urlscan.io logo urlscan.io
SecurityTrails logo

login.t7r.dev Open in urlscan Pro
2606:4700::6812:4b0  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://auth.t7r.dev/
Effective URL: https://login.t7r.dev/error?errorId=CfDJ8DMYPIJPq0tGgEdHOTv4jKr_zzYAeWCh1zugX9sP3H_JdOjys44Ao4tR0_v2U-cL7JoBgQxxU6ZXgL...
Submission: On July 08 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 10 HTTP transactions. The main IP is 2606:4700::6812:4b0, located in United States and belongs to CLOUDFLARENET, US. The main domain is login.t7r.dev.
TLS certificate: Issued by WE1 on June 17th 2024. Valid for: 3 months.
This is the only time login.t7r.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 2606:4700::68... 13335 (CLOUDFLAR...)
1 34.120.195.249 396982 (GOOGLE-CL...)
1 34.96.102.137 396982 (GOOGLE-CL...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
10 4
8    2606:4700::6812:4b0 (United States)

ASN13335 (CLOUDFLARENET, US)
auth.t7r.dev
login.t7r.dev
auth-analytics.t7r.dev
1    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o268643.ingest.sentry.io
1    34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com
dev.visualwebsiteoptimizer.com
1    2606:4700::6812:5b0 (United States)

ASN13335 (CLOUDFLARENET, US)
login-api.t7r.dev
Apex Domain
Subdomains		 Transfer
9 t7r.dev
auth.t7r.dev
login.t7r.dev
auth-analytics.t7r.dev
login-api.t7r.dev
379 KB
1 visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 5046
810 B
1 sentry.io
o268643.ingest.sentry.io
299 B
10 3
Domain Requested by
5 login.t7r.dev login.t7r.dev
2 auth-analytics.t7r.dev login.t7r.dev
1 login-api.t7r.dev login.t7r.dev
1 dev.visualwebsiteoptimizer.com login.t7r.dev
1 o268643.ingest.sentry.io login.t7r.dev
1 auth.t7r.dev 1 redirects
10 6

This site contains no links.

Subject Issuer Validity Valid
t7r.dev
WE1		 2024-06-17 -
2024-09-15		 3 months crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-02 -
2024-12-02		 a year crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2		 2024-06-29 -
2025-07-31		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login.t7r.dev/error?errorId=CfDJ8DMYPIJPq0tGgEdHOTv4jKr_zzYAeWCh1zugX9sP3H_JdOjys44Ao4tR0_v2U-cL7JoBgQxxU6ZXgL1RUYRQC6TUMX-aLXIPNnnyRigiqoVIB_MBeQ6_qGnFYL3xVOpEUElMyBop6SzsnIBJmDsi8aSbIBA8Qg6hg1aIp9Ler9GGrkyhxEsB44UCfwz0sL_yyRr5JPH6d5ER7c1e9-a22RQG56MwzSJ9x6J6FyhMbkud&requestId=5327041e-6cee-477b-b6fa-772e101a9a51
Frame ID: D5E91D99E1D71288771BD4F41CE119E6
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

TrueLayer - Connect your bank account

Page URL History Show full URLs

  1. https://auth.t7r.dev/ HTTP 302
    https://login.t7r.dev/error?errorId=CfDJ8DMYPIJPq0tGgEdHOTv4jKr_zzYAeWCh1zugX9sP3H_JdOjys44Ao4tR0_... Page URL

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

6
Subdomains

4
IPs

1
Countries

379 kB
Transfer

1389 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://auth.t7r.dev/ HTTP 302
    https://login.t7r.dev/error?errorId=CfDJ8DMYPIJPq0tGgEdHOTv4jKr_zzYAeWCh1zugX9sP3H_JdOjys44Ao4tR0_v2U-cL7JoBgQxxU6ZXgL1RUYRQC6TUMX-aLXIPNnnyRigiqoVIB_MBeQ6_qGnFYL3xVOpEUElMyBop6SzsnIBJmDsi8aSbIBA8Qg6hg1aIp9Ler9GGrkyhxEsB44UCfwz0sL_yyRr5JPH6d5ER7c1e9-a22RQG56MwzSJ9x6J6FyhMbkud&requestId=5327041e-6cee-477b-b6fa-772e101a9a51 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request error
login.t7r.dev/
Redirect Chain
  • https://auth.t7r.dev/
  • https://login.t7r.dev/error?errorId=CfDJ8DMYPIJPq0tGgEdHOTv4jKr_zzYAeWCh1zugX9sP3H_JdOjys44Ao4tR0_v2U-cL7JoBgQxxU6ZXgL1RUYRQC6TUMX-aLXIPNnnyRigiqoVIB_MBeQ6_qGnFYL3xVOpEUElMyBop6SzsnIBJmDsi8aSbIBA8Q...
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.t7r.dev/error?errorId=CfDJ8DMYPIJPq0tGgEdHOTv4jKr_zzYAeWCh1zugX9sP3H_JdOjys44Ao4tR0_v2U-cL7JoBgQxxU6ZXgL1RUYRQC6TUMX-aLXIPNnnyRigiqoVIB_MBeQ6_qGnFYL3xVOpEUElMyBop6SzsnIBJmDsi8aSbIBA8Qg6hg1aIp9Ler9GGrkyhxEsB44UCfwz0sL_yyRr5JPH6d5ER7c1e9-a22RQG56MwzSJ9x6J6FyhMbkud&requestId=5327041e-6cee-477b-b6fa-772e101a9a51
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d75decf6b04a1a08bd21af00b682ce97a68d8b22711754784e531dd1b21f15b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://payment.truelayer.com https://truelayer-client-logos.s3-eu-west-1.amazonaws.com https://truelayer-client-logos.s3.amazonaws.com https://truelayer-public-assets.s3.amazonaws.com https://truelayer-provider-assets.s3.amazonaws.com https://providers-assets.truelayer.com https://auth-analytics.truelayer.com https://auth-analytics.t7r.dev https://auth-analytics.truelayer-sandbox.com https://auth.truelayer.com https://auth.t7r.dev https://auth.truelayer-sandbox.com https://login-api.t7r.dev https://login-api.truelayer-sandbox.com https://login-api.truelayer.com https://o268643.ingest.sentry.io https://dev.visualwebsiteoptimizer.com ;img-src 'self' https: data: blob:;frame-ancestors https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de https://login.truelayer-sandbox.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';font-src 'self' data:;frame-src 'none';object-src 'none';report-uri https://o268643.ingest.sentry.io/api/5285290/security/?sentry_key=a3b1c5cebf524d7990f58607d84a9f76;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options allow-from https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8a015d8def5e3a5a-FRA
content-encoding
br
content-security-policy
default-src 'self' https://payment.truelayer.com https://truelayer-client-logos.s3-eu-west-1.amazonaws.com https://truelayer-client-logos.s3.amazonaws.com https://truelayer-public-assets.s3.amazonaws.com https://truelayer-provider-assets.s3.amazonaws.com https://providers-assets.truelayer.com https://auth-analytics.truelayer.com https://auth-analytics.t7r.dev https://auth-analytics.truelayer-sandbox.com https://auth.truelayer.com https://auth.t7r.dev https://auth.truelayer-sandbox.com https://login-api.t7r.dev https://login-api.truelayer-sandbox.com https://login-api.truelayer.com https://o268643.ingest.sentry.io https://dev.visualwebsiteoptimizer.com ;img-src 'self' https: data: blob:;frame-ancestors https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de https://login.truelayer-sandbox.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';font-src 'self' data:;frame-src 'none';object-src 'none';report-uri https://o268643.ingest.sentry.io/api/5285290/security/?sentry_key=a3b1c5cebf524d7990f58607d84a9f76;
content-type
text/html; charset=utf-8
date
Mon, 08 Jul 2024 16:14:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gFSmXmLMYRYYT2kNAKqYxq2B4T%2B6usBAEMInhTIIqFFJbxpqtSsgqxTGKe7j6xy49JFGhNtldU7o5I%2BoCISVM82%2BhAJtnN79RkFzLMn%2FYnke2ji%2BDDi7PXHUXcCGsFAT7O3o3oksuW2FPaR%2B"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
allow-from https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-store
cf-cache-status
DYNAMIC
cf-ray
8a015d8cddd33a5a-FRA
content-length
0
content-security-policy
default-src 'self' 'unsafe-inline';object-src 'none';img-src 'self';script-src browser.sentry-cdn.com 'self' 'unsafe-inline';font-src 'self' data:;connect-src https://auth-analytics.t7r.dev o405187.ingest.sentry.io 'self';frame-ancestors 'none';frame-src 'none'; report-uri https://o405187.ingest.sentry.io/api/5270399/security/?sentry_key=447b2da781e64a34bcb0d7e6e3857e08
date
Mon, 08 Jul 2024 16:14:06 GMT
location
https://login.t7r.dev/error?errorId=CfDJ8DMYPIJPq0tGgEdHOTv4jKr_zzYAeWCh1zugX9sP3H_JdOjys44Ao4tR0_v2U-cL7JoBgQxxU6ZXgL1RUYRQC6TUMX-aLXIPNnnyRigiqoVIB_MBeQ6_qGnFYL3xVOpEUElMyBop6SzsnIBJmDsi8aSbIBA8Qg6hg1aIp9Ler9GGrkyhxEsB44UCfwz0sL_yyRr5JPH6d5ER7c1e9-a22RQG56MwzSJ9x6J6FyhMbkud&requestId=5327041e-6cee-477b-b6fa-772e101a9a51
referrer-policy
no-referrer
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
tl-mix-1
eyJ0bC5jbGllbnQuaWQiOm51bGwsInRsLmxhdGVuY3kuZXh0ZXJuYWxfZGVwZW5kZW5jeV9tcyI6bnVsbCwidGwuYXBpLnJlbGVhc2Vfc3RhZ2UiOm51bGwsInRsLmNvbm5lY3Rpdml0eS5wcm92aWRlci5yZWxlYXNlX3N0YWdlIjpudWxsLCJlcnJvci50bC5zbGlfdHlwZSI6ImludmFsaWRfcmVxdWVzdF9lcnJvciJ9
tl-trace-id
a36bb3b6d134b1237ea6e54d36396177
x-content-type-options
nosniff
x-envoy-upstream-service-time
3
x-request-id
5327041e-6cee-477b-b6fa-772e101a9a51
x-tl-correlation-id
5327041e-6cee-477b-b6fa-772e101a9a51
x-xss-protection
1; mode=block
env-config.js
login.t7r.dev/ 		19 B
363 B 		Script
General
Check archive.org
Download Go to
Full URL
https://login.t7r.dev/env-config.js?22bd952620e73e62d86765ede09875ad
Requested by
Host: login.t7r.dev
URL: https://login.t7r.dev/error?errorId=CfDJ8DMYPIJPq0tGgEdHOTv4jKr_zzYAeWCh1zugX9sP3H_JdOjys44Ao4tR0_v2U-cL7JoBgQxxU6ZXgL1RUYRQC6TUMX-aLXIPNnnyRigiqoVIB_MBeQ6_qGnFYL3xVOpEUElMyBop6SzsnIBJmDsi8aSbIBA8Qg6hg1aIp9Ler9GGrkyhxEsB44UCfwz0sL_yyRr5JPH6d5ER7c1e9-a22RQG56MwzSJ9x6J6FyhMbkud&requestId=5327041e-6cee-477b-b6fa-772e101a9a51
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1bcdf3f05094b1d345ac4e53d4da539c8c0d0e55c308c92c8997046a9090690
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://payment.truelayer.com https://truelayer-client-logos.s3-eu-west-1.amazonaws.com https://truelayer-client-logos.s3.amazonaws.com https://truelayer-public-assets.s3.amazonaws.com https://truelayer-provider-assets.s3.amazonaws.com https://providers-assets.truelayer.com https://auth-analytics.truelayer.com https://auth-analytics.t7r.dev https://auth-analytics.truelayer-sandbox.com https://auth.truelayer.com https://auth.t7r.dev https://auth.truelayer-sandbox.com https://login-api.t7r.dev https://login-api.truelayer-sandbox.com https://login-api.truelayer.com https://o268643.ingest.sentry.io https://dev.visualwebsiteoptimizer.com ;img-src 'self' https: data: blob:;frame-ancestors https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de https://login.truelayer-sandbox.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';font-src 'self' data:;frame-src 'none';object-src 'none';report-uri https://o268643.ingest.sentry.io/api/5285290/security/?sentry_key=a3b1c5cebf524d7990f58607d84a9f76;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options allow-from https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 16:14:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://payment.truelayer.com https://truelayer-client-logos.s3-eu-west-1.amazonaws.com https://truelayer-client-logos.s3.amazonaws.com https://truelayer-public-assets.s3.amazonaws.com https://truelayer-provider-assets.s3.amazonaws.com https://providers-assets.truelayer.com https://auth-analytics.truelayer.com https://auth-analytics.t7r.dev https://auth-analytics.truelayer-sandbox.com https://auth.truelayer.com https://auth.t7r.dev https://auth.truelayer-sandbox.com https://login-api.t7r.dev https://login-api.truelayer-sandbox.com https://login-api.truelayer.com https://o268643.ingest.sentry.io https://dev.visualwebsiteoptimizer.com ;img-src 'self' https: data: blob:;frame-ancestors https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de https://login.truelayer-sandbox.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';font-src 'self' data:;frame-src 'none';object-src 'none';report-uri https://o268643.ingest.sentry.io/api/5285290/security/?sentry_key=a3b1c5cebf524d7990f58607d84a9f76;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
MISS
content-length
19
x-xss-protection
1; mode=block
referrer-policy
no-referrer
server
cloudflare
etag
"eb8fa14f92f085a6fbd37a6d8858ee98"
x-frame-options
allow-from https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EJBWNVN6RFTGdMKGcnRvWRbz7cKWyLOMuOpOyBcHfspHGW1X5f%2B%2Bbp1PZSwTHOfe64eNYbVnv8MiRqkx2QPSA4yrRQTvF8q5PnF24itqrcVvRQPUwUYhZpxnUh8QcuM%2BUTkl5CSl6%2Fm8hQL8"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
8a015d8f093c3a5a-FRA
main.e24f95bd.js
login.t7r.dev/static/js/ 		1 MB
346 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.t7r.dev/static/js/main.e24f95bd.js
Requested by
Host: login.t7r.dev
URL: https://login.t7r.dev/error?errorId=CfDJ8DMYPIJPq0tGgEdHOTv4jKr_zzYAeWCh1zugX9sP3H_JdOjys44Ao4tR0_v2U-cL7JoBgQxxU6ZXgL1RUYRQC6TUMX-aLXIPNnnyRigiqoVIB_MBeQ6_qGnFYL3xVOpEUElMyBop6SzsnIBJmDsi8aSbIBA8Qg6hg1aIp9Ler9GGrkyhxEsB44UCfwz0sL_yyRr5JPH6d5ER7c1e9-a22RQG56MwzSJ9x6J6FyhMbkud&requestId=5327041e-6cee-477b-b6fa-772e101a9a51
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
df02d639126ace65cc569bb4b0d0649e96b03db7cccc3148e82aea9098f5b65c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://payment.truelayer.com https://truelayer-client-logos.s3-eu-west-1.amazonaws.com https://truelayer-client-logos.s3.amazonaws.com https://truelayer-public-assets.s3.amazonaws.com https://truelayer-provider-assets.s3.amazonaws.com https://providers-assets.truelayer.com https://auth-analytics.truelayer.com https://auth-analytics.t7r.dev https://auth-analytics.truelayer-sandbox.com https://auth.truelayer.com https://auth.t7r.dev https://auth.truelayer-sandbox.com https://login-api.t7r.dev https://login-api.truelayer-sandbox.com https://login-api.truelayer.com https://o268643.ingest.sentry.io https://dev.visualwebsiteoptimizer.com ;img-src 'self' https: data: blob:;frame-ancestors https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de https://login.truelayer-sandbox.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';font-src 'self' data:;frame-src 'none';object-src 'none';report-uri https://o268643.ingest.sentry.io/api/5285290/security/?sentry_key=a3b1c5cebf524d7990f58607d84a9f76;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options allow-from https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 16:14:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://payment.truelayer.com https://truelayer-client-logos.s3-eu-west-1.amazonaws.com https://truelayer-client-logos.s3.amazonaws.com https://truelayer-public-assets.s3.amazonaws.com https://truelayer-provider-assets.s3.amazonaws.com https://providers-assets.truelayer.com https://auth-analytics.truelayer.com https://auth-analytics.t7r.dev https://auth-analytics.truelayer-sandbox.com https://auth.truelayer.com https://auth.t7r.dev https://auth.truelayer-sandbox.com https://login-api.t7r.dev https://login-api.truelayer-sandbox.com https://login-api.truelayer.com https://o268643.ingest.sentry.io https://dev.visualwebsiteoptimizer.com ;img-src 'self' https: data: blob:;frame-ancestors https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de https://login.truelayer-sandbox.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';font-src 'self' data:;frame-src 'none';object-src 'none';report-uri https://o268643.ingest.sentry.io/api/5285290/security/?sentry_key=a3b1c5cebf524d7990f58607d84a9f76;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
MISS
content-encoding
gzip
x-xss-protection
1; mode=block
referrer-policy
no-referrer
server
cloudflare
etag
W/"cb319b67a3a93fd7e29aa9730e6c426e"
x-frame-options
allow-from https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D7aA%2BBb95m9e86nQQRNuiY8vvWAORHynN6CZOPfr2W4ruQVwqEdynYCHvIyCBKWnmbLODrXnX%2B9lV001%2FZUuFrM1TwLwdZB7lxpiz5qiAmXl6HOwhjWI%2FZUr4AQtM77yHU%2B7qE9HSLrV62ty"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
vary
Accept-Encoding
cf-ray
8a015d8f093f3a5a-FRA
main.d1311b03.css
login.t7r.dev/static/css/ 		165 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.t7r.dev/static/css/main.d1311b03.css
Requested by
Host: login.t7r.dev
URL: https://login.t7r.dev/error?errorId=CfDJ8DMYPIJPq0tGgEdHOTv4jKr_zzYAeWCh1zugX9sP3H_JdOjys44Ao4tR0_v2U-cL7JoBgQxxU6ZXgL1RUYRQC6TUMX-aLXIPNnnyRigiqoVIB_MBeQ6_qGnFYL3xVOpEUElMyBop6SzsnIBJmDsi8aSbIBA8Qg6hg1aIp9Ler9GGrkyhxEsB44UCfwz0sL_yyRr5JPH6d5ER7c1e9-a22RQG56MwzSJ9x6J6FyhMbkud&requestId=5327041e-6cee-477b-b6fa-772e101a9a51
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6439d261980a293f3174c20ce6bc2a94b35596adb53f3d3257bae5d983fdfa0a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://payment.truelayer.com https://truelayer-client-logos.s3-eu-west-1.amazonaws.com https://truelayer-client-logos.s3.amazonaws.com https://truelayer-public-assets.s3.amazonaws.com https://truelayer-provider-assets.s3.amazonaws.com https://providers-assets.truelayer.com https://auth-analytics.truelayer.com https://auth-analytics.t7r.dev https://auth-analytics.truelayer-sandbox.com https://auth.truelayer.com https://auth.t7r.dev https://auth.truelayer-sandbox.com https://login-api.t7r.dev https://login-api.truelayer-sandbox.com https://login-api.truelayer.com https://o268643.ingest.sentry.io https://dev.visualwebsiteoptimizer.com ;img-src 'self' https: data: blob:;frame-ancestors https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de https://login.truelayer-sandbox.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';font-src 'self' data:;frame-src 'none';object-src 'none';report-uri https://o268643.ingest.sentry.io/api/5285290/security/?sentry_key=a3b1c5cebf524d7990f58607d84a9f76;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options allow-from https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 16:14:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://payment.truelayer.com https://truelayer-client-logos.s3-eu-west-1.amazonaws.com https://truelayer-client-logos.s3.amazonaws.com https://truelayer-public-assets.s3.amazonaws.com https://truelayer-provider-assets.s3.amazonaws.com https://providers-assets.truelayer.com https://auth-analytics.truelayer.com https://auth-analytics.t7r.dev https://auth-analytics.truelayer-sandbox.com https://auth.truelayer.com https://auth.t7r.dev https://auth.truelayer-sandbox.com https://login-api.t7r.dev https://login-api.truelayer-sandbox.com https://login-api.truelayer.com https://o268643.ingest.sentry.io https://dev.visualwebsiteoptimizer.com ;img-src 'self' https: data: blob:;frame-ancestors https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de https://login.truelayer-sandbox.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';font-src 'self' data:;frame-src 'none';object-src 'none';report-uri https://o268643.ingest.sentry.io/api/5285290/security/?sentry_key=a3b1c5cebf524d7990f58607d84a9f76;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
MISS
content-encoding
gzip
x-xss-protection
1; mode=block
referrer-policy
no-referrer
server
cloudflare
etag
W/"cc1962336a5f8b41eb0a268d5667e2b0"
x-frame-options
allow-from https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xdiyWozXBKH%2BKISmovkLO95eWYKI0VDTnS63Q9rGRQ64gd9Y6QKXtKRgkewQbaeAuWXv0%2Bp87%2FT6uuaCaJBh0OnrNQaqKqLfuZBtr7k9GKxnJwRmzDSV8ukilmkibbIsNY9czkwJ9pG%2BeSz2"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
vary
Accept-Encoding
cf-ray
8a015d8f093b3a5a-FRA
event
auth-analytics.t7r.dev/api/ 		0
95 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://auth-analytics.t7r.dev/api/event
Requested by
Host: login.t7r.dev
URL: https://login.t7r.dev/error?errorId=CfDJ8DMYPIJPq0tGgEdHOTv4jKr_zzYAeWCh1zugX9sP3H_JdOjys44Ao4tR0_v2U-cL7JoBgQxxU6ZXgL1RUYRQC6TUMX-aLXIPNnnyRigiqoVIB_MBeQ6_qGnFYL3xVOpEUElMyBop6SzsnIBJmDsi8aSbIBA8Qg6hg1aIp9Ler9GGrkyhxEsB44UCfwz0sL_yyRr5JPH6d5ER7c1e9-a22RQG56MwzSJ9x6J6FyhMbkud&requestId=5327041e-6cee-477b-b6fa-772e101a9a51
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 08 Jul 2024 16:14:08 GMT
content-security-policy
default-src 'none'; frame-ancestors 'none'
referrer-policy
no-referrer
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-allow-origin
https://login.t7r.dev
x-tl-correlation-id
f1a32a7e-0b67-45b9-a230-899b6f1e7ec6
access-control-allow-credentials
true
cache-control
no-store
cf-ray
8a015d9379e303f4-FRA
content-length
0
x-xss-protection
1; mode=block
event
auth-analytics.t7r.dev/api/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://auth-analytics.t7r.dev/api/event
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://login.t7r.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST,OPTIONS,GET
access-control-allow-origin
https://login.t7r.dev
cache-control
no-store
cf-cache-status
DYNAMIC
cf-ray
8a015d9288a403f4-FRA
content-security-policy
default-src 'none'; frame-ancestors 'none'
date
Mon, 08 Jul 2024 16:14:07 GMT
referrer-policy
no-referrer
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Origin
x-content-type-options
nosniff
x-tl-correlation-id
0f0cad42-9a5d-4adb-acd8-53e932265a89
x-xss-protection
1; mode=block
/
o268643.ingest.sentry.io/api/5285290/envelope/ 		2 B
299 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o268643.ingest.sentry.io/api/5285290/envelope/?sentry_key=a3b1c5cebf524d7990f58607d84a9f76&sentry_version=7
Requested by
Host: login.t7r.dev
URL: https://login.t7r.dev/static/js/main.e24f95bd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://login.t7r.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 08 Jul 2024 16:14:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
favicon-32x32.png
login.t7r.dev/ 		3 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://login.t7r.dev/favicon-32x32.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b44d32f86415278471646495e6191527ca418e5647c47bee73b63bec501aef7b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://payment.truelayer.com https://truelayer-client-logos.s3-eu-west-1.amazonaws.com https://truelayer-client-logos.s3.amazonaws.com https://truelayer-public-assets.s3.amazonaws.com https://truelayer-provider-assets.s3.amazonaws.com https://providers-assets.truelayer.com https://auth-analytics.truelayer.com https://auth-analytics.t7r.dev https://auth-analytics.truelayer-sandbox.com https://auth.truelayer.com https://auth.t7r.dev https://auth.truelayer-sandbox.com https://login-api.t7r.dev https://login-api.truelayer-sandbox.com https://login-api.truelayer.com https://o268643.ingest.sentry.io https://dev.visualwebsiteoptimizer.com ;img-src 'self' https: data: blob:;frame-ancestors https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de https://login.truelayer-sandbox.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';font-src 'self' data:;frame-src 'none';object-src 'none';report-uri https://o268643.ingest.sentry.io/api/5285290/security/?sentry_key=a3b1c5cebf524d7990f58607d84a9f76;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options allow-from https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 16:14:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://payment.truelayer.com https://truelayer-client-logos.s3-eu-west-1.amazonaws.com https://truelayer-client-logos.s3.amazonaws.com https://truelayer-public-assets.s3.amazonaws.com https://truelayer-provider-assets.s3.amazonaws.com https://providers-assets.truelayer.com https://auth-analytics.truelayer.com https://auth-analytics.t7r.dev https://auth-analytics.truelayer-sandbox.com https://auth.truelayer.com https://auth.t7r.dev https://auth.truelayer-sandbox.com https://login-api.t7r.dev https://login-api.truelayer-sandbox.com https://login-api.truelayer.com https://o268643.ingest.sentry.io https://dev.visualwebsiteoptimizer.com ;img-src 'self' https: data: blob:;frame-ancestors https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de https://login.truelayer-sandbox.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';font-src 'self' data:;frame-src 'none';object-src 'none';report-uri https://o268643.ingest.sentry.io/api/5285290/security/?sentry_key=a3b1c5cebf524d7990f58607d84a9f76;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
MISS
content-length
2724
x-xss-protection
1; mode=block
referrer-policy
no-referrer
server
cloudflare
etag
"f7d00785af665c4188fd702c233d3f5b"
x-frame-options
allow-from https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XzGWkAiD9LjNlDojRTI1h5tZL6LDj6iFkgbvqXq4Ty0J4IYZNIdyhTifnTBH4x4L8x2%2Fy3sNtIMUokOld9kUq7duWMWm%2F8SyYEf0DSNMmJxq0naTjSm6Y4v2F3xOdgj1vXqjKNCcKvSLAytD"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
8a015d91acff3a5a-FRA
settings
dev.visualwebsiteoptimizer.com/server-side/ 		2 KB
810 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/server-side/settings?a=661882&i=772e6f41c4032b15de0c0d352bb2f80d&r=0.4280409771473228&platform=server&sdk=vwo-javascript-sdk&sdk-v=1.41.1
Requested by
Host: login.t7r.dev
URL: https://login.t7r.dev/static/js/main.e24f95bd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
9f391b97bd31dc95f88781f5cb346c13ee46b228ffa4cefe4aade1ad76b375ff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 16:14:06 GMT
content-encoding
gzip
via
1.1 google
server
gfra1
etag
W/"1720447866_EA"
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=0, no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
CfDJ8DMYPIJPq0tGgEdHOTv4jKr_zzYAeWCh1zugX9sP3H_JdOjys44Ao4tR0_v2U-cL7JoBgQxxU6ZXgL1RUYRQC6TUMX-aLXIPNnnyRigiqoVIB_MBeQ6_qGnFYL3xVOpEUElMyBop6SzsnIBJmDsi8aSbIBA8Qg6hg1aIp9Ler9GGrkyhxEsB44UCfwz0sL_yy...
login-api.t7r.dev/api/v1/errors/ 		53 B
408 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://login-api.t7r.dev/api/v1/errors/CfDJ8DMYPIJPq0tGgEdHOTv4jKr_zzYAeWCh1zugX9sP3H_JdOjys44Ao4tR0_v2U-cL7JoBgQxxU6ZXgL1RUYRQC6TUMX-aLXIPNnnyRigiqoVIB_MBeQ6_qGnFYL3xVOpEUElMyBop6SzsnIBJmDsi8aSbIBA8Qg6hg1aIp9Ler9GGrkyhxEsB44UCfwz0sL_yyRr5JPH6d5ER7c1e9-a22RQG56MwzSJ9x6J6FyhMbkud
Requested by
Host: login.t7r.dev
URL: https://login.t7r.dev/static/js/main.e24f95bd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56c5eed5a6abed8263856d6ebc9327e9fb913604454b4772950271152f45d7ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 16:14:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
content-encoding
br
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://login.t7r.dev
access-control-expose-headers
x-tl-correlation-id
x-tl-correlation-id
87a90489-b7f5-49b9-a4a1-0b19cdbb8209
cache-control
no-store
cf-ray
8a015d926a3ca076-FRA
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _env_ string| url string| href object| payload object| xhr string| data object| webpackChunkauth_dialog_spa object| __SENTRY__ function| _ object| FontAwesomeConfig object| ___FONT_AWESOME___

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://payment.truelayer.com https://truelayer-client-logos.s3-eu-west-1.amazonaws.com https://truelayer-client-logos.s3.amazonaws.com https://truelayer-public-assets.s3.amazonaws.com https://truelayer-provider-assets.s3.amazonaws.com https://providers-assets.truelayer.com https://auth-analytics.truelayer.com https://auth-analytics.t7r.dev https://auth-analytics.truelayer-sandbox.com https://auth.truelayer.com https://auth.t7r.dev https://auth.truelayer-sandbox.com https://login-api.t7r.dev https://login-api.truelayer-sandbox.com https://login-api.truelayer.com https://o268643.ingest.sentry.io https://dev.visualwebsiteoptimizer.com ;img-src 'self' https: data: blob:;frame-ancestors https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de https://login.truelayer-sandbox.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';font-src 'self' data:;frame-src 'none';object-src 'none';report-uri https://o268643.ingest.sentry.io/api/5285290/security/?sentry_key=a3b1c5cebf524d7990f58607d84a9f76;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options allow-from https://console.t7r.dev https://console.truelayer-sandbox.com https://console.truelayer.com https://*.amazon.com https://dev-dsk-kubman-1a-92e7b020.eu-west-1.amazon.com:* https://de-development.amazon.com https://amazon.de https://www.amazon.de
X-Xss-Protection 1; mode=block