urlscan.io logo urlscan.io
SecurityTrails logo

auth.deloitte.direct Open in urlscan Pro
52.57.237.215  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://deloitte.direct/
Effective URL: https://auth.deloitte.direct/?redirect_success=https%3A%2F%2Fportal.deloitte.direct%2F
Submission: On June 06 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 4 domains to perform 17 HTTP transactions. The main IP is 52.57.237.215, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is auth.deloitte.direct.
TLS certificate: Issued by Amazon on January 3rd 2022. Valid for: a year.
This is the only time auth.deloitte.direct was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 13.32.123.37 16509 (AMAZON-02)
1 7 143.204.98.41 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 52.57.237.215 16509 (AMAZON-02)
2 18.64.119.107 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
17 6
2    13.32.123.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-123-37.hel50.r.cloudfront.net
deloitte.direct
7    143.204.98.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-41.fra50.r.cloudfront.net
portal.deloitte.direct
4    2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    52.57.237.215 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-237-215.eu-central-1.compute.amazonaws.com
auth.deloitte.direct
2    18.64.119.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-119-107.txl50.r.cloudfront.net
assets.deloitte.direct
1    2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
13 deloitte.direct
deloitte.direct
portal.deloitte.direct
auth.deloitte.direct
assets.deloitte.direct
2 MB
4 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 42
3 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 35
20 KB
1 gstatic.com
fonts.gstatic.com
17 KB
17 4
Domain Requested by
7 portal.deloitte.direct 1 redirects portal.deloitte.direct
4 fonts.googleapis.com portal.deloitte.direct
auth.deloitte.direct
2 assets.deloitte.direct auth.deloitte.direct
2 auth.deloitte.direct portal.deloitte.direct
auth.deloitte.direct
2 www.google-analytics.com portal.deloitte.direct
www.google-analytics.com
2 deloitte.direct 2 redirects
1 fonts.gstatic.com fonts.googleapis.com
17 7

This site contains links to these domains. Also see Links.

Domain
privacy.deloitte.direct
Subject Issuer Validity Valid
*.fulll.io
Amazon		 2022-01-06 -
2023-02-04		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-05-09 -
2022-08-01		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-05-09 -
2022-08-01		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-05-09 -
2022-08-01		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://auth.deloitte.direct/?redirect_success=https%3A%2F%2Fportal.deloitte.direct%2F
Frame ID: D6CC334295F7D57F721F02AE1BEEFC93
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Anmelden | DeloitteDirect

Page URL History Show full URLs

  1. http://deloitte.direct/ HTTP 301
    https://deloitte.direct/ HTTP 301
    http://portal.deloitte.direct/ HTTP 301
    https://portal.deloitte.direct/ Page URL
  2. https://auth.deloitte.direct/?redirect_success=https%3A%2F%2Fportal.deloitte.direct%2F Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

17
Requests

100 %
HTTPS

43 %
IPv6

4
Domains

7
Subdomains

6
IPs

2
Countries

2143 kB
Transfer

8065 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://deloitte.direct/ HTTP 301
    https://deloitte.direct/ HTTP 301
    http://portal.deloitte.direct/ HTTP 301
    https://portal.deloitte.direct/ Page URL
  2. https://auth.deloitte.direct/?redirect_success=https%3A%2F%2Fportal.deloitte.direct%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://deloitte.direct/ HTTP 301
  • https://deloitte.direct/ HTTP 301
  • http://portal.deloitte.direct/ HTTP 301
  • https://portal.deloitte.direct/

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
portal.deloitte.direct/
Redirect Chain
  • http://deloitte.direct/
  • https://deloitte.direct/
  • http://portal.deloitte.direct/
  • https://portal.deloitte.direct/
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://portal.deloitte.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-41.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8e6c49127e64196c874cf62836244792116758a9f1a413df00bc430999c9ce45
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.fulll.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://widget.freshworks.com https://euc-widget.freshworks.com https://js.stripe.com https://*.fulll.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://widget.freshworks.com https://euc-widget.freshworks.com https://*.fulll.io; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io; connect-src blob: data: https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://widget.freshworks.com https://euc-widget.freshworks.com https://xeonys.freshdesk.com https://fulll.freshdesk.com https://*.fulll.io; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
58078
content-encoding
gzip
content-security-policy
default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.fulll.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://widget.freshworks.com https://euc-widget.freshworks.com https://js.stripe.com https://*.fulll.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://widget.freshworks.com https://euc-widget.freshworks.com https://*.fulll.io; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io; connect-src blob: data: https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://widget.freshworks.com https://euc-widget.freshworks.com https://xeonys.freshdesk.com https://fulll.freshdesk.com https://*.fulll.io; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io
content-type
text/html
date
Mon, 06 Jun 2022 00:55:20 GMT
etag
W/"b1383ea70134904dd92dcd5b191516a1"
feature-policy
fullscreen *
last-modified
Thu, 02 Jun 2022 14:58:27 GMT
referrer-policy
same-origin
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept-Encoding
via
1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
x-amz-cf-id
jjSPAzcd2yjXm6k5GrC6mCPmlg8Qo60AogHIDDMliq4HkDhfrkOXpQ==
x-amz-cf-pop
FRA50-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-permitted-cross-domain-policies
all
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
183
Content-Type
text/html
Date
Mon, 06 Jun 2022 17:03:16 GMT
Location
https://portal.deloitte.direct/
Server
CloudFront
Via
1.1 b83a899c16a2f53127e152fe5fc783a4.cloudfront.net (CloudFront)
X-Amz-Cf-Id
pWU8yfClALEtGnQMECWB20WYYKm7I9YN1Skoed5IpIPL0fEhfbgybg==
X-Amz-Cf-Pop
FRA50-C1
X-Cache
Redirect from cloudfront
icon
fonts.googleapis.com/ 		1 KB
941 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons|Material+Icons+Outlined
Requested by
Host: portal.deloitte.direct
URL: https://portal.deloitte.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
07dbac7aeedb38dde3d94063a748819deb0d1cc5cc24f8c044b54bb8fe157c0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 06 Jun 2022 17:03:17 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 06 Jun 2022 17:03:17 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 06 Jun 2022 17:03:17 GMT
css
fonts.googleapis.com/ 		16 KB
960 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,300italic,600italic,400italic
Requested by
Host: portal.deloitte.direct
URL: https://portal.deloitte.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6ba82f06e601f539ab8684531ba473a814c590aa8b947384070716ce5c2babd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 06 Jun 2022 17:03:17 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 06 Jun 2022 17:03:17 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 06 Jun 2022 17:03:17 GMT
css2
fonts.googleapis.com/ 		2 KB
649 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Source+Sans+Pro&display=swap
Requested by
Host: portal.deloitte.direct
URL: https://portal.deloitte.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8bc3192e7e3add5994afa668aef8bb024a247b361c1f9e3cddd0791b34db77b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 06 Jun 2022 16:38:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 06 Jun 2022 17:03:17 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 06 Jun 2022 17:03:17 GMT
2.051a02d8.chunk.css
portal.deloitte.direct/static/css/ 		300 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.deloitte.direct/static/css/2.051a02d8.chunk.css
Requested by
Host: portal.deloitte.direct
URL: https://portal.deloitte.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-41.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a6b8804e0efe9157b0a6d672d184d876a220181f4e3bc9578746b24f03da349e
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.fulll.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://widget.freshworks.com https://euc-widget.freshworks.com https://js.stripe.com https://*.fulll.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://widget.freshworks.com https://euc-widget.freshworks.com https://*.fulll.io; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io; connect-src blob: data: https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://widget.freshworks.com https://euc-widget.freshworks.com https://xeonys.freshdesk.com https://fulll.freshdesk.com https://*.fulll.io; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.deloitte.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 06 Jun 2022 04:41:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
all
age
44520
x-cache
Hit from cloudfront
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 02 Jun 2022 14:58:32 GMT
server
AmazonS3
etag
W/"19fd4872600ee695be4dbd1112d7f587"
vary
Accept-Encoding
content-type
text/css
via
1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
feature-policy
fullscreen *
content-security-policy
default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.fulll.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://widget.freshworks.com https://euc-widget.freshworks.com https://js.stripe.com https://*.fulll.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://widget.freshworks.com https://euc-widget.freshworks.com https://*.fulll.io; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io; connect-src blob: data: https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://widget.freshworks.com https://euc-widget.freshworks.com https://xeonys.freshdesk.com https://fulll.freshdesk.com https://*.fulll.io; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
GUuYukV24MgLiNmRxEcpERklAReqmq3JHGuiR0OSyXBKs1mJdb_pyQ==
main.a580d784.chunk.css
portal.deloitte.direct/static/css/ 		9 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.deloitte.direct/static/css/main.a580d784.chunk.css
Requested by
Host: portal.deloitte.direct
URL: https://portal.deloitte.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-41.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
130f5b9739bd058dc9df9ebc569f553e8d185466598cc6abba37a9df272363d5
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.fulll.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://widget.freshworks.com https://euc-widget.freshworks.com https://js.stripe.com https://*.fulll.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://widget.freshworks.com https://euc-widget.freshworks.com https://*.fulll.io; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io; connect-src blob: data: https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://widget.freshworks.com https://euc-widget.freshworks.com https://xeonys.freshdesk.com https://fulll.freshdesk.com https://*.fulll.io; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.deloitte.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 06 Jun 2022 15:11:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
all
age
6683
x-cache
Hit from cloudfront
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 02 Jun 2022 14:58:32 GMT
server
AmazonS3
etag
W/"1ed849a95502e2897d2465c5f55e5d71"
vary
Accept-Encoding
content-type
text/css
via
1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
feature-policy
fullscreen *
content-security-policy
default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.fulll.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://widget.freshworks.com https://euc-widget.freshworks.com https://js.stripe.com https://*.fulll.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://widget.freshworks.com https://euc-widget.freshworks.com https://*.fulll.io; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io; connect-src blob: data: https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://widget.freshworks.com https://euc-widget.freshworks.com https://xeonys.freshdesk.com https://fulll.freshdesk.com https://*.fulll.io; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
BsK6oW8FBVWeuCcFMifGFxEojbQvEIAZ5u2F7JMx74nzPsNE7fx12Q==
2.a0b78d17.chunk.js
portal.deloitte.direct/static/js/ 		7 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.deloitte.direct/static/js/2.a0b78d17.chunk.js
Requested by
Host: portal.deloitte.direct
URL: https://portal.deloitte.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-41.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f2a2ccd5b9f2916822f9880a084d52035d18494a54ac2964c71ff4392cbf4db2
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.fulll.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://widget.freshworks.com https://euc-widget.freshworks.com https://js.stripe.com https://*.fulll.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://widget.freshworks.com https://euc-widget.freshworks.com https://*.fulll.io; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io; connect-src blob: data: https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://widget.freshworks.com https://euc-widget.freshworks.com https://xeonys.freshdesk.com https://fulll.freshdesk.com https://*.fulll.io; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.deloitte.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 02 Jun 2022 14:58:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
all
age
353062
x-cache
Hit from cloudfront
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 02 Jun 2022 14:58:35 GMT
server
AmazonS3
etag
W/"44a3c856420e934fb2831add790d14ad"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
cache-control
max-age=31557600
feature-policy
fullscreen *
content-security-policy
default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.fulll.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://widget.freshworks.com https://euc-widget.freshworks.com https://js.stripe.com https://*.fulll.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://widget.freshworks.com https://euc-widget.freshworks.com https://*.fulll.io; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io; connect-src blob: data: https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://widget.freshworks.com https://euc-widget.freshworks.com https://xeonys.freshdesk.com https://fulll.freshdesk.com https://*.fulll.io; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
5lraXrU0iBIbRAA5oFZRIy2A99rQGu9GV8U_3zWzOFcN0E17kJ3X_A==
main.a7b5ec66.chunk.js
portal.deloitte.direct/static/js/ 		562 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.deloitte.direct/static/js/main.a7b5ec66.chunk.js
Requested by
Host: portal.deloitte.direct
URL: https://portal.deloitte.direct/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-41.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5116d4c05ef3cfdd8af20a0fd79ad6f1d943b4e29f1633263b527b1f88c11ca8
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.fulll.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://widget.freshworks.com https://euc-widget.freshworks.com https://js.stripe.com https://*.fulll.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://widget.freshworks.com https://euc-widget.freshworks.com https://*.fulll.io; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io; connect-src blob: data: https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://widget.freshworks.com https://euc-widget.freshworks.com https://xeonys.freshdesk.com https://fulll.freshdesk.com https://*.fulll.io; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.deloitte.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 02 Jun 2022 14:58:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
all
age
353062
x-cache
Hit from cloudfront
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 02 Jun 2022 14:58:35 GMT
server
AmazonS3
etag
W/"fa6703a48a5a4930ae181d8b5b6ba22f"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
cache-control
max-age=31557600
feature-policy
fullscreen *
content-security-policy
default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.fulll.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://widget.freshworks.com https://euc-widget.freshworks.com https://js.stripe.com https://*.fulll.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://widget.freshworks.com https://euc-widget.freshworks.com https://*.fulll.io; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io; connect-src blob: data: https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://widget.freshworks.com https://euc-widget.freshworks.com https://xeonys.freshdesk.com https://fulll.freshdesk.com https://*.fulll.io; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
YxttxfU89vraLrU3xNzrnJFB54RyZlcmoI5CN_j0ar7Ugl5G0kvU8Q==
me.json
portal.deloitte.direct/api/_proxy/auth/api/v2/ 		2 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://portal.deloitte.direct/api/_proxy/auth/api/v2/me.json
Requested by
Host: portal.deloitte.direct
URL: https://portal.deloitte.direct/static/js/2.a0b78d17.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-41.fra50.r.cloudfront.net
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.fulll.ninja https://*.fulll.house https://*.fulll.io https://*.deloitte.direct https://*.ibizapps.cloud https://*.inexweb.fr https://chart.googleapis.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://brandspace.deloitte.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.deloitte.direct/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src 'self'; img-src 'self' https://*.fulll.ninja https://*.fulll.house https://*.fulll.io https://*.deloitte.direct https://*.ibizapps.cloud https://*.inexweb.fr https://chart.googleapis.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://brandspace.deloitte.com; object-src 'none'
via
1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-permitted-cross-domain-policies
all
x-amz-cf-pop
FRA50-C1
x-recruiting
Like HTTP headers? Come write ours https://www.inextenso.digital/careers/
x-cache
Error from cloudfront
content-length
2
x-xss-protection
1; mode=block
referrer-policy
same-origin
x-frame-options
SAMEORIGIN
date
Mon, 06 Jun 2022 17:03:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
cache-control
no-cache, no-store
feature-policy
fullscreen *
x-amz-cf-id
69_QC1aSQD-1Y-kseZpvCbxrSW2YcYhaUMMxwVrcwqtRB0D9BofZQA==
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: portal.deloitte.direct
URL: https://portal.deloitte.direct/static/js/main.a7b5ec66.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
5312
date
Mon, 06 Jun 2022 15:34:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Mon, 06 Jun 2022 17:34:46 GMT
Primary Request /
auth.deloitte.direct/ 		4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.deloitte.direct/?redirect_success=https%3A%2F%2Fportal.deloitte.direct%2F
Requested by
Host: portal.deloitte.direct
URL: https://portal.deloitte.direct/static/js/2.a0b78d17.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.237.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-237-215.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
91046aed7d3d5d695338363bdaa038c05915d69728db675c4d085b1b5ceda2f8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.fulll.ninja https://*.fulll.house https://*.fulll.io https://*.deloitte.direct https://*.ibizapps.cloud https://*.inexweb.fr https://chart.googleapis.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://brandspace.deloitte.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1368
Content-Security-Policy
default-src 'self'; img-src 'self' https://*.fulll.ninja https://*.fulll.house https://*.fulll.io https://*.deloitte.direct https://*.ibizapps.cloud https://*.inexweb.fr https://chart.googleapis.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://brandspace.deloitte.com; object-src 'none'
Content-Type
text/html; charset=UTF-8
Date
Mon, 06 Jun 2022 17:03:18 GMT
Expires
Mon, 06 Jun 2022 17:03:18 GMT
Feature-Policy
fullscreen *
Referrer-Policy
same-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
all
X-Recruiting
Like HTTP headers? Come write ours https://www.inextenso.digital/careers/
X-XSS-Protection
1; mode=block
collect
www.google-analytics.com/j/ 		2 B
211 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=366918808&t=pageview&_s=1&dl=https%3A%2F%2Fportal.deloitte.direct%2F&ul=en-us&de=UTF-8&dt=DeloitteDirect&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1939986428&gjid=1973912615&cid=1262588819.1654534998&tid=UA-76418422-8&_gid=316058226.1654534998&_r=1&_slc=1&cd1=direct&cd2=prod&cd3=https%3A%2F%2Fportal.deloitte.direct&z=251194286
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 06 Jun 2022 17:03:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://portal.deloitte.direct
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/ 		3 KB
630 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans
Requested by
Host: auth.deloitte.direct
URL: https://auth.deloitte.direct/?redirect_success=https%3A%2F%2Fportal.deloitte.direct%2F
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
55475f690303f28766cea7ae2214bca689adb1d19426a636ae5f812d30ed88aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 06 Jun 2022 15:29:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 06 Jun 2022 17:03:18 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 06 Jun 2022 17:03:18 GMT
style-bridge.css
auth.deloitte.direct/css/ 		16 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.deloitte.direct/css/style-bridge.css
Requested by
Host: auth.deloitte.direct
URL: https://auth.deloitte.direct/?redirect_success=https%3A%2F%2Fportal.deloitte.direct%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.237.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-237-215.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
8cac25cd5cfc64d4a2501461d8ab5e3fd27d4f21aa5d7898f4c713b1ded07119
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.fulll.ninja https://*.fulll.house https://*.fulll.io https://*.deloitte.direct https://*.ibizapps.cloud https://*.inexweb.fr https://chart.googleapis.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://brandspace.deloitte.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.deloitte.direct/?redirect_success=https%3A%2F%2Fportal.deloitte.direct%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; img-src 'self' https://*.fulll.ninja https://*.fulll.house https://*.fulll.io https://*.deloitte.direct https://*.ibizapps.cloud https://*.inexweb.fr https://chart.googleapis.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://brandspace.deloitte.com; object-src 'none'
Content-Encoding
gzip
ETag
"3f31-5df1fbf3d5040-gzip"
X-Permitted-Cross-Domain-Policies
all
X-Recruiting
Like HTTP headers? Come write ours https://www.inextenso.digital/careers/
Connection
keep-alive
Content-Length
4106
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Mon, 16 May 2022 11:58:49 GMT
X-Frame-Options
SAMEORIGIN
Date
Mon, 06 Jun 2022 17:03:18 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/css
Cache-Control
public
Feature-Policy
fullscreen *
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
logo_auth.png
assets.deloitte.direct/buro/themes/auth/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.deloitte.direct/buro/themes/auth/logo_auth.png
Requested by
Host: auth.deloitte.direct
URL: https://auth.deloitte.direct/?redirect_success=https%3A%2F%2Fportal.deloitte.direct%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-107.txl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
03c189de44ba3d6a33074b2616cb31ae6d6fe149883d8e214840b6ba89474466

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 06 Jun 2022 17:03:19 GMT
via
1.1 d9a3650110a8e2b78edd73b33e0fa948.cloudfront.net (CloudFront)
last-modified
Fri, 24 Dec 2021 13:49:53 GMT
server
AmazonS3
x-amz-cf-pop
TXL50-P4
etag
"47d50a25bae70125b0451e94d168dd78"
x-cache
RefreshHit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
7326
x-amz-cf-id
sfg_K8tuncYnrQtvtp4O0J3J2eHBOhOSaft4oaLkN0mMtY7zBHrNWg==
image_auth.gif
assets.deloitte.direct/buro/themes/auth/ 		266 KB
266 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.deloitte.direct/buro/themes/auth/image_auth.gif
Requested by
Host: auth.deloitte.direct
URL: https://auth.deloitte.direct/?redirect_success=https%3A%2F%2Fportal.deloitte.direct%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-107.txl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d4cd5e43d524dabe8e0d940ba685a34c9378e5f5c8c54582753ef6c67a5f9cbd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 06 Jun 2022 17:03:19 GMT
via
1.1 d9a3650110a8e2b78edd73b33e0fa948.cloudfront.net (CloudFront)
last-modified
Fri, 24 Dec 2021 13:49:53 GMT
server
AmazonS3
x-amz-cf-pop
TXL50-P4
etag
"8933b4136a3317de264ebada3f651712"
x-cache
Miss from cloudfront
content-type
image/gif
accept-ranges
bytes
content-length
272027
x-amz-cf-id
KFv2g_ledTA-gGYTyH_vVuggwb0mQHK2VjaGl4ewTSTgKt8v_p2n5w==
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v29/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v29/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9434dddcdf38e072b039bb92f9e90639ec0e0563e8ff51604a60d91830c29289
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://auth.deloitte.direct
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 30 May 2022 19:06:05 GMT
x-content-type-options
nosniff
age
597433
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16720
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:25:13 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 May 2023 19:06:05 GMT

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation

4 Cookies

Domain/Path Name / Value
.deloitte.direct/ Name: _ga
Value: GA1.2.1262588819.1654534998
.deloitte.direct/ Name: _gid
Value: GA1.2.316058226.1654534998
.deloitte.direct/ Name: _gat
Value: 1
auth.deloitte.direct/ Name: PHPSESSID
Value: 7c50abb2a338518e6ff63e4b769f4435

1 Console Messages

Source Level URL
Text
network error URL: https://portal.deloitte.direct/api/_proxy/auth/api/v2/me.json
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.fulll.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://widget.freshworks.com https://euc-widget.freshworks.com https://js.stripe.com https://*.fulll.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://widget.freshworks.com https://euc-widget.freshworks.com https://*.fulll.io; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io; connect-src blob: data: https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://widget.freshworks.com https://euc-widget.freshworks.com https://xeonys.freshdesk.com https://fulll.freshdesk.com https://*.fulll.io; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block