urlscan.io logo urlscan.io
SecurityTrails logo

password-ver-staging.spruce-feature.com Open in urlscan Pro
34.192.28.232  Public Scan

Go To Rescan Add Verdict Report
URL: https://password-ver-staging.spruce-feature.com/
Submission: On November 08 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 5 domains to perform 29 HTTP transactions. The main IP is 34.192.28.232, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is password-ver-staging.spruce-feature.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on November 7th 2024. Valid for: a year.
This is the only time password-ver-staging.spruce-feature.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 34.192.28.232 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
8 54.236.124.11 14618 (AMAZON-AES)
2 54.85.235.52 14618 (AMAZON-AES)
1 18.66.102.106 16509 (AMAZON-02)
1 142.250.186.99 15169 (GOOGLE)
1 151.101.128.176 54113 (FASTLY)
29 8
11    34.192.28.232 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-192-28-232.compute-1.amazonaws.com
password-ver-staging.spruce-feature.com
1    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
8    54.236.124.11 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-236-124-11.compute-1.amazonaws.com
msg-api.spruce-staging.com
2    54.85.235.52 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-85-235-52.compute-1.amazonaws.com
app.spruce-staging.com
1    18.66.102.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-106.fra56.r.cloudfront.net
js.stripe.com
1    142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net
fonts.gstatic.com
1    151.101.128.176 (San Francisco, United States)

ASN54113 (FASTLY, US)
js.stripe.com
Domain Requested by
11 password-ver-staging.spruce-feature.com password-ver-staging.spruce-feature.com
8 msg-api.spruce-staging.com password-ver-staging.spruce-feature.com
2 js.stripe.com password-ver-staging.spruce-feature.com
js.stripe.com
2 app.spruce-staging.com password-ver-staging.spruce-feature.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com password-ver-staging.spruce-feature.com
29 6

This site contains no links.

Subject Issuer Validity Valid
password-ver-staging.spruce-feature.com
Amazon RSA 2048 M02		 2024-11-07 -
2025-12-06		 a year crt.sh
upload.video.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
spruce-staging.com
Amazon RSA 2048 M02		 2024-08-24 -
2025-09-21		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-10-30 -
2025-02-06		 3 months crt.sh
*.gstatic.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://password-ver-staging.spruce-feature.com/
Frame ID: 402227F7DCB9BC50BA0F76092DF3E2BE
Requests: 22 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-1a399cae6721729a264b85158ea5a9d0.html
Frame ID: F3F9D48F9F7B1A3EEE605912BC8D6ADC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Welcome to Spruce

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • /bugsnag.*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

29
Requests

86 %
HTTPS

14 %
IPv6

5
Domains

6
Subdomains

8
IPs

2
Countries

2457 kB
Transfer

8641 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
password-ver-staging.spruce-feature.com/ 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://password-ver-staging.spruce-feature.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.28.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-28-232.compute-1.amazonaws.com
Software
envoy /
Resource Hash
158d0a43dd0f3bf1c77997c2b040cebef67c4d7b16868ab371b083ce8fdecd26
Security Headers
Name Value
Content-Security-Policy script-src 'sha256-ZwA9ZcYMOiqPQuHqkW85+PF5s0XkJ65iCknr2y+ekYw=' 'strict-dynamic' 'unsafe-inline' https: http:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; default-src 'self'; report-uri https://spruce.report-uri.com/r/d/csp/enforce; child-src 'self' https://*.spruce-dev.com https://*.spruce-staging.com https://graphql.mailslurp.com https://api.mailslurp.com https://app.useanvil.com https://form.asana.com https://js.stripe.com https://hooks.stripe.com https://spruce.care https://www.loom.com; img-src data: 'self' https://*.spruce-dev.com https://*.spruce-staging.com https://graphql.mailslurp.com https://api.mailslurp.com https://assets.grammarly.com https://dlzz6qy5jmbag.cloudfront.net; connect-src 'self' https://*.spruce-dev.com https://*.spruce-staging.com https://graphql.mailslurp.com https://api.mailslurp.com https://notify.bugsnag.com https://api.sendgrid.com https://sessions.bugsnag.com https://eventgw.us1.twilio.com https://eventgw.twilio.com https://media.twiliocdn.com https://hooks.zapier.com wss://voice-js.roaming.twilio.com https://sdk.twilio.com https://fonts.googleapis.com https://fonts.gstatic.com wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com https://api.stripe.com https://*.pndsn.com; media-src 'self' https://*.spruce-dev.com https://*.spruce-staging.com https://graphql.mailslurp.com https://api.mailslurp.com mediastream: data: blob: https://media.twiliocdn.com https://sdk.twilio.com;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, max-age=0
content-encoding
gzip
content-length
836
content-security-policy
script-src 'sha256-ZwA9ZcYMOiqPQuHqkW85+PF5s0XkJ65iCknr2y+ekYw=' 'strict-dynamic' 'unsafe-inline' https: http:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; default-src 'self'; report-uri https://spruce.report-uri.com/r/d/csp/enforce; child-src 'self' https://*.spruce-dev.com https://*.spruce-staging.com https://graphql.mailslurp.com https://api.mailslurp.com https://app.useanvil.com https://form.asana.com https://js.stripe.com https://hooks.stripe.com https://spruce.care https://www.loom.com; img-src data: 'self' https://*.spruce-dev.com https://*.spruce-staging.com https://graphql.mailslurp.com https://api.mailslurp.com https://assets.grammarly.com https://dlzz6qy5jmbag.cloudfront.net; connect-src 'self' https://*.spruce-dev.com https://*.spruce-staging.com https://graphql.mailslurp.com https://api.mailslurp.com https://notify.bugsnag.com https://api.sendgrid.com https://sessions.bugsnag.com https://eventgw.us1.twilio.com https://eventgw.twilio.com https://media.twiliocdn.com https://hooks.zapier.com wss://voice-js.roaming.twilio.com https://sdk.twilio.com https://fonts.googleapis.com https://fonts.gstatic.com wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com https://api.stripe.com https://*.pndsn.com; media-src 'self' https://*.spruce-dev.com https://*.spruce-staging.com https://graphql.mailslurp.com https://api.mailslurp.com mediastream: data: blob: https://media.twiliocdn.com https://sdk.twilio.com;
content-type
text/html; charset=utf-8
date
Fri, 08 Nov 2024 12:09:23 GMT
expect-ct
max-age=0,report-uri="https://spruce.report-uri.com/r/d/ct/enforce"
referrer-policy
strict-origin-when-cross-origin
server
envoy
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
2
x-frame-options
SAMEORIGIN
x-xss-protection
1;mode=block
styles.css
password-ver-staging.spruce-feature.com/ 		295 B
829 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://password-ver-staging.spruce-feature.com/styles.css
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.28.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-28-232.compute-1.amazonaws.com
Software
envoy /
Resource Hash
57b63c372f44768d4057d42c60fb3831e7ca5cf5664e0e28c8a555b1bbdb2a1a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://password-ver-staging.spruce-feature.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, max-age=0
etag
"smlryq87"
x-envoy-upstream-service-time
1
expect-ct
max-age=0,report-uri="https://spruce.report-uri.com/r/d/ct/enforce"
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
content-length
295
date
Fri, 08 Nov 2024 12:09:23 GMT
x-xss-protection
1;mode=block
content-type
text/css; charset=utf-8
last-modified
Thu, 07 Nov 2024 23:01:38 GMT
server
envoy
x-frame-options
SAMEORIGIN
css2
fonts.googleapis.com/ 		23 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;550;650;725&display=swap
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8d2ff9488ede7503e58a55c8a319ebbfc017a588ce631148bebb31ca3db9fd88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://password-ver-staging.spruce-feature.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 08 Nov 2024 12:09:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 08 Nov 2024 12:09:23 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Fri, 08 Nov 2024 12:09:23 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
bootstrapErrorHandling.js
password-ver-staging.spruce-feature.com/ 		398 B
939 B 		Script
General
Check archive.org
Download Go to
Full URL
https://password-ver-staging.spruce-feature.com/bootstrapErrorHandling.js
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.28.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-28-232.compute-1.amazonaws.com
Software
envoy /
Resource Hash
05652f9c66bb3feaf57c434ec3d1c1e940b33e34e0c7f94f9b4eee3c8e55d03c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://password-ver-staging.spruce-feature.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, max-age=0
etag
"smlryqb2"
x-envoy-upstream-service-time
1
expect-ct
max-age=0,report-uri="https://spruce.report-uri.com/r/d/ct/enforce"
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
content-length
398
date
Fri, 08 Nov 2024 12:09:24 GMT
x-xss-protection
1;mode=block
content-type
text/javascript; charset=utf-8
last-modified
Thu, 07 Nov 2024 23:01:38 GMT
server
envoy
x-frame-options
SAMEORIGIN
setEnvironmentVariables.js
password-ver-staging.spruce-feature.com/ 		630 B
906 B 		Script
General
Check archive.org
Download Go to
Full URL
https://password-ver-staging.spruce-feature.com/setEnvironmentVariables.js
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.28.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-28-232.compute-1.amazonaws.com
Software
envoy /
Resource Hash
392ae49248c4986b64700a7acb0f48c5f2b13587ea0eec3c3847095ba1dd9616
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://password-ver-staging.spruce-feature.com/

Response headers

content-encoding
gzip
etag
"smlryqhi"
expect-ct
max-age=0,report-uri="https://spruce.report-uri.com/r/d/ct/enforce"
x-content-type-options
nosniff
date
Fri, 08 Nov 2024 12:09:24 GMT
content-type
text/javascript; charset=utf-8
last-modified
Thu, 07 Nov 2024 23:01:38 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
no-cache, max-age=0
x-envoy-upstream-service-time
1
referrer-policy
strict-origin-when-cross-origin
content-length
318
x-xss-protection
1;mode=block
server
envoy
main.16627b9c.js
password-ver-staging.spruce-feature.com/static/js/ 		559 KB
144 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://password-ver-staging.spruce-feature.com/static/js/main.16627b9c.js
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.28.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-28-232.compute-1.amazonaws.com
Software
envoy /
Resource Hash
95f2a17133faa504511cd1e2fe6492b5c7adc798ac59a84d4a54b3a92606ed4d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://password-ver-staging.spruce-feature.com/

Response headers

content-encoding
gzip
etag
"smlryqc9w5"
expect-ct
max-age=0,report-uri="https://spruce.report-uri.com/r/d/ct/enforce"
x-content-type-options
nosniff
date
Fri, 08 Nov 2024 12:09:24 GMT
content-type
text/javascript; charset=utf-8
last-modified
Thu, 07 Nov 2024 23:01:38 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
transfer-encoding
chunked
strict-transport-security
max-age=31536000
cache-control
no-cache, max-age=0
x-envoy-upstream-service-time
2
referrer-policy
strict-origin-when-cross-origin
x-xss-protection
1;mode=block
server
envoy
graphql
msg-api.spruce-staging.com/ 		148 B
572 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://msg-api.spruce-staging.com/graphql?name=PageLoadAnalyticsEventMutation
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/static/js/main.16627b9c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.124.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-124-11.compute-1.amazonaws.com
Software
/
Resource Hash
31db1d6034b20146c71cb99efb59299453a643dc21ff352e6be29ef2466361ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://password-ver-staging.spruce-feature.com/

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
access-control-allow-credentials
true
x-content-type-options
nosniff
s-request-id
FcuERX_ZbRU-1h5LIYxLpg
access-control-allow-origin
https://password-ver-staging.spruce-feature.com
content-length
130
date
Fri, 08 Nov 2024 12:09:25 GMT
x-xss-protection
1; mode=block
content-type
application/json
vary
Accept-Encoding
x-frame-options
DENY
sessions
app.spruce-staging.com/bugsnag/ 		21 B
689 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.spruce-staging.com/bugsnag/sessions
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/static/js/main.16627b9c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.85.235.52 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-235-52.compute-1.amazonaws.com
Software
Caddy /
Resource Hash
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Bugsnag-Payload-Version
1
Bugsnag-Api-Key
d541879b1a50890eb3e495d438a8d646
Referer
https://password-ver-staging.spruce-feature.com/
Bugsnag-Sent-At
2024-11-08T12:09:25.113Z
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, max-age=0
expect-ct
max-age=0,report-uri="https://spruce.report-uri.com/r/d/ct/enforce"
referrer-policy
strict-origin-when-cross-origin
via
1.1 google
x-content-type-options
nosniff
access-control-allow-origin
*
content-length
21
date
Fri, 08 Nov 2024 12:09:25 GMT
x-xss-protection
1;mode=block
content-type
application/json
server
Caddy
x-frame-options
SAMEORIGIN
893.d149956e.chunk.css
password-ver-staging.spruce-feature.com/static/css/ 		35 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://password-ver-staging.spruce-feature.com/static/css/893.d149956e.chunk.css
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/static/js/main.16627b9c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.28.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-28-232.compute-1.amazonaws.com
Software
envoy /
Resource Hash
da3ab04a829312bade06c006a4133e2b5d1886e2dc646103241687e27da7afad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://password-ver-staging.spruce-feature.com/

Response headers

content-encoding
gzip
etag
"smlryqrsn"
expect-ct
max-age=0,report-uri="https://spruce.report-uri.com/r/d/ct/enforce"
x-content-type-options
nosniff
date
Fri, 08 Nov 2024 12:09:25 GMT
content-type
text/css; charset=utf-8
last-modified
Thu, 07 Nov 2024 23:01:38 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
transfer-encoding
chunked
strict-transport-security
max-age=31536000
cache-control
no-cache, max-age=0
x-envoy-upstream-service-time
1
referrer-policy
strict-origin-when-cross-origin
x-xss-protection
1;mode=block
server
envoy
893.1d700c0d.chunk.js
password-ver-staging.spruce-feature.com/static/js/ 		5 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://password-ver-staging.spruce-feature.com/static/js/893.1d700c0d.chunk.js
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/static/js/main.16627b9c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.28.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-28-232.compute-1.amazonaws.com
Software
envoy /
Resource Hash
9143892c03f6816fdd234d1418976ba682b4f1b5ffe430343582e7c5db7597f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://password-ver-staging.spruce-feature.com/

Response headers

content-encoding
gzip
etag
"smlryq31ahx"
expect-ct
max-age=0,report-uri="https://spruce.report-uri.com/r/d/ct/enforce"
x-content-type-options
nosniff
date
Fri, 08 Nov 2024 12:09:25 GMT
content-type
text/javascript; charset=utf-8
last-modified
Thu, 07 Nov 2024 23:01:38 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
transfer-encoding
chunked
strict-transport-security
max-age=31536000
cache-control
no-cache, max-age=0
x-envoy-upstream-service-time
4
referrer-policy
strict-origin-when-cross-origin
x-xss-protection
1;mode=block
server
envoy
79.21acd749.chunk.css
password-ver-staging.spruce-feature.com/static/css/ 		23 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://password-ver-staging.spruce-feature.com/static/css/79.21acd749.chunk.css
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/static/js/main.16627b9c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.28.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-28-232.compute-1.amazonaws.com
Software
envoy /
Resource Hash
b892c5fd995b135a8c309165b136cf7dccf115ebb144e9492f287fb263ffc3e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://password-ver-staging.spruce-feature.com/

Response headers

content-encoding
gzip
etag
"smlryqi3b"
expect-ct
max-age=0,report-uri="https://spruce.report-uri.com/r/d/ct/enforce"
x-content-type-options
nosniff
date
Fri, 08 Nov 2024 12:09:25 GMT
content-type
text/css; charset=utf-8
last-modified
Thu, 07 Nov 2024 23:01:38 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
transfer-encoding
chunked
strict-transport-security
max-age=31536000
cache-control
no-cache, max-age=0
x-envoy-upstream-service-time
3
referrer-policy
strict-origin-when-cross-origin
x-xss-protection
1;mode=block
server
envoy
79.1d869c4d.chunk.js
password-ver-staging.spruce-feature.com/static/js/ 		2 MB
590 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://password-ver-staging.spruce-feature.com/static/js/79.1d869c4d.chunk.js
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/static/js/main.16627b9c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.28.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-28-232.compute-1.amazonaws.com
Software
envoy /
Resource Hash
f2cbc5701fe44fdbbd6bca55951af46b5672439f0b5d2503840b435f4353050f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://password-ver-staging.spruce-feature.com/

Response headers

content-encoding
gzip
etag
"smlryq1a0i3"
expect-ct
max-age=0,report-uri="https://spruce.report-uri.com/r/d/ct/enforce"
x-content-type-options
nosniff
date
Fri, 08 Nov 2024 12:09:25 GMT
content-type
text/javascript; charset=utf-8
last-modified
Thu, 07 Nov 2024 23:01:38 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
transfer-encoding
chunked
strict-transport-security
max-age=31536000
cache-control
no-cache, max-age=0
x-envoy-upstream-service-time
50
referrer-policy
strict-origin-when-cross-origin
x-xss-protection
1;mode=block
server
envoy
graphql
msg-api.spruce-staging.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://msg-api.spruce-staging.com/graphql?name=PageLoadAnalyticsEventMutation
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.124.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-124-11.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://password-ver-staging.spruce-feature.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
https://password-ver-staging.spruce-feature.com
access-control-max-age
86400
content-length
0
date
Fri, 08 Nov 2024 12:09:25 GMT
s-request-id
2m10bGoj4_TI208BoMXGqw
strict-transport-security
max-age=31536000
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
sessions
app.spruce-staging.com/bugsnag/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.spruce-staging.com/bugsnag/sessions
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.85.235.52 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-235-52.compute-1.amazonaws.com
Software
Caddy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Access-Control-Request-Method
POST
Origin
https://password-ver-staging.spruce-feature.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At, Bugsnag-Integrity
access-control-allow-methods
POST
access-control-allow-origin
*
cache-control
no-cache, max-age=0
content-length
0
date
Fri, 08 Nov 2024 12:09:25 GMT
expect-ct
max-age=0,report-uri="https://spruce.report-uri.com/r/d/ct/enforce"
referrer-policy
strict-origin-when-cross-origin
server
Caddy
strict-transport-security
max-age=31536000
via
1.1 google
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1;mode=block
v3
js.stripe.com/ 		685 KB
180 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/static/js/893.1d700c0d.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-106.fra56.r.cloudfront.net
Software
Cloudfront /
Resource Hash
d6e29e7139004974810197ad042d988912cf952db6f4434ce619dd6d42250a37
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://password-ver-staging.spruce-feature.com/

Response headers

content-encoding
br
etag
W/"b987ee22621f2ee3f6ca4d8d3616ec0b"
age
15
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
rtthGLBE0skUwIAcyFRNlHpOw_C7Qc1E4_f4s5oOWuLKC1yw-ZhX9g==
date
Fri, 08 Nov 2024 12:09:12 GMT
content-type
text/javascript; charset=utf-8
last-modified
Thu, 07 Nov 2024 21:51:53 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=60
timing-allow-origin
*
via
1.1 21c2c1b3872c539a34b64bcf45f4054c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA56-P2
server
Cloudfront
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;550;650;725&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f3.1e100.net
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://password-ver-staging.spruce-feature.com
Referer
https://fonts.googleapis.com/

Response headers

age
160866
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Thu, 06 Nov 2025 15:28:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 06 Nov 2024 15:28:21 GMT
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
48236
x-xss-protection
0
server
sffe
graphql
msg-api.spruce-staging.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://msg-api.spruce-staging.com/graphql?name=UseUserContextQuery
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.124.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-124-11.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,s-client-timezone,s-platform,s-tab-id,s-version
Access-Control-Request-Method
POST
Origin
https://password-ver-staging.spruce-feature.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, S-Client-Timezone, S-Platform, S-Tab-Id, S-Version
access-control-allow-methods
POST
access-control-allow-origin
https://password-ver-staging.spruce-feature.com
access-control-max-age
86400
content-length
0
date
Fri, 08 Nov 2024 12:09:27 GMT
s-request-id
aCcLMSdq4KCro3Q2NS2g3A
strict-transport-security
max-age=31536000
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
graphql
msg-api.spruce-staging.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://msg-api.spruce-staging.com/graphql?name=ForceUpgradeCheck
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.124.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-124-11.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,s-client-timezone,s-platform,s-tab-id,s-version
Access-Control-Request-Method
POST
Origin
https://password-ver-staging.spruce-feature.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, S-Client-Timezone, S-Platform, S-Tab-Id, S-Version
access-control-allow-methods
POST
access-control-allow-origin
https://password-ver-staging.spruce-feature.com
access-control-max-age
86400
content-length
0
date
Fri, 08 Nov 2024 12:09:27 GMT
s-request-id
Dsssnns622uQpN5kVEYRbg
strict-transport-security
max-age=31536000
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
graphql
msg-api.spruce-staging.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://msg-api.spruce-staging.com/graphql?name=CheckAuthQuery
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.124.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-124-11.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,s-client-timezone,s-platform,s-tab-id,s-version
Access-Control-Request-Method
POST
Origin
https://password-ver-staging.spruce-feature.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, S-Client-Timezone, S-Platform, S-Tab-Id, S-Version
access-control-allow-methods
POST
access-control-allow-origin
https://password-ver-staging.spruce-feature.com
access-control-max-age
86400
content-length
0
date
Fri, 08 Nov 2024 12:09:27 GMT
s-request-id
UjOfNoCJzwq6JAKb7yYK8A
strict-transport-security
max-age=31536000
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
graphql
msg-api.spruce-staging.com/ 		155 B
577 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msg-api.spruce-staging.com/graphql?name=UseUserContextQuery
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/static/js/main.16627b9c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.124.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-124-11.compute-1.amazonaws.com
Software
/
Resource Hash
011fe4968a25240b8cf5073b6929f510b55f259a6c0067aff18729264b731238
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

s-version
Messenger;staging;4.3.700
s-client-timezone
Europe/Berlin
Referer
https://password-ver-staging.spruce-feature.com/
s-platform
web;Linux:Chrome;Unknown:130.0.0.0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept
*/*
content-type
application/json
s-tab-id
1731067766972;2504604e-58e7-4e5a-920b-fa996058bd9b

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
access-control-allow-credentials
true
x-content-type-options
nosniff
s-request-id
tNg3dm9alQPVhTmi61-Cjg
access-control-allow-origin
https://password-ver-staging.spruce-feature.com
content-length
137
date
Fri, 08 Nov 2024 12:09:27 GMT
x-xss-protection
1; mode=block
content-type
application/json
vary
Accept-Encoding
x-frame-options
DENY
graphql
msg-api.spruce-staging.com/ 		114 B
553 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msg-api.spruce-staging.com/graphql?name=ForceUpgradeCheck
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/static/js/main.16627b9c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.124.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-124-11.compute-1.amazonaws.com
Software
/
Resource Hash
c0883aa0288ca2c481d35ca0650a41991b6a654fd78b5c21015617ca507076f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

s-version
Messenger;staging;4.3.700
s-client-timezone
Europe/Berlin
Referer
https://password-ver-staging.spruce-feature.com/
s-platform
web;Linux:Chrome;Unknown:130.0.0.0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept
*/*
content-type
application/json
s-tab-id
1731067766972;2504604e-58e7-4e5a-920b-fa996058bd9b

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
access-control-allow-credentials
true
x-content-type-options
nosniff
s-request-id
CUaFCSRVnrXOvAEIPCYwiA
access-control-allow-origin
https://password-ver-staging.spruce-feature.com
content-length
111
date
Fri, 08 Nov 2024 12:09:27 GMT
x-xss-protection
1; mode=block
content-type
application/json
vary
Accept-Encoding
x-frame-options
DENY
graphql
msg-api.spruce-staging.com/ 		155 B
579 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msg-api.spruce-staging.com/graphql?name=CheckAuthQuery
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/static/js/main.16627b9c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.124.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-124-11.compute-1.amazonaws.com
Software
/
Resource Hash
011fe4968a25240b8cf5073b6929f510b55f259a6c0067aff18729264b731238
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

s-version
Messenger;staging;4.3.700
s-client-timezone
Europe/Berlin
Referer
https://password-ver-staging.spruce-feature.com/
s-platform
web;Linux:Chrome;Unknown:130.0.0.0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept
*/*
content-type
application/json
s-tab-id
1731067766972;2504604e-58e7-4e5a-920b-fa996058bd9b

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
access-control-allow-credentials
true
x-content-type-options
nosniff
s-request-id
Yyv6nWZDNbrwBOlxBmdURg
access-control-allow-origin
https://password-ver-staging.spruce-feature.com
content-length
137
date
Fri, 08 Nov 2024 12:09:27 GMT
x-xss-protection
1; mode=block
content-type
application/json
vary
Accept-Encoding
x-frame-options
DENY
controller-with-preconnect-1a399cae6721729a264b85158ea5a9d0.html
js.stripe.com/v3/ Frame F3F9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-with-preconnect-1a399cae6721729a264b85158ea5a9d0.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://password-ver-staging.spruce-feature.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
35
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=60, stale-while-revalidate=900
content-encoding
br
content-length
402
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Fri, 08 Nov 2024 12:09:27 GMT
etag
"1a399cae6721729a264b85158ea5a9d0"
last-modified
Thu, 07 Nov 2024 21:09:54 GMT
origin-agent-cluster
?1
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
14
x-content-type-options
nosniff
x-request-id
9f4621fa-bbd8-4530-ac50-d7c32b43ddc6
x-served-by
cache-fra-etou8220056-FRA
116.40b96c12.chunk.js
password-ver-staging.spruce-feature.com/static/js/ 		96 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://password-ver-staging.spruce-feature.com/static/js/116.40b96c12.chunk.js
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/static/js/main.16627b9c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.28.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-28-232.compute-1.amazonaws.com
Software
envoy /
Resource Hash
7120d953aeca0c5c2010cce218408bd50cc37677616dbf6ebfc130d6c5300a04
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://password-ver-staging.spruce-feature.com/

Response headers

content-encoding
gzip
etag
"smlryq23x0"
expect-ct
max-age=0,report-uri="https://spruce.report-uri.com/r/d/ct/enforce"
x-content-type-options
nosniff
date
Fri, 08 Nov 2024 12:09:27 GMT
content-type
text/javascript; charset=utf-8
last-modified
Thu, 07 Nov 2024 23:01:38 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
transfer-encoding
chunked
strict-transport-security
max-age=31536000
cache-control
no-cache, max-age=0
x-envoy-upstream-service-time
3
connection
close
referrer-policy
strict-origin-when-cross-origin
x-xss-protection
1;mode=block
server
envoy
681.72b39075.chunk.js
password-ver-staging.spruce-feature.com/static/js/ 		93 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://password-ver-staging.spruce-feature.com/static/js/681.72b39075.chunk.js
Requested by
Host: password-ver-staging.spruce-feature.com
URL: https://password-ver-staging.spruce-feature.com/static/js/main.16627b9c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.28.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-28-232.compute-1.amazonaws.com
Software
envoy /
Resource Hash
49b771af95028803f44a762c7cf5f65288269a41710615b57998c1c4a338598c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://password-ver-staging.spruce-feature.com/

Response headers

content-encoding
gzip
etag
"smlryq219t"
expect-ct
max-age=0,report-uri="https://spruce.report-uri.com/r/d/ct/enforce"
x-content-type-options
nosniff
date
Fri, 08 Nov 2024 12:09:27 GMT
content-type
text/javascript; charset=utf-8
last-modified
Thu, 07 Nov 2024 23:01:38 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
transfer-encoding
chunked
strict-transport-security
max-age=31536000
cache-control
no-cache, max-age=0
x-envoy-upstream-service-time
4
referrer-policy
strict-origin-when-cross-origin
x-xss-protection
1;mode=block
server
envoy
graphql
msg-api.spruce-staging.com/ 		0
0
spruce-logo-ai.7406b4055ca9a8c98e3bdbb46d46de13.svg
password-ver-staging.spruce-feature.com/static/media/ 		0
0
graphql
msg-api.spruce-staging.com/ 		0
0
graphql
msg-api.spruce-staging.com/ Frame 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
msg-api.spruce-staging.com
URL
https://msg-api.spruce-staging.com/graphql?name=UseUserContextQuery
Domain
password-ver-staging.spruce-feature.com
URL
https://password-ver-staging.spruce-feature.com/static/media/spruce-logo-ai.7406b4055ca9a8c98e3bdbb46d46de13.svg
Domain
msg-api.spruce-staging.com
URL
https://msg-api.spruce-staging.com/graphql?name=UnauthenticatedMessagesQuery
Domain
msg-api.spruce-staging.com
URL
https://msg-api.spruce-staging.com/graphql?name=UnauthenticatedMessagesQuery

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| REACT_APP_ENVIRONMENT string| REACT_APP_API_ENVIRONMENT string| REACT_APP_VERSION string| REACT_APP_PUBNUB_SUB_KEY string| REACT_APP_PUBNUB_PUB_KEY string| REACT_APP_APP_BASE_URL string| REACT_APP_API_BASE_URL string| REACT_APP_MEDIA_BASE_URL string| REACT_APP_STRIPE_TOKEN string| REACT_APP_ELECTRON_PROTOCOL object| webpackChunkprovider_webapp object| __twilioVideoImportedModules string| __reactRouterVersion object| __APOLLO_CLIENT__ object| webpackChunkStripeJSouter function| noop function| Stripe

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'sha256-ZwA9ZcYMOiqPQuHqkW85+PF5s0XkJ65iCknr2y+ekYw=' 'strict-dynamic' 'unsafe-inline' https: http:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; default-src 'self'; report-uri https://spruce.report-uri.com/r/d/csp/enforce; child-src 'self' https://*.spruce-dev.com https://*.spruce-staging.com https://graphql.mailslurp.com https://api.mailslurp.com https://app.useanvil.com https://form.asana.com https://js.stripe.com https://hooks.stripe.com https://spruce.care https://www.loom.com; img-src data: 'self' https://*.spruce-dev.com https://*.spruce-staging.com https://graphql.mailslurp.com https://api.mailslurp.com https://assets.grammarly.com https://dlzz6qy5jmbag.cloudfront.net; connect-src 'self' https://*.spruce-dev.com https://*.spruce-staging.com https://graphql.mailslurp.com https://api.mailslurp.com https://notify.bugsnag.com https://api.sendgrid.com https://sessions.bugsnag.com https://eventgw.us1.twilio.com https://eventgw.twilio.com https://media.twiliocdn.com https://hooks.zapier.com wss://voice-js.roaming.twilio.com https://sdk.twilio.com https://fonts.googleapis.com https://fonts.gstatic.com wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com https://api.stripe.com https://*.pndsn.com; media-src 'self' https://*.spruce-dev.com https://*.spruce-staging.com https://graphql.mailslurp.com https://api.mailslurp.com mediastream: data: blob: https://media.twiliocdn.com https://sdk.twilio.com;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.spruce-staging.com
fonts.googleapis.com
fonts.gstatic.com
js.stripe.com
msg-api.spruce-staging.com
password-ver-staging.spruce-feature.com
msg-api.spruce-staging.com
password-ver-staging.spruce-feature.com
142.250.186.99
151.101.128.176
18.66.102.106
2a00:1450:4001:802::200a
34.192.28.232
54.236.124.11
54.85.235.52
011fe4968a25240b8cf5073b6929f510b55f259a6c0067aff18729264b731238
05652f9c66bb3feaf57c434ec3d1c1e940b33e34e0c7f94f9b4eee3c8e55d03c
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a
158d0a43dd0f3bf1c77997c2b040cebef67c4d7b16868ab371b083ce8fdecd26
31db1d6034b20146c71cb99efb59299453a643dc21ff352e6be29ef2466361ca
392ae49248c4986b64700a7acb0f48c5f2b13587ea0eec3c3847095ba1dd9616
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
49b771af95028803f44a762c7cf5f65288269a41710615b57998c1c4a338598c
57b63c372f44768d4057d42c60fb3831e7ca5cf5664e0e28c8a555b1bbdb2a1a
7120d953aeca0c5c2010cce218408bd50cc37677616dbf6ebfc130d6c5300a04
8d2ff9488ede7503e58a55c8a319ebbfc017a588ce631148bebb31ca3db9fd88
9143892c03f6816fdd234d1418976ba682b4f1b5ffe430343582e7c5db7597f1
95f2a17133faa504511cd1e2fe6492b5c7adc798ac59a84d4a54b3a92606ed4d
b892c5fd995b135a8c309165b136cf7dccf115ebb144e9492f287fb263ffc3e2
c0883aa0288ca2c481d35ca0650a41991b6a654fd78b5c21015617ca507076f4
d6e29e7139004974810197ad042d988912cf952db6f4434ce619dd6d42250a37
da3ab04a829312bade06c006a4133e2b5d1886e2dc646103241687e27da7afad
f2cbc5701fe44fdbbd6bca55951af46b5672439f0b5d2503840b435f4353050f