folleon.com Open in urlscan Pro
104.31.67.11 Public Scan

URL:
https://folleon.com/
Submission: On April 24 via manual (April 24th 2018, 7:48:44 pm UTC) from CH

Summary HTTP 14 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 104.31.67.11, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is folleon.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on April 14th 2018. Valid for: 6 months.

This is the only time folleon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
14	104.31.67.11 104.31.67.11		13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
14	1

14 104.31.67.11 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

folleon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.folleon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	folleon.com folleon.com api.folleon.com	2 MB
14	1

	Domain	Requested by
8	api.folleon.com	folleon.com
6	folleon.com	folleon.com
14	2

This site contains links to these domains. Also see Links.

Domain
www.adweek.com
freakshow.fm
api.folleon.com
www.stadtgossau.ch
www.sg.ch
www.amtsblatt.sg.ch
twitter.com
research.checkpoint.com
www.bbc.com
imgur.com
github.com
blog.fefe.de
stackoverflow.com
guides.github.com

Subject Issuer	Validity	Valid
sni155855.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-04-14` - `2018-10-21`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://folleon.com/
Frame ID: 9F1DFA71B4BFC512888A0484B4CF8FD6
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

YouTube (Video Players) Expand

Overall confidence: 100%
Detected patterns

html /<(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com\/(?:v|embed)/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

1753 kB
Transfer

2282 kB
Size

1
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: http://www.adweek.com/creativity/this-look-inside-spike-jonzes-apple-ad-is-as-fascinating-as-the-film-itself/
Title: http://www.adweek.com/creativity/this-look-inside-spike-jonzes-apple-ad-is-as-fascinating-as-the-film-itself/

Search URL Search Domain Scan URL

URL: https://freakshow.fm/fs215-c-groesser
Title: via

Search URL Search Domain Scan URL

URL: https://api.folleon.com/1/files/36/E-Mail_von_Stadt_Gossau.png
Title: an email

Search URL Search Domain Scan URL

URL: http://www.stadtgossau.ch/de/
Title: Gossau

Search URL Search Domain Scan URL

URL: https://www.sg.ch/
Title: the canton of St. Gallen

Search URL Search Domain Scan URL

URL: https://www.amtsblatt.sg.ch/
Title: Amtsblatt

Search URL Search Domain Scan URL

URL: https://twitter.com/wizche/status/984833081168232449
Title: https://twitter.com/wizche/status/984833081168232449

Search URL Search Domain Scan URL

URL: https://research.checkpoint.com/uncovering-drupalgeddon-2/
Title: https://research.checkpoint.com/uncovering-drupalgeddon-2/

Search URL Search Domain Scan URL

URL: https://api.folleon.com/1/files/15/arrow_mockup.png
Title: the gray boxes

Search URL Search Domain Scan URL

URL: http://www.bbc.com/news/technology-43752344
Title: Aaaand again a step towards better privacy and data protection

Search URL Search Domain Scan URL

URL: https://imgur.com/gallery/rpfHvS4
Title: https://imgur.com/gallery/rpfHvS4

Search URL Search Domain Scan URL

URL: https://github.com/nrdvana/CmdlineGL
Title: https://github.com/nrdvana/CmdlineGL

Search URL Search Domain Scan URL

URL: https://blog.fefe.de/?ts=a434e744
Title: https://blog.fefe.de/?ts=a434e744

Search URL Search Domain Scan URL

URL: https://stackoverflow.com/questions/48714879/error-parsing-header-x-xss-protection-google-chrome
Title: might have an issue

Search URL Search Domain Scan URL

URL: https://guides.github.com/features/mastering-markdown/
Title: Markdown

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
folleon.com/ 29 KB
9 KB 403ms
380ms Document
text/html 104.31.67.11
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://folleon.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.67.11 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

60587774adc5341f5efaac71365d41bdce0d4d9f6d21b5dbcf22770dc4a20dfe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /
pragma: no-cache
accept-encoding: gzip, deflate
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
cache-control: no-cache
:authority: folleon.com
:scheme: https
:method: GET
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Tue, 24 Apr 2018 19:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: Express
status: 200
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
set-cookie: __cfduid=d31b22a6c314b2afebf9ddf8d3cb9f9d81524599313; expires=Wed, 24-Apr-19 19:48:33 GMT; path=/; domain=.folleon.com; HttpOnly; Secure
cf-ray: 410b168cecc797c2-FRA
access-control-allow-headers: Authorization, Origin, Accept, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type

GET
H2 200 main.38ed5476.css
folleon.com/static/css/ 65 KB
9 KB 122ms
121ms Stylesheet
text/css 104.31.67.11
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://folleon.com/static/css/main.38ed5476.css

Requested by

Host: folleon.com
URL: https://folleon.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.67.11 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

0b76036be9f4bcba1eed72d56daa0a0518f1056de3709e0aaa0b446b28e82216

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static/css/main.38ed5476.css
pragma: no-cache
cookie: __cfduid=d31b22a6c314b2afebf9ddf8d3cb9f9d81524599313
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: folleon.com
referer: https://folleon.com/
:scheme: https
:method: GET
Referer: https://folleon.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Tue, 24 Apr 2018 19:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-powered-by: Express
status: 200
strict-transport-security: max-age=2592000; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 24 Apr 2018 04:57:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"10478-162f60382c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
access-control-allow-credentials: true
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
cf-ray: 410b168f5fc597c2-FRA
access-control-allow-headers: Authorization, Origin, Accept, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type

GET
H2 200 account_photo_512.jpg
api.folleon.com/1/files/29/ 73 KB
74 KB 440ms
431ms Image
image/jpeg 104.31.67.11
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.folleon.com/1/files/29/account_photo_512.jpg

Requested by

Host: folleon.com
URL: https://folleon.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.67.11 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4f1342508dcec2f3fb6d84fb4b8248698ad0537b31cd59bfc4f541ddd33caa7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /1/files/29/account_photo_512.jpg
pragma: no-cache
cookie: __cfduid=d31b22a6c314b2afebf9ddf8d3cb9f9d81524599313
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: api.folleon.com
referer: https://folleon.com/
:scheme: https
:method: GET
Referer: https://folleon.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Tue, 24 Apr 2018 19:48:34 GMT
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
cf-cache-status: HIT
x-dns-prefetch-control: off
status: 200
strict-transport-security: max-age=2592000; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
x-download-options: noopen
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-credentials: true
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
cf-ray: 410b168f5fd397c2-FRA
access-control-allow-headers: Authorization, Origin, Accept, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type

GET
H2 200 me.png
api.folleon.com/1/files/34/ 70 KB
71 KB 9ms
9ms Image
image/png 104.31.67.11
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.folleon.com/1/files/34/me.png

Requested by

Host: folleon.com
URL: https://folleon.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.67.11 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

687d59e4dfc0ea1cb4088a142f4e1cc6562f9ae612eef0c72009fa400eeb9853

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /1/files/34/me.png
pragma: no-cache
cookie: __cfduid=d31b22a6c314b2afebf9ddf8d3cb9f9d81524599313
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: api.folleon.com
referer: https://folleon.com/
:scheme: https
:method: GET
Referer: https://folleon.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Tue, 24 Apr 2018 19:48:33 GMT
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
cf-cache-status: HIT
x-dns-prefetch-control: off
status: 200
strict-transport-security: max-age=2592000; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
x-download-options: noopen
content-type: image/png
access-control-allow-origin: *
access-control-allow-credentials: true
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
cf-ray: 410b169018d397c2-FRA
access-control-allow-headers: Authorization, Origin, Accept, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type

GET
H2 200 icon_blog.png
api.folleon.com/1/files/31/ 7 KB
8 KB 8ms
8ms Image
image/png 104.31.67.11
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.folleon.com/1/files/31/icon_blog.png

Requested by

Host: folleon.com
URL: https://folleon.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.67.11 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1af286ac242b093d1f7c7efea48f4ae9eaebc6f3da0fb2dcf0ca8071263329bd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /1/files/31/icon_blog.png
pragma: no-cache
cookie: __cfduid=d31b22a6c314b2afebf9ddf8d3cb9f9d81524599313
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: api.folleon.com
referer: https://folleon.com/
:scheme: https
:method: GET
Referer: https://folleon.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Tue, 24 Apr 2018 19:48:33 GMT
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
cf-cache-status: HIT
x-dns-prefetch-control: off
status: 200
strict-transport-security: max-age=2592000; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
x-download-options: noopen
content-type: image/png
access-control-allow-origin: *
access-control-allow-credentials: true
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
cf-ray: 410b169018d497c2-FRA
access-control-allow-headers: Authorization, Origin, Accept, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type

GET
H2 200 main.b2ba4457.js Show response
folleon.com/static/js/ 621 KB
165 KB 111ms
110ms Script
application/javascript 104.31.67.11
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://folleon.com/static/js/main.b2ba4457.js

Requested by

Host: folleon.com
URL: https://folleon.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.67.11 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

afc5ddfadc7a50e5fbc60298adcf0d4bda6d69453aa64410f3c97ddd0a6157f0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static/js/main.b2ba4457.js
pragma: no-cache
cookie: __cfduid=d31b22a6c314b2afebf9ddf8d3cb9f9d81524599313
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: */*
cache-control: no-cache
:authority: folleon.com
referer: https://folleon.com/
:scheme: https
:method: GET
Referer: https://folleon.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Tue, 24 Apr 2018 19:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
x-powered-by: Express
status: 200
strict-transport-security: max-age=2592000; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 24 Apr 2018 04:57:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"9b292-162f60382c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
access-control-allow-credentials: true
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
cf-ray: 410b168f5fc997c2-FRA
access-control-allow-headers: Authorization, Origin, Accept, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type

GET
H2 200 Roboto-Regular.665b409f.woff2
folleon.com/static/media/ 63 KB
64 KB 65ms
63ms Font
application/font-woff2 104.31.67.11
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://folleon.com/static/media/Roboto-Regular.665b409f.woff2

Requested by

Host: folleon.com
URL: https://folleon.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.67.11 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

364103bc6bf5b67d5297c758dd3f07ebdcb05f33d36291cb6d0549fb51e78659

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static/media/Roboto-Regular.665b409f.woff2
pragma: no-cache
cookie: __cfduid=d31b22a6c314b2afebf9ddf8d3cb9f9d81524599313
origin: https://folleon.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: */*
cache-control: no-cache
:authority: folleon.com
referer: https://folleon.com/static/css/main.38ed5476.css
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://folleon.com/static/css/main.38ed5476.css
Origin: https://folleon.com

Response headers

date: Tue, 24 Apr 2018 19:48:33 GMT
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-powered-by: Express
status: 200
strict-transport-security: max-age=2592000; includeSubDomains; preload
vary: Accept-Encoding
content-length: 64752
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 24 Apr 2018 04:57:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"fcf0-162f60382c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=0
access-control-allow-credentials: true
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
accept-ranges: bytes
cf-ray: 410b169018df97c2-FRA
access-control-allow-headers: Authorization, Origin, Accept, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type

GET
H2 200 Roboto-Italic.3b18064c.woff2
folleon.com/static/media/ 69 KB
70 KB 78ms
77ms Font
application/font-woff2 104.31.67.11
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://folleon.com/static/media/Roboto-Italic.3b18064c.woff2

Requested by

Host: folleon.com
URL: https://folleon.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.67.11 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

6f38df01006c0959ec892994c63a66578c4380dd179bcab7f166511df4422922

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static/media/Roboto-Italic.3b18064c.woff2
pragma: no-cache
cookie: __cfduid=d31b22a6c314b2afebf9ddf8d3cb9f9d81524599313
origin: https://folleon.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: */*
cache-control: no-cache
:authority: folleon.com
referer: https://folleon.com/static/css/main.38ed5476.css
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://folleon.com/static/css/main.38ed5476.css
Origin: https://folleon.com

Response headers

date: Tue, 24 Apr 2018 19:48:34 GMT
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-powered-by: Express
status: 200
strict-transport-security: max-age=2592000; includeSubDomains; preload
vary: Accept-Encoding
content-length: 70180
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 24 Apr 2018 04:57:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"11224-162f60382c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=0
access-control-allow-credentials: true
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
accept-ranges: bytes
cf-ray: 410b169018e197c2-FRA
access-control-allow-headers: Authorization, Origin, Accept, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type

GET
H2 200 Roboto-Bold.213e41ae.woff2
folleon.com/static/media/ 63 KB
64 KB 111ms
111ms Font
application/font-woff2 104.31.67.11
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://folleon.com/static/media/Roboto-Bold.213e41ae.woff2

Requested by

Host: folleon.com
URL: https://folleon.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.67.11 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

de6f62c798f4ded375ac0963d17d281254a91029a44209f3b9c68d4d4ec514ed

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /static/media/Roboto-Bold.213e41ae.woff2
pragma: no-cache
cookie: __cfduid=d31b22a6c314b2afebf9ddf8d3cb9f9d81524599313
origin: https://folleon.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: */*
cache-control: no-cache
:authority: folleon.com
referer: https://folleon.com/static/css/main.38ed5476.css
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://folleon.com/static/css/main.38ed5476.css
Origin: https://folleon.com

Response headers

date: Tue, 24 Apr 2018 19:48:34 GMT
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-powered-by: Express
status: 200
strict-transport-security: max-age=2592000; includeSubDomains; preload
vary: Accept-Encoding
content-length: 64804
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 24 Apr 2018 04:57:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"fd24-162f60382c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=0
access-control-allow-credentials: true
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
accept-ranges: bytes
cf-ray: 410b169018e397c2-FRA
access-control-allow-headers: Authorization, Origin, Accept, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type

GET
H2 200 posts Show response
api.folleon.com/1/ 13 KB
6 KB 176ms
156ms XHR
application/json 104.31.67.11
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://api.folleon.com/1/posts?globalFeed

Requested by

Host: folleon.com
URL: https://folleon.com/static/js/main.b2ba4457.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.67.11 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6070a270260ddc1da53d1eeb64b636e897d94454ba1811b9df3457daf8a491e9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /1/posts?globalFeed
pragma: no-cache
origin: https://folleon.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: api.folleon.com
referer: https://folleon.com/
:scheme: https
:method: GET
Accept: application/json, text/plain, */*
Referer: https://folleon.com/
Origin: https://folleon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Tue, 24 Apr 2018 19:48:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
status: 200
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3460-1uoiSTljYTEXHYVxb1zJb/0QF2E"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
x-download-options: noopen
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
set-cookie: __cfduid=d581ec27ef126cb7df96df5427f0853771524599314; expires=Wed, 24-Apr-19 19:48:34 GMT; path=/; domain=.folleon.com; HttpOnly; Secure
cf-ray: 410b16918fe69700-FRA
access-control-allow-headers: Authorization, Origin, Accept, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type

GET
H2 200 Screenshot_20180418-190903.png
api.folleon.com/1/files/42/ 348 KB
349 KB 62ms
61ms Image
image/png 104.31.67.11
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.folleon.com/1/files/42/Screenshot_20180418-190903.png

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.67.11 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a2ae3e64dc61f0396be74d6024034c3edfe84bc60197379f8acae9155b63b1f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /1/files/42/Screenshot_20180418-190903.png
pragma: no-cache
cookie: __cfduid=d31b22a6c314b2afebf9ddf8d3cb9f9d81524599313
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: api.folleon.com
referer: https://folleon.com/
:scheme: https
:method: GET
Referer: https://folleon.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Tue, 24 Apr 2018 19:48:34 GMT
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
cf-cache-status: HIT
x-dns-prefetch-control: off
status: 200
strict-transport-security: max-age=2592000; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
x-download-options: noopen
content-type: image/png
access-control-allow-origin: *
access-control-allow-credentials: true
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
cf-ray: 410b16932c2597c2-FRA
access-control-allow-headers: Authorization, Origin, Accept, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type

GET
H2 200 Screenshot_20180418-172722_Firefox_Klar.jpg
api.folleon.com/1/files/41/ 412 KB
413 KB 15ms
14ms Image
image/jpeg 104.31.67.11
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.folleon.com/1/files/41/Screenshot_20180418-172722_Firefox_Klar.jpg

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.67.11 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a406c61fa879d99036b6689e1ca6cc0f587cc2b4a400ccbe0c2262af8264dcf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /1/files/41/Screenshot_20180418-172722_Firefox_Klar.jpg
pragma: no-cache
cookie: __cfduid=d31b22a6c314b2afebf9ddf8d3cb9f9d81524599313
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: api.folleon.com
referer: https://folleon.com/
:scheme: https
:method: GET
Referer: https://folleon.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Tue, 24 Apr 2018 19:48:34 GMT
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
cf-cache-status: HIT
x-dns-prefetch-control: off
status: 200
strict-transport-security: max-age=2592000; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
x-download-options: noopen
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-credentials: true
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
cf-ray: 410b16932c2797c2-FRA
access-control-allow-headers: Authorization, Origin, Accept, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type

GET
H2 200 Security_issue_with_DemoSCOPE.png
api.folleon.com/1/files/37/ 362 KB
363 KB 45ms
44ms Image
image/png 104.31.67.11
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.folleon.com/1/files/37/Security_issue_with_DemoSCOPE.png

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.67.11 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

75d302ce56b5720ca084b415c505548d443a05964cc91d2c40f42877ba4e17d6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /1/files/37/Security_issue_with_DemoSCOPE.png
pragma: no-cache
cookie: __cfduid=d31b22a6c314b2afebf9ddf8d3cb9f9d81524599313
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: api.folleon.com
referer: https://folleon.com/
:scheme: https
:method: GET
Referer: https://folleon.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Tue, 24 Apr 2018 19:48:34 GMT
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
cf-cache-status: HIT
x-dns-prefetch-control: off
status: 200
strict-transport-security: max-age=2592000; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
x-download-options: noopen
content-type: image/png
access-control-allow-origin: *
access-control-allow-credentials: true
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
cf-ray: 410b16932c2c97c2-FRA
access-control-allow-headers: Authorization, Origin, Accept, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type

GET
H2 200 Stadt_Gossau_will_nur_elektronisch_informieren.png
api.folleon.com/1/files/40/ 87 KB
89 KB 446ms
445ms Image
image/png 104.31.67.11
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.folleon.com/1/files/40/Stadt_Gossau_will_nur_elektronisch_informieren.png

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.67.11 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dae53e89d4b8b905b26c7a8fbe09f6052d9a607e2ef765b599b5dc5a37c80815

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /1/files/40/Stadt_Gossau_will_nur_elektronisch_informieren.png
pragma: no-cache
cookie: __cfduid=d31b22a6c314b2afebf9ddf8d3cb9f9d81524599313
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: api.folleon.com
referer: https://folleon.com/
:scheme: https
:method: GET
Referer: https://folleon.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Tue, 24 Apr 2018 19:48:34 GMT
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-dns-prefetch-control: off
status: 200
strict-transport-security: max-age=2592000; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
x-download-options: noopen
content-type: image/png
access-control-allow-origin: *
access-control-allow-credentials: true
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
cf-ray: 410b16933c4497c2-FRA
access-control-allow-headers: Authorization, Origin, Accept, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| core object| __core-js_shared__ number| 2f1acc6c3a606b082e5eef5e54414ffb

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.folleon.com/	1970-01-19 00:15:35	Name: __cfduid Value: d31b22a6c314b2afebf9ddf8d3cb9f9d81524599313

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://folleon.com/static/js/main.b2ba4457.js(Line 1) Message: Could not read the state from local storage:
console-api	error	URL: https://folleon.com/static/js/main.b2ba4457.js(Line 1) Message: Could not write the state to local storage:
console-api	error	URL: https://folleon.com/static/js/main.b2ba4457.js(Line 1) Message: Could not write the state to local storage:
console-api	error	URL: https://folleon.com/static/js/main.b2ba4457.js(Line 1) Message: Could not write the state to local storage:
console-api	log	URL: https://folleon.com/static/js/main.b2ba4457.js(Line 1) Message: Content is cached for offline use.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' https://checkout.stripe.com; connect-src 'self' https://api.folleon.com wss://api.folleon.com https://checkout.stripe.com; worker-src 'self'; img-src 'self' https://api.folleon.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.folleon.com
folleon.com
104.31.67.11
0b76036be9f4bcba1eed72d56daa0a0518f1056de3709e0aaa0b446b28e82216
1af286ac242b093d1f7c7efea48f4ae9eaebc6f3da0fb2dcf0ca8071263329bd
2a2ae3e64dc61f0396be74d6024034c3edfe84bc60197379f8acae9155b63b1f
364103bc6bf5b67d5297c758dd3f07ebdcb05f33d36291cb6d0549fb51e78659
60587774adc5341f5efaac71365d41bdce0d4d9f6d21b5dbcf22770dc4a20dfe
6070a270260ddc1da53d1eeb64b636e897d94454ba1811b9df3457daf8a491e9
687d59e4dfc0ea1cb4088a142f4e1cc6562f9ae612eef0c72009fa400eeb9853
6f38df01006c0959ec892994c63a66578c4380dd179bcab7f166511df4422922
75d302ce56b5720ca084b415c505548d443a05964cc91d2c40f42877ba4e17d6
7a406c61fa879d99036b6689e1ca6cc0f587cc2b4a400ccbe0c2262af8264dcf
a4f1342508dcec2f3fb6d84fb4b8248698ad0537b31cd59bfc4f541ddd33caa7
afc5ddfadc7a50e5fbc60298adcf0d4bda6d69453aa64410f3c97ddd0a6157f0
dae53e89d4b8b905b26c7a8fbe09f6052d9a607e2ef765b599b5dc5a37c80815
de6f62c798f4ded375ac0963d17d281254a91029a44209f3b9c68d4d4ec514ed

folleon.com Open in urlscan Pro 104.31.67.11 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

1 IPs

1 Countries

1753 kBTransfer

2282 kBSize

1 Cookies

15 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

1 Cookies

5 Console Messages

Security Headers

Indicators

folleon.com Open in urlscan Pro
104.31.67.11 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

1753 kB
Transfer

2282 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions