadis-survey.com/Anakin.WebApi/api/user/language/getAllApplicationLanguages
Requested by: Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/static/js/main.6498a7a3.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 06c62adaafe50192ac0dd9d72f2da9084fa9a2736ae93b63b17905f47300ce90

Request headers

Pragma: no-cache
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json
Cache-Control: no-cache
Referer
X-Requested-With: XMLHttpRequest
Expires: Sat, 01 Jan 2000 00:00:00 GMT

Response headers

request-context: appId=cid-v1:c8f27ed6-4b42-44ec-b4d3-ef8950b6bb6a
date: Thu, 13 Jul 2023 17:33:30 GMT
x-azure-ref: 20230713T173330Z-84n8x52th102b7cn1ugye9denw00000000hg00000001241d
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8

GET
H2

200

Primary Request Login Show response
idp.ecovadis-survey.com/Account/
Redirect Chain

https://idp.ecovadis-survey.com/connect/authorize/callback?client_id=bellucci&redirect_uri=https%3A%2F%2Fwww.ecovadis-survey.com%2Fapp%2F%23%2Fsso-callback%3F&response_type=id_token%20token&scope=o...
https://idp.ecovadis-survey.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dbellucci%26redirect_uri%3Dhttps%253A%252F%252Fwww.ecovadis-survey.com%252Fapp%252F%2523%252Fs...

9 KB
10 KB

46ms
45ms

Document
text/html

2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://idp.ecovadis-survey.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dbellucci%26redirect_uri%3Dhttps%253A%252F%252Fwww.ecovadis-survey.com%252Fapp%252F%2523%252Fsso-callback%253F%26response_type%3Did_token%2520token%26scope%3Dopenid%2520profile%2520actinguserid%2520anakinapi%2520idpapi%2520offline_access%26response_mode%3Dfragment%26nonce%3Dv0gdcu1jaem%26language%3Den-GB

Requested by

Host: www.ecovadis-survey.com
URL: https://www.ecovadis-survey.com/app/static/js/6.259e96d9.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

810a174cf3c829c4719cc3a63a18a7f3c8b0c1310b87802c4d12b261f41eddb3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.ecovadis-survey.com/app/#/login
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store
content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
content-type: text/html; charset=utf-8
date: Thu, 13 Jul 2023 17:33:31 GMT
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
pragma: no-cache
referrer-policy: no-referrer
request-context: appId=cid-v1:b7f3c470-42d9-40ae-97cb-bed35937343c
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref: 20230713T173331Z-84n8x52th102b7cn1ugye9denw00000000hg00000001246g
x-cache: CONFIG_NOCACHE
x-content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
x-content-type-options: nosniff
x-frame-options: DENY

Redirect headers

content-length: 0
content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
date: Thu, 13 Jul 2023 17:33:31 GMT
location: https://idp.ecovadis-survey.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dbellucci%26redirect_uri%3Dhttps%253A%252F%252Fwww.ecovadis-survey.com%252Fapp%252F%2523%252Fsso-callback%253F%26response_type%3Did_token%2520token%26scope%3Dopenid%2520profile%2520actinguserid%2520anakinapi%2520idpapi%2520offline_access%26response_mode%3Dfragment%26nonce%3Dv0gdcu1jaem%26language%3Den-GB
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
referrer-policy: no-referrer
request-context: appId=cid-v1:b7f3c470-42d9-40ae-97cb-bed35937343c
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref: 20230713T173331Z-84n8x52th102b7cn1ugye9denw00000000hg00000001245z
x-cache: CONFIG_NOCACHE
x-content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 fonts.min.css
idp.ecovadis-survey.com/css/ 4 KB
5 KB 54ms
54ms Stylesheet
text/css 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://idp.ecovadis-survey.com/css/fonts.min.css

Requested by

Host: idp.ecovadis-survey.com
URL: https://idp.ecovadis-survey.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dbellucci%26redirect_uri%3Dhttps%253A%252F%252Fwww.ecovadis-survey.com%252Fapp%252F%2523%252Fsso-callback%253F%26response_type%3Did_token%2520token%26scope%3Dopenid%2520profile%2520actinguserid%2520anakinapi%2520idpapi%2520offline_access%26response_mode%3Dfragment%26nonce%3Dv0gdcu1jaem%26language%3Den-GB

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f6002e854e9072f218fc82b88c45b5642f5b711970de5ce19a7579c44d23bc16

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
x-cache: CONFIG_NOCACHE
content-length: 4185
request-context: appId=cid-v1:b7f3c470-42d9-40ae-97cb-bed35937343c
referrer-policy: no-referrer
last-modified: Fri, 07 Jul 2023 12:32:09 GMT
etag: "1d9b0cf0bfd3ad9"
x-frame-options: DENY
x-azure-ref: 20230713T173331Z-84n8x52th102b7cn1ugye9denw00000000hg00000001246s
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
x-content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;

GET
H2 200 ev10.css
idp.ecovadis-survey.com/css/ 14 KB
15 KB 89ms
89ms Stylesheet
text/css 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://idp.ecovadis-survey.com/css/ev10.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

656cceed63fef855d6aa63ce2a93fac39120c13e4ef46e673818aad89b022a10

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
x-cache: CONFIG_NOCACHE
content-length: 14437
request-context: appId=cid-v1:b7f3c470-42d9-40ae-97cb-bed35937343c
referrer-policy: no-referrer
last-modified: Fri, 07 Jul 2023 12:32:09 GMT
etag: "1d9b0cf0bfd12e5"
x-frame-options: DENY
x-azure-ref: 20230713T173331Z-84n8x52th102b7cn1ugye9denw00000000hg00000001246t
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
x-content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;

GET
H2 200 logo_header.svg
idp.ecovadis-survey.com/images/ 3 KB
3 KB 32ms
32ms Image
image/svg+xml 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://idp.ecovadis-survey.com/images/logo_header.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

529df736d80aff296c3bd1d6d06d2a8b20d0080e1a858477f58355afb0747a05

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
x-cache: CONFIG_NOCACHE
content-length: 2581
request-context: appId=cid-v1:b7f3c470-42d9-40ae-97cb-bed35937343c
referrer-policy: no-referrer
last-modified: Fri, 07 Jul 2023 12:32:09 GMT
etag: "1d9b0cf0bfd2095"
x-frame-options: DENY
x-azure-ref: 20230713T173331Z-84n8x52th102b7cn1ugye9denw00000000hg000000012477
content-type: image/svg+xml
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
x-content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;

GET
H2 200 eye_open.svg
idp.ecovadis-survey.com/images/ 522 B
1 KB 27ms
26ms Image
image/svg+xml 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://idp.ecovadis-survey.com/images/eye_open.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

15c28ef4d3279fd7a32785169f7dcc95e3010f66ada544621a74e512fc79d977

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
x-cache: CONFIG_NOCACHE
content-length: 522
request-context: appId=cid-v1:b7f3c470-42d9-40ae-97cb-bed35937343c
referrer-policy: no-referrer
last-modified: Fri, 07 Jul 2023 12:32:09 GMT
etag: "1d9b0cf0bfd288a"
x-frame-options: DENY
x-azure-ref: 20230713T173331Z-84n8x52th102b7cn1ugye9denw00000000hg00000001247d
content-type: image/svg+xml
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
x-content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;

GET
H2 200 eye_crossed.svg
idp.ecovadis-survey.com/images/ 784 B
2 KB 28ms
28ms Image
image/svg+xml 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://idp.ecovadis-survey.com/images/eye_crossed.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

d9fab5aae5b9f751435ab8a2b1955f48e9fad0e880ced80aece52dcf760f60d6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
x-cache: CONFIG_NOCACHE
content-length: 784
request-context: appId=cid-v1:b7f3c470-42d9-40ae-97cb-bed35937343c
referrer-policy: no-referrer
last-modified: Fri, 07 Jul 2023 12:32:09 GMT
etag: "1d9b0cf0bfd2990"
x-frame-options: DENY
x-azure-ref: 20230713T173331Z-84n8x52th102b7cn1ugye9denw00000000hg00000001247f
content-type: image/svg+xml
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
x-content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;

GET
H2 200 jquery-3.6.1.min.js Show response
idp.ecovadis-survey.com/lib/jquery/ 88 KB
89 KB 88ms
87ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://idp.ecovadis-survey.com/lib/jquery/jquery-3.6.1.min.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
x-cache: CONFIG_NOCACHE
content-length: 89664
request-context: appId=cid-v1:b7f3c470-42d9-40ae-97cb-bed35937343c
referrer-policy: no-referrer
last-modified: Fri, 07 Jul 2023 12:32:09 GMT
etag: "1d9b0cf0bfc74c0"
x-frame-options: DENY
x-azure-ref: 20230713T173331Z-84n8x52th102b7cn1ugye9denw00000000hg00000001246u
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
x-content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;

GET
H2 200 messages.js Show response
idp.ecovadis-survey.com/js/ 85 KB
86 KB 92ms
91ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://idp.ecovadis-survey.com/js/messages.js?v=07/13/2023%2000:00:00

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

152d98d0d6bd6bc6bf9aa0dd54c61af7975bb7b13af3b424f0f5180449096f01

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
x-cache: CONFIG_NOCACHE
content-length: 86746
request-context: appId=cid-v1:b7f3c470-42d9-40ae-97cb-bed35937343c
referrer-policy: no-referrer
last-modified: Fri, 07 Jul 2023 12:32:09 GMT
etag: "1d9b0cf0bfc785a"
x-frame-options: DENY
x-azure-ref: 20230713T173331Z-84n8x52th102b7cn1ugye9denw00000000hg00000001246v
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
x-content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;

GET
H2 200 messages-placeholders.js Show response
idp.ecovadis-survey.com/js/ 539 B
1 KB 76ms
75ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://idp.ecovadis-survey.com/js/messages-placeholders.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

33af89619f12044f18ff0a7e3b065066d403de154b8a40444de47db0da8554f0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
x-cache: CONFIG_NOCACHE
content-length: 539
request-context: appId=cid-v1:b7f3c470-42d9-40ae-97cb-bed35937343c
referrer-policy: no-referrer
last-modified: Fri, 07 Jul 2023 12:32:09 GMT
etag: "1d9b0cf0bfd289b"
x-frame-options: DENY
x-azure-ref: 20230713T173331Z-84n8x52th102b7cn1ugye9denw00000000hg00000001246w
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
x-content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;

GET
H2 200 layout.js Show response
idp.ecovadis-survey.com/js/ 9 KB
10 KB 79ms
78ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://idp.ecovadis-survey.com/js/layout.js?v=07/13/2023%2000:00:00

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

4b2d0f7341c734808f8af7f3122e063aec55e94878f5a814263011d92c5299ec

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
x-cache: CONFIG_NOCACHE
content-length: 9085
request-context: appId=cid-v1:b7f3c470-42d9-40ae-97cb-bed35937343c
referrer-policy: no-referrer
last-modified: Fri, 07 Jul 2023 12:32:09 GMT
etag: "1d9b0cf0bfd09fd"
x-frame-options: DENY
x-azure-ref: 20230713T173331Z-84n8x52th102b7cn1ugye9denw00000000hg00000001246x
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
x-content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;

GET
H2 200 o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2
idp.ecovadis-survey.com/css/fonts/ 10 KB
11 KB 25ms
25ms Font
font/woff2 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://idp.ecovadis-survey.com/css/fonts/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2

Requested by

Host: idp.ecovadis-survey.com
URL: https://idp.ecovadis-survey.com/css/fonts.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer
Origin: https://idp.ecovadis-survey.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
x-cache: CONFIG_NOCACHE
content-length: 10292
request-context: appId=cid-v1:b7f3c470-42d9-40ae-97cb-bed35937343c
referrer-policy: no-referrer
last-modified: Fri, 07 Jul 2023 12:32:09 GMT
etag: "1d9b0cf0bfd02b4"
x-frame-options: DENY
x-azure-ref: 20230713T173331Z-84n8x52th102b7cn1ugye9denw00000000hg00000001247g
content-type: font/woff2
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
x-content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;

GET
H2 200 o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2
idp.ecovadis-survey.com/css/fonts/ 10 KB
11 KB 27ms
27ms Font
font/woff2 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://idp.ecovadis-survey.com/css/fonts/o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2

Requested by

Host: idp.ecovadis-survey.com
URL: https://idp.ecovadis-survey.com/css/fonts.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

6195b1bce0085db8c9b1b936150dfd7b070aa9be52d44580b1b6f16752dece34

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data: .ecovadis-itlab.com .ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer
Origin: https://idp.ecovadis-survey.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 17:33:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;
x-cache: CONFIG_NOCACHE
content-length: 10116
request-context: appId=cid-v1:b7f3c470-42d9-40ae-97cb-bed35937343c
referrer-policy: no-referrer
last-modified: Fri, 07 Jul 2023 12:32:09 GMT
etag: "1d9b0cf0bfd0d04"
x-frame-options: DENY
x-azure-ref: 20230713T173331Z-84n8x52th102b7cn1ugye9denw00000000hg00000001247h
content-type: font/woff2
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
x-content-security-policy: default-src 'self' 'unsafe-inline' data: *.ecovadis-itlab.com *.ecovadis-survey.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-popups allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' blob: data:;

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.dub01.online.tableau.com/	1969-12-31 23:59:59	Name: hid Value: dub01pd-hap02
.dub01.online.tableau.com/	1969-12-31 23:59:59	Name: AWSELB Value: C5750B1F1C02CA9630AA7C7905CEF4E81E1406D828431DB86F28C150FB0E0A0824F4ED9754CE76AD03EBB006F4EE69FC2553ED68A512B98F852CE78098CFBB20572DDC424452AB106A71BF928DA850CAD690E873CD
www.ecovadis-survey.com/	1969-12-31 23:59:59	Name: https-anakin-prodCORS Value: a94ae2ab10c76d2a50fdddc7d575662b
www.ecovadis-survey.com/	1969-12-31 23:59:59	Name: https-anakin-prod Value: a94ae2ab10c76d2a50fdddc7d575662b
www.ecovadis-survey.com/	1970-01-20 22:00:05	Name: ai_user Value: RmAqT\|2023-07-13T17:33:30.793Z
idp.ecovadis-survey.com/	1969-12-31 23:59:59	Name: .AspNetCore.Antiforgery.9TtSrW0hzOs Value: CfDJ8Fda_2KIxUlFu9iZYvveDDFAhXkBtW4KwQn7_nEnrXP0OiBDmZCYqHnROogPyQcDY3rn_1XLGF1dDyPJRs7H_YB-tRQ9XaSFqmjoTf1AtLXvp18wqIVKVoYeFB6eZvUzeJPgnB-vyKfT875FwQ-RVZ8

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://dub01.online.tableau.com/javascripts/api/tableau-2.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://dub01.online.tableau.com/javascripts/api/tableau-2.9.2.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://dub01.online.tableau.com/javascripts/api/tableau-2.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://dub01.online.tableau.com/javascripts/api/tableau-2.9.2.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security	warning	URL: https://idp.ecovadis-survey.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dbellucci%26redirect_uri%3Dhttps%253A%252F%252Fwww.ecovadis-survey.com%252Fapp%252F%2523%252Fsso-callback%253F%26response_type%3Did_token%2520token%26scope%3Dopenid%2520profile%2520actinguserid%2520anakinapi%2520idpapi%2520offline_access%26response_mode%3Dfragment%26nonce%3Dv0gdcu1jaem%26language%3Den-GB Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' .site24x7rum.com .google-analytics.com .googletagmanager.com ajax.googleapis.com .uservoice.com .tableau.com .tableauusercontent.com .stripe.com .datatables.net .ecovadis-survey.com .hotjar.com .storage.googleapis.com .pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com .datatables.net .jsdelivr.net .storage.googleapis.com .pendo.io .ecovadis-survey.com; connect-src 'self' col.site24x7rum.com .ecovadis-survey.com .google-analytics.com com sentry.io .visualstudio.com https://data.eu.pendo.io/ .blob.core.windows.net .g.doubleclick.net .hotjar.com wss://.hotjar.com .pendo.io .storage.googleapis.com; frame-src 'self' .googletagmanager.com .online.tableau.com .stripe.com https://pendo-eu-extensions.storage.googleapis.com/ .hotjar.com/ .pendo.io https://portal.productboard.com/;img-src 'self' blob: data: .google-analytics.com .stripe.com https://data.eu.pendo.io .storage.googleapis.com .slgnt.eu https://ecovadis.slgnt.eu .google.com .google.pl .storage.googleapis.com .pendo.io * ; manifest-src 'self' .ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors .pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.pendo.io
dub01.online.tableau.com
embedding.tableauusercontent.com
fonts.googleapis.com
idp.ecovadis-survey.com
static.site24x7rum.com
www.ecovadis-survey.com
www.googletagmanager.com
2600:9000:223f:7400:1f:aa31:7740:93a1
2600:9000:2491:f200:1b:df26:7b40:93a1
2620:1ec:bdf::45
2a00:1450:4001:80b::2008
2a00:1450:4001:827::200a
34.250.244.242
52.222.169.77
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
06c62adaafe50192ac0dd9d72f2da9084fa9a2736ae93b63b17905f47300ce90
152d98d0d6bd6bc6bf9aa0dd54c61af7975bb7b13af3b424f0f5180449096f01
15c28ef4d3279fd7a32785169f7dcc95e3010f66ada544621a74e512fc79d977
1b7e1c21283955a079e4b1e0458fa479df16e096c63044b8e6fd24b10e3812a1
31f0249e6eaf9542391d9872a054497646614d5ce96d7a5dce08751cff0b4027
33af89619f12044f18ff0a7e3b065066d403de154b8a40444de47db0da8554f0
35a9d821a2812ff8f18ec2d1b69ba65eb524cd3aacddd487cc0c5380ff5743df
3a3c2069acf9dd3818bd1b586b70dd311eafd458788f5a390f05464106b87f25
4b2d0f7341c734808f8af7f3122e063aec55e94878f5a814263011d92c5299ec
529df736d80aff296c3bd1d6d06d2a8b20d0080e1a858477f58355afb0747a05
6195b1bce0085db8c9b1b936150dfd7b070aa9be52d44580b1b6f16752dece34
656cceed63fef855d6aa63ce2a93fac39120c13e4ef46e673818aad89b022a10
810a174cf3c829c4719cc3a63a18a7f3c8b0c1310b87802c4d12b261f41eddb3
8bed3bc28855d22ca4197fb16022ef004b5d32f61c45e42fd18625b17a91732e
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
af2b16c4690803ae0f4a422617c583968d9e3d95c0640d39d5e84222d3763839
c5d815b40984bcac0c19a6fb730dfad5a2824d28e52dcf3f8d8801b8b54f1da3
ce141c12fa3237af6c67da3a702b3d41c5ae4a86f736d3d38b717219cd0cf047
d632e8d8ae3ad0746868c263443ac606500433723439f29e8a051e12361a1137
d7e09892ac7ba50dd1770d4f6fea49d7d49d29375388397aee75ffeb1a16d68f
d9fab5aae5b9f751435ab8a2b1955f48e9fad0e880ced80aece52dcf760f60d6
e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478
e7077bfb725513b0997a9ee634523c831e23db691e3024774240cab84756710b
eef9637eed44aeb352679aab8d5f2331bd506e554f423a0f9b48b9a57919cb5d
f6002e854e9072f218fc82b88c45b5642f5b711970de5ce19a7579c44d23bc16
fd73a8243fd6dfe86ab13d1dbebea51e019172b225bbad557948c3bd617f022a
ff88f038cdc023fd089b59a903155e7c35fc248aba07ac2b44375b93ca12d10d

idp.ecovadis-survey.com Open in urlscan Pro 2620:1ec:bdf::45 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

30 Requests

100 %HTTPS

71 %IPv6

7 Domains

8 Subdomains

7 IPs

3 Countries

6237 kBTransfer

19530 kBSize

6 Cookies

3 Outgoing links

Page URL History

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

idp.ecovadis-survey.com Open in urlscan Pro
2620:1ec:bdf::45 Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

100 %
HTTPS

71 %
IPv6

7
Domains

8
Subdomains

7
IPs

3
Countries

6237 kB
Transfer

19530 kB
Size

6
Cookies

30 HTTP transactions
0 data transactions