urlscan.io logo urlscan.io
SecurityTrails logo

my.friday.app Open in urlscan Pro
143.204.98.85  Public Scan

Go To Rescan Add Verdict Report
URL: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuV...
Submission: On October 30 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 20 IPs in 1 countries across 15 domains to perform 47 HTTP transactions. The main IP is 143.204.98.85, located in Seattle, United States and belongs to AMAZON-02, US. The main domain is my.friday.app.
TLS certificate: Issued by Amazon on August 11th 2021. Valid for: a year.
This is the only time my.friday.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 143.204.98.85 16509 (AMAZON-02)
2 142.250.185.202 15169 (GOOGLE)
1 143.204.98.82 16509 (AMAZON-02)
3 143.204.98.3 16509 (AMAZON-02)
6 142.250.185.78 15169 (GOOGLE)
2 157.240.20.19 32934 (FACEBOOK)
1 104.16.19.94 13335 (CLOUDFLAR...)
3 142.250.186.78 15169 (GOOGLE)
2 142.250.185.67 15169 (GOOGLE)
2 157.240.20.35 32934 (FACEBOOK)
2 143.204.98.36 16509 (AMAZON-02)
1 66.102.1.155 15169 (GOOGLE)
2 54.187.119.242 16509 (AMAZON-02)
1 142.250.186.36 15169 (GOOGLE)
1 142.250.186.163 15169 (GOOGLE)
2 52.42.231.203 16509 (AMAZON-02)
3 143.204.98.61 16509 (AMAZON-02)
4 143.204.101.200 16509 (AMAZON-02)
1 142.250.186.74 ()
47 20
7    143.204.98.85 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-85.fra50.r.cloudfront.net
my.friday.app
2    142.250.185.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net
fonts.googleapis.com
1    143.204.98.82 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-82.fra50.r.cloudfront.net
r.wdfl.co
3    143.204.98.3 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-3.fra50.r.cloudfront.net
js.stripe.com
6    142.250.185.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f14.1e100.net
maps.google.com
2    157.240.20.19 (United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-frt3.fbcdn.net
connect.facebook.net
1    104.16.19.94 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
3    142.250.186.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f14.1e100.net
www.google-analytics.com
2    142.250.185.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f3.1e100.net
fonts.gstatic.com
2    157.240.20.35 (United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-frt3.facebook.com
www.facebook.com
2    143.204.98.36 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-36.fra50.r.cloudfront.net
m.stripe.network
1    66.102.1.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wb-in-f155.1e100.net
stats.g.doubleclick.net
2    54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com
q.stripe.com
1    142.250.186.36 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f4.1e100.net
www.google.com
1    142.250.186.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f3.1e100.net
www.google.de
2    52.42.231.203 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-42-231-203.us-west-2.compute.amazonaws.com
m.stripe.com
3    143.204.98.61 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-61.fra50.r.cloudfront.net
beacon-v2.helpscout.net
4    143.204.101.200 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-200.fra50.r.cloudfront.net
d3hb14vkzrxvla.cloudfront.net
1    142.250.186.74 (None, )

ASN- ()
maps.googleapis.com
Domain Requested by
7 my.friday.app my.friday.app
6 maps.google.com my.friday.app
maps.google.com
4 d3hb14vkzrxvla.cloudfront.net cdnjs.cloudflare.com
3 beacon-v2.helpscout.net my.friday.app
beacon-v2.helpscout.net
3 www.google-analytics.com my.friday.app
cdnjs.cloudflare.com
3 js.stripe.com my.friday.app
js.stripe.com
2 m.stripe.com m.stripe.network
2 q.stripe.com my.friday.app
2 m.stripe.network js.stripe.com
m.stripe.network
2 www.facebook.com my.friday.app
2 fonts.gstatic.com fonts.googleapis.com
2 connect.facebook.net my.friday.app
connect.facebook.net
2 fonts.googleapis.com my.friday.app
1 maps.googleapis.com maps.google.com
1 www.google.de my.friday.app
1 www.google.com my.friday.app
1 stats.g.doubleclick.net cdnjs.cloudflare.com
1 cdnjs.cloudflare.com my.friday.app
1 r.wdfl.co my.friday.app
47 19

This site contains no links.

Subject Issuer Validity Valid
*.friday.app
Amazon		 2021-08-11 -
2022-09-09		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-10-04 -
2021-12-27		 3 months crt.sh
r.wdfl.co
Amazon		 2020-12-02 -
2021-12-31		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2021-10-21 -
2022-02-02		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-10-04 -
2021-12-27		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-08-08 -
2021-11-06		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-09-21 -
2022-09-20		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-10-04 -
2021-12-27		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-10-04 -
2021-12-27		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-10-04 -
2021-12-27		 3 months crt.sh
*.stripe.com
DigiCert SHA2 Secure Server CA		 2021-09-08 -
2022-09-07		 a year crt.sh
www.google.com
GTS CA 1C3		 2021-10-04 -
2021-12-27		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-10-04 -
2021-12-27		 3 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-20 -
2022-02-02		 3 months crt.sh
*.helpscout.net
Amazon		 2021-04-25 -
2022-05-24		 a year crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh

This page contains 3 frames:

Primary Page: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Frame ID: 532573579796843CBEE122D460C0DBF9
Requests: 38 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html
Frame ID: CB974F5E60EF2F17940D502FE9D048C1
Requests: 2 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: A15F317BFD005A2052D4F70883F85E6D
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Friday

Page Statistics

47
Requests

98 %
HTTPS

0 %
IPv6

15
Domains

19
Subdomains

20
IPs

1
Countries

3346 kB
Transfer

12132 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

47 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
my.friday.app/ 		11 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-85.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d0f1ce92b5948a1a4337387597f7dc1f056cbd3c6a4ee01d3390addcbacbaaf4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-type
text/html
last-modified
Fri, 29 Oct 2021 16:35:05 GMT
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-security-policy
default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
referrer-policy
origin
content-encoding
gzip
date
Sat, 30 Oct 2021 00:10:44 GMT
cache-control
max-age=3600
etag
W/"cce57a31a108998d83cd83ae14f4f181"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
dw2pU9uy7gshMw6d1Nnbr910j8gAQqnKUbgMl5r-Q85JV8C4Q8OMYA==
icon
fonts.googleapis.com/ 		569 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: my.friday.app
URL: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f10.1e100.net
Software
ESF /
Resource Hash
bd54d3dc95cf10c02ae9f22ec9e0d584284f02c241478074e4caadf5a8f49e6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 00:10:44 GMT
server
ESF
date
Sat, 30 Oct 2021 00:10:44 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires
Sat, 30 Oct 2021 00:10:44 GMT
rw.js
r.wdfl.co/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.wdfl.co/rw.js
Requested by
Host: my.friday.app
URL: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-82.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
573daf0aaf4913b33e9abd520d0436f65bdbf6237d15feb6ca43387f556e1a3f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 30 Oct 2021 00:10:37 GMT
content-encoding
gzip
last-modified
Wed, 27 Oct 2021 22:09:49 GMT
server
AmazonS3
age
28
etag
W/"e0e35447d722fa9a57bef21be7b44d3f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
KsqT09Dc-cKTvhzjtQx3fGyvBW6JtlbhtWYK2NYlmI4st7BunEyc8Q==
/
js.stripe.com/v3/ 		264 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: my.friday.app
URL: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.3 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-3.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
02d8d2f855650796fbd318fc7608b4e224e3c16a303b5d1d898dd40484ceb56c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 30 Oct 2021 00:10:43 GMT
content-encoding
gzip
age
3
x-amz-meta-cache-control
max-age=300
x-cache
Hit from cloudfront
x-amz-meta-metadata-headers-enabled
true
x-amz-meta-vary
Accept-Encoding
last-modified
Fri, 29 Oct 2021 00:22:18 GMT
x-amz-meta-access-control-allow-origin
*
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-amz-request-id
P7ATN7ZVD6APRGRW
x-amz-id-2
LJ5TueS4m4e6uTdhv60nyf623Shn5hKfumk5cwnbsiwVRiFxPhktBKZRUgrjQUvB5YHKov+Aux0=
access-control-allow-origin
*
x-amz-meta-timing-allow-origin
*
server
AmazonS3
x-amz-meta-strict-transport-security
max-age=31556926; includeSubDomains; preload
etag
W/"0c84be7f1ce80168dc3e99deb4b58fa9"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 f7b7cf90592cf6a380fd34cc45e9c4b5.cloudfront.net (CloudFront)
cache-control
max-age=60
content-security-policy
default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
1UULY8ySvxji2zPcEaOzt3zT7HKxkAKn5EM62IpZJVYtx1U6Tgm16g==
x-amz-meta-x-content-type-options
nosniff
js
maps.google.com/maps/api/ 		152 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps/api/js?key=AIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&libraries=places
Requested by
Host: my.friday.app
URL: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f14.1e100.net
Software
mafe /
Resource Hash
483dba7044bc964ad20047cb3fd72aeb13024b27683a6f6f15e45c19863656e3
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 30 Oct 2021 00:10:45 GMT
content-encoding
gzip
vary
Accept-Language
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
server-timing
gfet4t7; dur=23
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
50878
x-xss-protection
0
expires
Sat, 30 Oct 2021 00:40:45 GMT
2.8e8e9778.chunk.css
my.friday.app/static/css/ 		61 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.friday.app/static/css/2.8e8e9778.chunk.css
Requested by
Host: my.friday.app
URL: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-85.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
55f98f481b49fd9746dd5bbd2da3e00e14fcb38bc85a6d18e02c686e2560a1f7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
3066
x-cache
Hit from cloudfront
date
Fri, 29 Oct 2021 23:19:39 GMT
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 29 Oct 2021 16:35:05 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"5c35d7352899efa7721ad06453daf304"
vary
Accept-Encoding
content-type
text/css
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control
max-age=3600
content-security-policy
default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
qjMVNSUfbRBAQfxJpVOAYQMfINQe6jvtiyEwTOelEry2jgB6TTADiQ==
main.7ece0175.chunk.css
my.friday.app/static/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.friday.app/static/css/main.7ece0175.chunk.css
Requested by
Host: my.friday.app
URL: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-85.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c8bbe715224845fc6da2525dbeabe3e1ac727dc6958d7e034d0d99d4398053da
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
3066
x-cache
Hit from cloudfront
date
Fri, 29 Oct 2021 23:19:39 GMT
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 29 Oct 2021 16:35:05 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"8c1724c85add07d7696feae1bc878930"
vary
Accept-Encoding
content-type
text/css
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control
max-age=3600
content-security-policy
default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
IruOJq6CqHMvkOGgV_x7hzAvJDfx-Ymhe0qkh7sI-eeg1LRDjh1nGw==
2.e957c97a.chunk.js
my.friday.app/static/js/ 		7 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.friday.app/static/js/2.e957c97a.chunk.js
Requested by
Host: my.friday.app
URL: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-85.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
aa4bbe15fcb1e709ceed7516ac764941cf92383d72ee9bf2f4f40b939917b03c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA50-C1
x-cache
Hit from cloudfront
date
Sat, 30 Oct 2021 00:10:44 GMT
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 29 Oct 2021 16:35:05 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"9289b8041b000adf70be8a0e4de3f3b2"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control
max-age=3600
content-security-policy
default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
x-amz-cf-id
HNTBGKjmGrHUSj3idQMNLKU3VlwlRhPnTCL4B5mvEz7JaOTREgsWAA==
main.d6e53394.chunk.js
my.friday.app/static/js/ 		2 MB
659 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.friday.app/static/js/main.d6e53394.chunk.js
Requested by
Host: my.friday.app
URL: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-85.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d498f8114f63c0924c5feb758275060e2439d7aa61d4d0c9d3e6e21bed4388bc
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA50-C1
x-cache
Hit from cloudfront
date
Sat, 30 Oct 2021 00:10:44 GMT
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 29 Oct 2021 16:35:05 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"6d1b365f21c70a974cb6eaf96e3a9106"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control
max-age=3600
content-security-policy
default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
x-amz-cf-id
18It2dAfVvbjUyVUbnTKOGylfRS25h0H7Ty2xPWneWexjL-a6AppLw==
fbevents.js
connect.facebook.net/en_US/ 		98 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: my.friday.app
URL: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.20.19 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-frt3.fbcdn.net
Software
/
Resource Hash
cc21d5a9e609b2997b4f9c3a5b520216e5ef6522c656b81b6105c9b62a8fcc5b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
25967
x-xss-protection
0
pragma
public
x-fb-debug
Q49f4XM+Bp27xsSXT6aE6SmB09l1Zc/bYAh7/sENIoXh+3H8sN5N1WDch70SQy1vMM1aomPTQ896C5K2fz7Row==
x-fb-trip-id
686109401
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Sat, 30 Oct 2021 00:10:45 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
rollbar.min.js
cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/ 		73 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/rollbar.min.js
Requested by
Host: my.friday.app
URL: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.19.94 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
976276e6b8e6b093abfe1a756a4efec5b0faec3710523c28ddaeff6a0dd6ec0a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://my.friday.app/
Origin
https://my.friday.app
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 30 Oct 2021 00:10:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
744583
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
19937
timing-allow-origin
*
last-modified
Fri, 24 Jul 2020 00:32:32 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f1a2c20-1247c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BkPnqUFcYETooqRzuqO7PfkIgurFbm4rB6v2yR3wz%2FqzkQ%2BF9ON8u97sX2rq4AaJMEEM8SfEEabG8ip2GFr5n%2BpYw7uZeqFk%2Fu4eYCD9gvNT8BIRNADggp3EYncaXMVaw7q%2FOhtB"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6a606c1ffa9afaf6-DUS
expires
Thu, 20 Oct 2022 00:10:45 GMT
css
fonts.googleapis.com/ 		4 KB
612 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=DM+Sans:400,400i,500,500i,700,700i&display=swap
Requested by
Host: my.friday.app
URL: https://my.friday.app/static/css/main.7ece0175.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f10.1e100.net
Software
ESF /
Resource Hash
13749f5c9699919bdb871c3d5084a838e1aa64867a65e3ab58d87e4401c2c0da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 23:44:23 GMT
server
ESF
date
Sat, 30 Oct 2021 00:10:45 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires
Sat, 30 Oct 2021 00:10:45 GMT
1253764815065465
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1253764815065465?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.20.19 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-frt3.fbcdn.net
Software
/
Resource Hash
c6533c8b1fb5b46a289a0ed8122ec1eeeefc28d0628e7c7d5b0219fb6a38d648
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
1eszHHDXM+1Ddp1kQf63JFzop+lxjpGB49m/VwWSwD9aHJ2YWKJosLybENWimSa+JWpxPCwFkcuO6Odmow1Ycg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Sat, 30 Oct 2021 00:10:45 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
common.js
maps.google.com/maps-api-v3/api/js/46/11/intl/de_ALL/ 		77 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/46/11/intl/de_ALL/common.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?key=AIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f14.1e100.net
Software
sffe /
Resource Hash
9d96ff4f1cf3939a19a9bf79c7bbd035753e8bd5f2cf8a0b49267d3196c70f2c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 18:57:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
191593
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28839
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 18:48:21 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="maps-api-js"
expires
Thu, 27 Oct 2022 18:57:32 GMT
util.js
maps.google.com/maps-api-v3/api/js/46/11/intl/de_ALL/ 		295 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/46/11/intl/de_ALL/util.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?key=AIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f14.1e100.net
Software
sffe /
Resource Hash
62c088bd6e4ab63ad1613aa47036e723560ee2a05d916b8cbbe230d44ac65df0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 18:57:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
191593
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
92440
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 18:48:21 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="maps-api-js"
expires
Thu, 27 Oct 2022 18:57:32 GMT
controls.js
maps.google.com/maps-api-v3/api/js/46/11/intl/de_ALL/ 		92 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/46/11/intl/de_ALL/controls.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?key=AIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f14.1e100.net
Software
sffe /
Resource Hash
6fcd3b55a02c2ba27c82c142cbe3166076d31be5425a1b9335f5c94fd3dbd413
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 18:58:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
191557
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28231
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 18:48:21 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="maps-api-js"
expires
Thu, 27 Oct 2022 18:58:08 GMT
places_impl.js
maps.google.com/maps-api-v3/api/js/46/11/intl/de_ALL/ 		51 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/46/11/intl/de_ALL/places_impl.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?key=AIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f14.1e100.net
Software
sffe /
Resource Hash
914c9d22c7d7d69741ac11c93645bfc000aa807a9aa0f4a775a046f28a8aa88e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 18:59:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
191447
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18998
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 18:48:21 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="maps-api-js"
expires
Thu, 27 Oct 2022 18:59:58 GMT
geocoder.js
maps.google.com/maps-api-v3/api/js/46/11/intl/de_ALL/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/46/11/intl/de_ALL/geocoder.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?key=AIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f14.1e100.net
Software
sffe /
Resource Hash
7c7b6e7ec82afa6307a934a46304eaa72f982c07b835642a2e1b484de4fa1143
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 18:58:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
191532
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1775
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 18:48:21 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="maps-api-js"
expires
Thu, 27 Oct 2022 18:58:33 GMT
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: my.friday.app
URL: https://my.friday.app/static/js/2.e957c97a.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 26 Oct 2021 23:24:02 GMT
server
Golfe2
age
579
date
Sat, 30 Oct 2021 00:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Sat, 30 Oct 2021 02:01:06 GMT
truncated
/ 		38 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/webp
new-wordmark.88b8d73d.svg
my.friday.app/static/media/ 		6 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.friday.app/static/media/new-wordmark.88b8d73d.svg
Requested by
Host: my.friday.app
URL: https://my.friday.app/users/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-85.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a5276794b3e250a74001b6e048b7f13d0c864019cdfd35ba7db738fbfbf5132b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
3058
x-cache
Hit from cloudfront
date
Fri, 29 Oct 2021 23:19:48 GMT
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 29 Oct 2021 16:35:05 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"5181e4bb793c407ca07a9aec3147fc9e"
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control
max-age=3600
content-security-policy
default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
uC5MctyEvn5B6Ci5fNMMEOM1r1W7CtEJnSqrr6TTMtcu-J-pTZi7wA==
today.541fb303.png
my.friday.app/static/media/ 		169 KB
171 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.friday.app/static/media/today.541fb303.png
Requested by
Host: my.friday.app
URL: https://my.friday.app/users/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-85.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
144d18968c420ef8e9d696727bca41a03cc2b1cc6ac269b27c431ce6239c7aa4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/users/sign_in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy
default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA50-C1
x-cache
RefreshHit from cloudfront
date
Sat, 30 Oct 2021 00:10:46 GMT
content-length
173194
x-xss-protection
1; mode=block
referrer-policy
origin
last-modified
Fri, 29 Oct 2021 16:35:06 GMT
server
AmazonS3
x-frame-options
DENY
etag
"949fc02f2ab0275237c4e399ff109ceb"
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=3600
x-amz-cf-id
0ScJOUU5_FuERhI8ia50jfFW4FsUAHlTMLJOA2v2FwJ327953e9rKQ==
2c582646-9685-4bee-b953-8ed577da58fc
https://my.friday.app/ 		7 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://my.friday.app/2c582646-9685-4bee-b953-8ed577da58fc
Requested by
Host: my.friday.app
URL: https://my.friday.app/users/sign_in
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
85d93ad1b553fdcec1439466ac02092cdc62e0250f2e2a1d11d779cc8a75f1e5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Length
7679
m-outer-f7902241893e7a497417843cb15dc858.html
js.stripe.com/v3/ Frame CB97 		240 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.3 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-3.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1969520bd7b0ea7b84b1cbdda4a8ae93c321abe6eaeff82b5fa496680bf88a0f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none';
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/

Response headers

content-type
text/html; charset=utf-8
content-length
240
x-amz-id-2
FqXR8znoRvgK4ZFhoEYA2OR/hB9HKLwKfZPKpxk6dKXJJsEtSV3v1HtfVkRuNJXWBdwW+AMg7hw=
x-amz-request-id
QM745D1G71Q46BKT
last-modified
Wed, 27 Oct 2021 22:19:31 GMT
x-amz-meta-access-control-allow-origin
*
x-amz-meta-x-content-type-options
nosniff
x-amz-meta-cache-control
max-age=31536000
x-amz-meta-strict-transport-security
max-age=31556926; includeSubDomains; preload
x-amz-meta-metadata-headers-enabled
true
x-amz-meta-content-security-policy
default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report
x-amz-meta-timing-allow-origin
*
x-amz-meta-vary
Accept-Encoding
accept-ranges
bytes
server
AmazonS3
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
access-control-allow-origin
*
content-security-policy
default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none';
date
Sat, 30 Oct 2021 00:10:41 GMT
cache-control
max-age=60
etag
"f7902241893e7a497417843cb15dc858"
x-cache
Hit from cloudfront
via
1.1 f7b7cf90592cf6a380fd34cc45e9c4b5.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
q4vEkwwzvKuSY8iseFBQcMRXImxI_c_ged_sYfKZQsYnbgcN1NJtQw==
age
4
rP2Cp2ywxg089UriAWCrCBimCw.woff2
fonts.gstatic.com/s/dmsans/v6/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/dmsans/v6/rP2Cp2ywxg089UriAWCrCBimCw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=DM+Sans:400,400i,500,500i,700,700i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
8d3411c961b332008c61452f483ada3da4cd0fd06cc264c7f2facfb01bc4b1d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://my.friday.app
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 29 Oct 2021 02:58:09 GMT
x-content-type-options
nosniff
age
76356
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18296
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:00:23 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 29 Oct 2022 02:58:09 GMT
rP2Hp2ywxg089UriCZOIHQ.woff2
fonts.gstatic.com/s/dmsans/v6/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/dmsans/v6/rP2Hp2ywxg089UriCZOIHQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=DM+Sans:400,400i,500,500i,700,700i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
951a3b8ec1c6a0ae2767a3bb90ba6995397c5d13bd7ff79ea0bc87529b8024ea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://my.friday.app
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 28 Oct 2021 22:54:53 GMT
x-content-type-options
nosniff
age
90952
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18076
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:00:18 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Fri, 28 Oct 2022 22:54:53 GMT
/
www.facebook.com/tr/ 		44 B
424 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1253764815065465&ev=PageView&dl=https%3A%2F%2Fmy.friday.app%2Fusers%2Fsign_in&rl=&if=false&ts=1635552645943&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1635552645942.1260011072&it=1635552645145&coo=false&rqm=GET
Requested by
Host: my.friday.app
URL: https://my.friday.app/users/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.20.35 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-frt3.facebook.com
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 30 Oct 2021 00:10:45 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Sat, 30 Oct 2021 00:10:45 GMT
m-outer-639174098ea8fe7fede6fa654790e8ec.js
js.stripe.com/v3/fingerprinted/js/ Frame CB97 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-639174098ea8fe7fede6fa654790e8ec.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.3 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-3.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6b5402ff8932ed835d39a31b75c6bc737a80f6ddcd6269a1fa53556485ca3ad8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-meta-cache-control
max-age=300
content-encoding
gzip
age
14
x-cache
Hit from cloudfront
x-amz-meta-metadata-headers-enabled
true
x-amz-meta-vary
Accept-Encoding
date
Sat, 30 Oct 2021 00:10:32 GMT
last-modified
Mon, 25 Oct 2021 19:35:20 GMT
x-amz-meta-access-control-allow-origin
*
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-amz-request-id
4R9XKSGJ4PF1Z3DP
x-amz-id-2
wxzITH25NP7kKPAakFT55FPvLeqmr2dNXB26h3nfd8usZ7v+zKUkADUDZd4CzaDY2aGPmL/c2kc=
access-control-allow-origin
*
x-amz-meta-timing-allow-origin
*
server
AmazonS3
x-amz-meta-strict-transport-security
max-age=31556926; includeSubDomains; preload
etag
W/"5213886b88cd72e6d0aebc89868e5d13"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 f7b7cf90592cf6a380fd34cc45e9c4b5.cloudfront.net (CloudFront)
cache-control
max-age=60
content-security-policy
default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
46y8UYENi1Ussun6zwNycMuyrDhm-Y4aQ8YzUdx-jk7kXKUxuYG9Rg==
x-amz-meta-x-content-type-options
nosniff
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=200470174&t=pageview&_s=1&dl=https%3A%2F%2Fmy.friday.app%2Fusers%2Fsign_in&dp=%2F&ul=en-us&de=windows-1252&dt=Friday&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1644746929&gjid=844542903&cid=2054521462.1635552646&tid=UA-72003232-1&_gid=1062344739.1635552646&_r=1&_slc=1&z=697157197
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/rollbar.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://my.friday.app/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 30 Oct 2021 00:10:45 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://my.friday.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j93&a=200470174&t=pageview&_s=2&dl=https%3A%2F%2Fmy.friday.app%2Fusers%2Fsign_in&dp=%2Fusers%2Fsign_in&ul=en-us&de=windows-1252&dt=Friday&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=&gjid=&cid=2054521462.1635552646&tid=UA-72003232-1&_gid=1062344739.1635552646&z=1996614043
Requested by
Host: my.friday.app
URL: https://my.friday.app/users/sign_in
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 29 Oct 2021 13:19:03 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
39102
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
inner.html
m.stripe.network/ Frame A15F 		932 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-639174098ea8fe7fede6fa654790e8ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-36.fra50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd
Security Headers
Name Value
Content-Security-Policy connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://js.stripe.com/

Response headers

content-type
text/html; charset=utf-8
content-length
932
date
Sat, 30 Oct 2021 00:05:58 GMT
accept-ranges
bytes
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
x-content-type-options
nosniff
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://m.stripe.com; default-src 'none'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; script-src 'self' 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw='; style-src 'self'; report-uri https://q.stripe.com/csp-report
cache-control
max-age=300, public
content-security-policy
connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
sKUaAiRS2wP_t7gqYWh4p0X4wlG1O8SSdyj9jHYIjlAHm3XwBEgxng==
age
289
collect
stats.g.doubleclick.net/j/ 		4 B
441 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-72003232-1&cid=2054521462.1635552646&jid=1644746929&gjid=844542903&_gid=1062344739.1635552646&_u=YEBAAEAAAAAAAC~&z=1074946848
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.102.1.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wb-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://my.friday.app/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sat, 30 Oct 2021 00:10:46 GMT
content-type
text/plain
access-control-allow-origin
https://my.friday.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
csp-report
q.stripe.com/ Frame A15F 		0
120 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: my.friday.app
URL: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://m.stripe.network/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sat, 30 Oct 2021 00:10:46 GMT
x-envoy-upstream-service-time
1
server
nginx
content-length
0
strict-transport-security
max-age=31556926; includeSubDomains; preload
csp-report
q.stripe.com/ Frame A15F 		0
121 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: my.friday.app
URL: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://m.stripe.network/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sat, 30 Oct 2021 00:10:46 GMT
x-envoy-upstream-service-time
1
server
nginx
content-length
0
strict-transport-security
max-age=31556926; includeSubDomains; preload
out-4.5.41.js
m.stripe.network/ Frame A15F 		85 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.41.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-36.fra50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 30 Oct 2021 00:06:35 GMT
content-encoding
br
x-content-type-options
nosniff
server
Cloudfront
age
252
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=300, public
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
vary
Accept-Encoding,Accept-Encoding
x-amz-cf-id
srpkYWIoKhspsjztkjhXmV-zS5SEQy5BnZraIN2g9v44KQ46Hq0G3A==
ga-audiences
www.google.com/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-72003232-1&cid=2054521462.1635552646&jid=1644746929&_u=YEBAAEAAAAAAAC~&z=423239127
Requested by
Host: my.friday.app
URL: https://my.friday.app/users/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Oct 2021 00:10:46 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-72003232-1&cid=2054521462.1635552646&jid=1644746929&_u=YEBAAEAAAAAAAC~&z=423239127
Requested by
Host: my.friday.app
URL: https://my.friday.app/users/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Oct 2021 00:10:46 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
6
m.stripe.com/ Frame A15F 		156 B
517 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.41.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.42.231.203 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-42-231-203.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
3aabfe6737b2356a7f567f2e61b5203ebd070087149435a467be75c813be73d7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 30 Oct 2021 00:10:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Accept-Encoding
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
strict-transport-security
max-age=31556926; includeSubDomains; preload
access-control-allow-headers
Content-Type
/
beacon-v2.helpscout.net/ 		293 B
626 B 		Script
General
Check archive.org
Download Go to
Full URL
https://beacon-v2.helpscout.net/
Requested by
Host: my.friday.app
URL: https://my.friday.app/?vero_conv=UCz3yX9QZ7jieMGhn-Z1yzLiYfcH6_IuFAXGLBS1ZyduoxmqVPVs3jasbAL38Jvj6LRmR7s6etwXVbmYqZSuVLVJkFtmBdL7WxVVynPQ9wA=&vero_id=186007
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.61 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-61.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a08b5b49f425ccaf260b57c66bfb00a4557a57854452b8f6225e0c7c1eab0073

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 30 Oct 2021 00:10:41 GMT
content-encoding
gzip
last-modified
Thu, 21 Oct 2021 10:42:41 GMT
server
AmazonS3
age
9
etag
"c21ba4a011f18bb77a3a918ed59a21ec"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 1d87c34bb2f20fda8e0841bc33179769.cloudfront.net (CloudFront)
cache-control
max-age=120, s-maxage=120, public
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
242
x-amz-cf-id
_E-WPvBgUoMIDa5XRtgu5TEPtRUqrTR-lbX2AhT3pt86P3itO8Pzng==
vendor.010d7a5e.js
beacon-v2.helpscout.net/static/js/ 		701 KB
196 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://beacon-v2.helpscout.net/static/js/vendor.010d7a5e.js
Requested by
Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.61 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-61.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a074af155394fb0b3d5ed8bb8204dfb6450cbf6278c785da41237df21f685675

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 29 Oct 2021 22:42:56 GMT
content-encoding
gzip
last-modified
Thu, 21 Oct 2021 10:42:42 GMT
server
AmazonS3
age
5271
etag
"378eb5b9501b31ce45c3d9dfd48250e2"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 1d87c34bb2f20fda8e0841bc33179769.cloudfront.net (CloudFront)
cache-control
max-age=315360000, s-maxage=7200, public
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
199654
x-amz-cf-id
Wt3l9bVGq--Kr6Zq1XnMO2rgQHpTEDP_t-j2BFym8jG__T1RC6UedQ==
main.aa5db19a.js
beacon-v2.helpscout.net/static/js/ 		256 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://beacon-v2.helpscout.net/static/js/main.aa5db19a.js
Requested by
Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.61 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-61.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7bcaeb9ab4d9901f116a979aba4b149a5e47095310707565586558034d51f63b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 29 Oct 2021 23:43:56 GMT
content-encoding
gzip
last-modified
Thu, 21 Oct 2021 10:42:42 GMT
server
AmazonS3
age
1612
etag
"5314d04c2594fd78c108a4c0e7d70d1f"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 1d87c34bb2f20fda8e0841bc33179769.cloudfront.net (CloudFront)
cache-control
max-age=315360000, s-maxage=7200, public
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
65285
x-amz-cf-id
lU42GrNcdCMMAjG9Xjuepe3VJXcItjhaakdqd-5JtdpYIVi70YSJRQ==
e58ed224-f22d-43af-b700-204812e1f325
d3hb14vkzrxvla.cloudfront.net/v1/ 		6 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d3hb14vkzrxvla.cloudfront.net/v1/e58ed224-f22d-43af-b700-204812e1f325
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.200 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-200.fra50.r.cloudfront.net
Software
/
Resource Hash
758e458fb2e7c412a9214541bde1aeb710e74c8715fdaa81cadaa93de7a4e3a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

correlationId
77234e85-50fd-4a7d-ae16-3ceba519aaf7
Helpscout-Release
2.1.96
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://my.friday.app/
Beacon-Device-ID
98232c61-0182-4b12-b999-5c6117ec6ec3
Helpscout-Origin
Beacon-Embed

Response headers

date
Sat, 30 Oct 2021 00:10:46 GMT
via
1.1 5317564e96c9dceb46123f6c5f149a03.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-ratelimit-remaining-general-minute
150
x-cache
Miss from cloudfront
x-ratelimit-remaining-identify-hour
50
x-ratelimit-limit-general-minute
150
x-ratelimit-remaining-conversations-hour
25
x-ratelimit-limit-identify-hour
50
x-ratelimit-remaining-chat-tokens-hour
50
x-ratelimit-limit-conversations-hour
25
vary
Origin,Access-Control-Request-Method
strict-transport-security
max-age=31536000; includeSubDomains
x-ratelimit-remaining-attachments-hour
25
access-control-allow-origin
https://my.friday.app
access-control-expose-headers
Resource-ID
cache-control
max-age=300
access-control-allow-credentials
true
content-type
application/json
x-amz-cf-id
fKdkXYbzJTs4wPbnWxW5n82_bFC4XdY-ZGO8QCXvhaC9PJx4qGpf1g==
x-ratelimit-limit-attachments-hour
25
x-ratelimit-limit-chat-tokens-hour
50
e58ed224-f22d-43af-b700-204812e1f325
d3hb14vkzrxvla.cloudfront.net/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://d3hb14vkzrxvla.cloudfront.net/v1/e58ed224-f22d-43af-b700-204812e1f325
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.200 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-200.fra50.r.cloudfront.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
beacon-device-id,correlationid,helpscout-origin,helpscout-release
Origin
https://my.friday.app
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
date
Sat, 30 Oct 2021 00:10:46 GMT
access-control-allow-origin
https://my.friday.app
access-control-allow-methods
GET
access-control-allow-headers
beacon-device-id, correlationid, helpscout-origin, helpscout-release
access-control-allow-credentials
true
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-ratelimit-limit-conversations-hour
25
x-ratelimit-remaining-conversations-hour
25
x-ratelimit-limit-identify-hour
50
x-ratelimit-remaining-identify-hour
50
x-ratelimit-limit-chat-tokens-hour
50
x-ratelimit-remaining-chat-tokens-hour
50
x-ratelimit-limit-general-minute
150
x-ratelimit-remaining-general-minute
150
x-ratelimit-limit-attachments-hour
25
x-ratelimit-remaining-attachments-hour
25
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin,Access-Control-Request-Method
x-cache
Miss from cloudfront
via
1.1 5317564e96c9dceb46123f6c5f149a03.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
Q3oguhpvrrzNvwiHITbzKzg2IQn6ZRRMgI9pRD9G8QvzUxxKf0UCMQ==
agents
d3hb14vkzrxvla.cloudfront.net/v1/e58ed224-f22d-43af-b700-204812e1f325/ 		390 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d3hb14vkzrxvla.cloudfront.net/v1/e58ed224-f22d-43af-b700-204812e1f325/agents
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.200 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-200.fra50.r.cloudfront.net
Software
/
Resource Hash
5973bacb967256014b11cba8e58a3a6e2801f2bd059067360cf58bd6b02a1d12
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

correlationId
92fc1375-22b3-4582-a9e1-fd29183ac96b
Helpscout-Release
2.1.96
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://my.friday.app/
Beacon-Device-ID
98232c61-0182-4b12-b999-5c6117ec6ec3
Helpscout-Origin
Beacon-Embed

Response headers

date
Sat, 30 Oct 2021 00:10:46 GMT
via
1.1 5317564e96c9dceb46123f6c5f149a03.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-ratelimit-remaining-general-minute
150
x-cache
Miss from cloudfront
x-ratelimit-remaining-identify-hour
50
x-ratelimit-limit-general-minute
150
x-ratelimit-remaining-conversations-hour
25
x-ratelimit-limit-identify-hour
50
x-ratelimit-remaining-chat-tokens-hour
50
x-ratelimit-limit-conversations-hour
25
vary
Origin,Access-Control-Request-Method
strict-transport-security
max-age=31536000; includeSubDomains
x-ratelimit-remaining-attachments-hour
25
access-control-allow-origin
https://my.friday.app
access-control-expose-headers
Resource-ID
cache-control
max-age=600
access-control-allow-credentials
true
content-type
application/json
x-amz-cf-id
7WVrcBp7BvQLc9sOGDIpU_pxciSWBtBoaaFXd8J1tx-ptUxVOk3jOw==
x-ratelimit-limit-attachments-hour
25
x-ratelimit-limit-chat-tokens-hour
50
agents
d3hb14vkzrxvla.cloudfront.net/v1/e58ed224-f22d-43af-b700-204812e1f325/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://d3hb14vkzrxvla.cloudfront.net/v1/e58ed224-f22d-43af-b700-204812e1f325/agents
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.200 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-200.fra50.r.cloudfront.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
beacon-device-id,correlationid,helpscout-origin,helpscout-release
Origin
https://my.friday.app
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
date
Sat, 30 Oct 2021 00:10:46 GMT
access-control-allow-origin
https://my.friday.app
access-control-allow-methods
GET
access-control-allow-headers
beacon-device-id, correlationid, helpscout-origin, helpscout-release
access-control-expose-headers
Resource-ID
access-control-allow-credentials
true
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-ratelimit-limit-conversations-hour
25
x-ratelimit-remaining-conversations-hour
25
x-ratelimit-limit-identify-hour
50
x-ratelimit-remaining-identify-hour
50
x-ratelimit-limit-chat-tokens-hour
50
x-ratelimit-remaining-chat-tokens-hour
50
x-ratelimit-limit-general-minute
150
x-ratelimit-remaining-general-minute
150
x-ratelimit-limit-attachments-hour
25
x-ratelimit-remaining-attachments-hour
25
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin,Access-Control-Request-Method
x-cache
Miss from cloudfront
via
1.1 5317564e96c9dceb46123f6c5f149a03.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
syysYRDEFXKBN7mtOswZNtjlJOhQHNhRr8c2nqgGErnzhzoIDivxiA==
/
www.facebook.com/tr/ 		44 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1253764815065465&ev=Microdata&dl=https%3A%2F%2Fmy.friday.app%2Fusers%2Fsign_in&rl=&if=false&ts=1635552647446&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Friday%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1635552645942.1260011072&it=1635552645145&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.20.35 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-frt3.facebook.com
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 30 Oct 2021 00:10:47 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
expires
Sat, 30 Oct 2021 00:10:47 GMT
AuthenticationService.Authenticate
maps.googleapis.com/maps/api/js/ 		62 B
457 B 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fmy.friday.app%2Fusers%2Fsign_in&4sAIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&callback=_xdc_._hsbobv&key=AIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&token=101647
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps-api-v3/api/js/46/11/intl/de_ALL/common.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.74 -, , ASN (),
Reverse DNS
Software
mafe /
Resource Hash
4d748ec4ab499246eb0f580de7977d3da21550922258a755ff2df11258ea962d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Oct 2021 00:10:50 GMT
content-encoding
gzip
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment
server-timing
gfet4t7; dur=37
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
6
m.stripe.com/ Frame A15F 		156 B
515 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.41.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.42.231.203 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-42-231-203.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
3aabfe6737b2356a7f567f2e61b5203ebd070087149435a467be75c813be73d7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 30 Oct 2021 00:10:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Accept-Encoding
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
strict-transport-security
max-age=31556926; includeSubDomains; preload
access-control-allow-headers
Content-Type

Verdicts & Comments Add Verdict or Comment

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler string| _rwq function| rewardful function| Beacon function| fbq function| _fbq boolean| _rewardful_loaded function| Rewardful object| google object| module$exports$mapsapi$util$event object| module$contents$mapsapi$overlay$overlayView_OverlayView object| _rollbarConfig object| _rollbarShims object| _rollbarWrappedError function| _rollbarURH object| Rollbar function| rollbar function| setCookie function| getCookie object| webpackJsonpfriday number| _rollbarStartTime boolean| _rollbarDidLoad boolean| _rollbarInitialized object| __webpackStripeJSv3Jsonp function| Stripe function| setImmediate function| clearImmediate object| regeneratorRuntime object| __APOLLO_CLIENT__ function| moment object| filestackInternals object| __SENTRY__ function| applyFocusVisiblePolyfill number| 2f1acc6c3a606b082e5eef5e54414ffb object| core string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| beaconJsonp object| HSDSPortalWrapperGlobalManager function| __onBeaconDestroy object| beaconStore

8 Cookies

Domain/Path Name / Value
.friday.app/ Name: _fbp
Value: fb.1.1635552645942.1260011072
.friday.app/ Name: _ga
Value: GA1.2.2054521462.1635552646
.friday.app/ Name: _gid
Value: GA1.2.1062344739.1635552646
.friday.app/ Name: _gat
Value: 1
.facebook.com/ Name: fr
Value: 0Pbhd2nC1keY7wHXq..BhfI2F...1.0.BhfI2F.
m.stripe.com/ Name: m
Value: ea26978a-9c87-4980-a5ee-126c446966b4dc4347
.my.friday.app/ Name: __stripe_mid
Value: 3e33d2b5-c2d9-4950-8d9e-f4e85ba7ec57a5a3e4
.my.friday.app/ Name: __stripe_sid
Value: 9572a8ac-fb2c-4b7c-a0f9-7ddd4b2858fbb5bb61

1 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw='".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com https://*.uploadcare.com https://dns.google.com https://api.sprig.com https://r.wdfl.co https://api.getrewardful.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://cdn.sprig.com https://*.joinspace.co https://r.wdfl.co https://connect.facebook.net/; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

beacon-v2.helpscout.net
cdnjs.cloudflare.com
connect.facebook.net
d3hb14vkzrxvla.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
js.stripe.com
m.stripe.com
m.stripe.network
maps.google.com
maps.googleapis.com
my.friday.app
q.stripe.com
r.wdfl.co
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
104.16.19.94
142.250.185.202
142.250.185.67
142.250.185.78
142.250.186.163
142.250.186.36
142.250.186.74
142.250.186.78
143.204.101.200
143.204.98.3
143.204.98.36
143.204.98.61
143.204.98.82
143.204.98.85
157.240.20.19
157.240.20.35
52.42.231.203
54.187.119.242
66.102.1.155
02d8d2f855650796fbd318fc7608b4e224e3c16a303b5d1d898dd40484ceb56c
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13749f5c9699919bdb871c3d5084a838e1aa64867a65e3ab58d87e4401c2c0da
144d18968c420ef8e9d696727bca41a03cc2b1cc6ac269b27c431ce6239c7aa4
1969520bd7b0ea7b84b1cbdda4a8ae93c321abe6eaeff82b5fa496680bf88a0f
3aabfe6737b2356a7f567f2e61b5203ebd070087149435a467be75c813be73d7
483dba7044bc964ad20047cb3fd72aeb13024b27683a6f6f15e45c19863656e3
4d748ec4ab499246eb0f580de7977d3da21550922258a755ff2df11258ea962d
55f98f481b49fd9746dd5bbd2da3e00e14fcb38bc85a6d18e02c686e2560a1f7
573daf0aaf4913b33e9abd520d0436f65bdbf6237d15feb6ca43387f556e1a3f
5973bacb967256014b11cba8e58a3a6e2801f2bd059067360cf58bd6b02a1d12
62c088bd6e4ab63ad1613aa47036e723560ee2a05d916b8cbbe230d44ac65df0
6b5402ff8932ed835d39a31b75c6bc737a80f6ddcd6269a1fa53556485ca3ad8
6fcd3b55a02c2ba27c82c142cbe3166076d31be5425a1b9335f5c94fd3dbd413
758e458fb2e7c412a9214541bde1aeb710e74c8715fdaa81cadaa93de7a4e3a2
7bcaeb9ab4d9901f116a979aba4b149a5e47095310707565586558034d51f63b
7c7b6e7ec82afa6307a934a46304eaa72f982c07b835642a2e1b484de4fa1143
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85d93ad1b553fdcec1439466ac02092cdc62e0250f2e2a1d11d779cc8a75f1e5
8d3411c961b332008c61452f483ada3da4cd0fd06cc264c7f2facfb01bc4b1d5
914c9d22c7d7d69741ac11c93645bfc000aa807a9aa0f4a775a046f28a8aa88e
951a3b8ec1c6a0ae2767a3bb90ba6995397c5d13bd7ff79ea0bc87529b8024ea
976276e6b8e6b093abfe1a756a4efec5b0faec3710523c28ddaeff6a0dd6ec0a
9d96ff4f1cf3939a19a9bf79c7bbd035753e8bd5f2cf8a0b49267d3196c70f2c
a074af155394fb0b3d5ed8bb8204dfb6450cbf6278c785da41237df21f685675
a08b5b49f425ccaf260b57c66bfb00a4557a57854452b8f6225e0c7c1eab0073
a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7
a5276794b3e250a74001b6e048b7f13d0c864019cdfd35ba7db738fbfbf5132b
aa4bbe15fcb1e709ceed7516ac764941cf92383d72ee9bf2f4f40b939917b03c
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
bd54d3dc95cf10c02ae9f22ec9e0d584284f02c241478074e4caadf5a8f49e6c
c6533c8b1fb5b46a289a0ed8122ec1eeeefc28d0628e7c7d5b0219fb6a38d648
c8bbe715224845fc6da2525dbeabe3e1ac727dc6958d7e034d0d99d4398053da
cc21d5a9e609b2997b4f9c3a5b520216e5ef6522c656b81b6105c9b62a8fcc5b
d0f1ce92b5948a1a4337387597f7dc1f056cbd3c6a4ee01d3390addcbacbaaf4
d498f8114f63c0924c5feb758275060e2439d7aa61d4d0c9d3e6e21bed4388bc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62