urlscan.io logo urlscan.io
SecurityTrails logo

www.bahn.de Open in urlscan Pro
2a02:26f0:4700::17d4:6e8b  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Effective URL: https://www.bahn.de/404
Submission: On September 20 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 4 domains to perform 66 HTTP transactions. The main IP is 2a02:26f0:4700::17d4:6e8b, located in Prague, Czech Republic and belongs to AKAMAI-ASN1, NL. The main domain is www.bahn.de. The Cisco Umbrella rank of the primary domain is 50559.
TLS certificate: Issued by R11 on August 28th 2024. Valid for: 3 months.
This is the only time www.bahn.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
42 2a02:26f0:470... 20940 (AKAMAI-ASN1)
7 2a02:26f0:480... 20940 (AKAMAI-ASN1)
7 2600:9000:20e... 16509 (AMAZON-02)
1 2 81.200.195.195 34156 (BAHN-AS-BLN)
1 1 85.14.248.91 24961 (MYLOC-AS ...)
1 2a02:6ea0:c70... 60068 (CDN77 _)
7 2600:9000:275... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
66 8
42    2a02:26f0:4700::17d4:6e8b (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)
www.bahn.de
7    2a02:26f0:480:23::1726:62b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
assets.static-bahn.de
7    2600:9000:20eb:4000:c:198:5740:93a1 (United States)

ASN16509 (AMAZON-02, US)
cms.static-bahn.de
2    81.200.195.195 (Stuttgart, Germany)

ASN34156 (BAHN-AS-BLN, DE)
accounts.bahn.de
1    85.14.248.91 (Germany)

ASN24961 (MYLOC-AS IP Backbone of WIIT AG formerly myLoc managed IT AG, DE)
at.bahn.de
1    2a02:6ea0:c700::107 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
cdn-at.bahn.de
7    2600:9000:275d:9400:1b:1f8f:6780:93a1 (United States)

ASN16509 (AMAZON-02, US)
ucm-eu.verint-cdn.com
1    2606:4700::6812:4239 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.optimizely.com
Apex Domain
Subdomains		 Transfer
46 bahn.de
www.bahn.de — Cisco Umbrella Rank: 50559
accounts.bahn.de — Cisco Umbrella Rank: 93525
at.bahn.de — Cisco Umbrella Rank: 87114
cdn-at.bahn.de — Cisco Umbrella Rank: 299851
421 KB
14 static-bahn.de
assets.static-bahn.de — Cisco Umbrella Rank: 117556
cms.static-bahn.de — Cisco Umbrella Rank: 133259
405 KB
7 verint-cdn.com
ucm-eu.verint-cdn.com — Cisco Umbrella Rank: 93613
66 KB
1 optimizely.com
cdn.optimizely.com — Cisco Umbrella Rank: 1007
2 KB
66 4
Domain Requested by
42 www.bahn.de www.bahn.de
cms.static-bahn.de
7 ucm-eu.verint-cdn.com cms.static-bahn.de
ucm-eu.verint-cdn.com
7 cms.static-bahn.de www.bahn.de
cms.static-bahn.de
7 assets.static-bahn.de www.bahn.de
2 accounts.bahn.de 1 redirects www.bahn.de
1 cdn.optimizely.com www.bahn.de
1 cdn-at.bahn.de
1 at.bahn.de 1 redirects
66 8
Subject Issuer Validity Valid
www.bahn.de
R11		 2024-08-28 -
2024-11-26		 3 months crt.sh
subsites.bahn.de
R10		 2024-08-28 -
2024-11-26		 3 months crt.sh
cms.static-bahn.de
Amazon RSA 2048 M03		 2024-08-23 -
2025-09-21		 a year crt.sh
idm.dbv.service.deutschebahn.com
R11		 2024-08-13 -
2024-11-11		 3 months crt.sh
verint-cdn.com
Amazon RSA 2048 M03		 2024-06-06 -
2025-07-06		 a year crt.sh
cdn.optimizely.com
WE1		 2024-08-23 -
2024-11-21		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.bahn.de/404
Frame ID: B6323CF25CA7CE39120468913232F4B4
Requests: 81 HTTP requests in this frame

Frame: https://www.bahn.de/.resources/bahn-common/webresources/storage/index.html
Frame ID: FEA2C3ED671959100BA5252CC0AD55F5
Requests: 1 HTTP requests in this frame

Frame: https://www.bahn.de/.resources/bahn-common-light/webresources/assets/html/auth.v1.html
Frame ID: F8C8E54FCD7CD8BD92703F6EBF5F5428
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Fehler 404 - Seite nicht gefunden

Page URL History Show full URLs

  1. http://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml HTTP 307
    https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml Page URL
  2. https://www.bahn.de/404 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • vue[.-]([\d.]*\d)[^/]*\.js
Overall confidence: 100%
Detected patterns
  • optimizely\.com.*\.js

Page Statistics

66
Requests

98 %
HTTPS

75 %
IPv6

4
Domains

8
Subdomains

8
IPs

3
Countries

1146 kB
Transfer

2101 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml HTTP 307
    https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml Page URL
  2. https://www.bahn.de/404 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml HTTP 307
  • https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Request Chain 53
  • https://at.bahn.de/ccrm HTTP 302
  • https://cdn-at.bahn.de/1x1.gif
Request Chain 69
  • https://accounts.bahn.de/auth/realms/db/protocol/openid-connect/auth?redirect_uri=https%3A%2F%2Fwww.bahn.de%2F.resources%2Fbahn-common-light%2Fwebresources%2Fassets%2Fhtml%2Fauth.v1.html&client_id=kf_web&response_type=code&state=cOCyNSW9h3&scope=openid%20vendo&response_mode=fragment&prompt=none&code_challenge=Yk0q1fTnvOXlv0rKl0YFclcAS8uYAljPGC28d6uH_D4&code_challenge_method=S256 HTTP 302
  • https://www.bahn.de/.resources/bahn-common-light/webresources/assets/html/auth.v1.html

66 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
_deu.shtml
www.bahn.de//app/_vertraege/_pk/_de/
Redirect Chain
  • http://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
  • https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
369 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
14e08fdf7fe5d7730600a7b84470169ad2ff63685435928a765f89893dc9f0a9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=1
content-length
369
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
content-type
text/html
date
Fri, 20 Sep 2024 04:31:53 GMT
etag
"872bdbc376f6afca335d3f1a8f8bed2f"
expires
Fri, 20 Sep 2024 04:31:54 GMT
last-modified
Wed, 11 Sep 2024 15:51:56 GMT
server
AmazonS3
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-amz-cf-id
HfznsoV2-j0YAGhbikqvoLrcf7ip1bLAVZRP5utEFBOVRCL1yenr9Q==
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
jDt.msTPqGXGCl4VOF4bJpiwk2uMn5W7
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

Location
https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Non-Authoritative-Reason
HttpsUpgrades
Primary Request 404
www.bahn.de/ 		28 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6c07f0f49f7e916013ffb23ff077ad637ca84d74ab6ca83ca41f1192135be9ea
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
public, max-age=1
content-encoding
gzip
content-length
6404
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-type
text/html;charset=UTF-8
date
Fri, 20 Sep 2024 04:31:53 GMT
expires
Fri, 20 Sep 2024 04:31:54 GMT
last-modified
Fri, 20 Sep 2024 04:19:05 GMT
server-timing
intid;desc=055207898c0a1e45
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
sameorigin SAMEORIGIN
x-xss-protection
1; mode=block
favicon.ico
www.bahn.de/ 		5 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2108398
content-encoding
gzip
etag
"1536-61a8354805b40"
x-content-type-options
nosniff
expires
Mon, 14 Oct 2024 14:11:51 GMT
accept-ranges
bytes
content-length
1002
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:53 GMT
content-type
image/x-icon
last-modified
Mon, 10 Jun 2024 06:33:41 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
asyncServices-91cbb27b.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		350 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/asyncServices-91cbb27b.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
46ce05d42c0ace6157a2a88e54fee3c5de0527ba259f3964c650f4c0b8114e9c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/404

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=2616318d31628b95
content-length
219
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 28 Mar 2024 09:15:49 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
auth-6c60cafc.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		157 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/auth-6c60cafc.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
9d4b501a133bf42f12e3d7f72ebd02256f587e6227e40794f24f6ce47909ee0e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/404

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=7573830b0fafcbd5
content-length
47509
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
main-343f61a4.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		244 KB
144 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/main-343f61a4.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
343f61a4c8f52288d55f9d9cdd9c6d6b69a9db6d19c61a549298cc1705714020
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/404

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=d245d31f70f7bdb3
content-length
144647
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
text/css;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
text-image-e0a05c7d.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		760 B
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/text-image-e0a05c7d.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e0a05c7dfbfab6cac8e00a91f558242e72741a554a4cdc598d02c2e4dd038901
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/404

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=6730acc859da0967
content-length
291
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
text/css;charset=UTF-8
last-modified
Mon, 29 Jan 2024 21:43:25 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
highlight-icon-ebd2c53d.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		29 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/highlight-icon-ebd2c53d.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ebd2c53dc1e1739c079620657c5ac09d27d9772bb325b972d1db0f354774fb19
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/404

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=9fbd985dd3e87b23
content-length
8408
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
text/css;charset=UTF-8
last-modified
Mon, 29 Jan 2024 21:43:25 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
business-b1a3fded.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/business-b1a3fded.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b1a3fded96ea035a85bc57354fc31c3020f16ea26a0cd7f83213b446fa4c9c17
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/404

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=6145583814794bc5
content-length
1036
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
text/css;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
db-logo.svg
assets.static-bahn.de/dam/jcr:47b6ca20-95d9-4102-bc5a-6ebb5634f009/ 		828 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/dam/jcr:47b6ca20-95d9-4102-bc5a-6ebb5634f009/db-logo.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:62b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de tealium:; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 20 Oct 2024 04:31:54 GMT
server-timing
intid;desc=7ae50b3cd5c012d5
date
Fri, 20 Sep 2024 04:31:54 GMT
last-modified
Mon, 06 May 2024 11:38:03 GMT
content-type
image/svg+xml;charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="db-logo.svg"
x-frame-options
sameorigin
strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de tealium:; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2592000
access-control-allow-origin
https://www.bahn.de
content-length
480
x-xss-protection
1; mode=block
404-Cartoon.png
assets.static-bahn.de/.imaging/focalpoint/251x251/dam/jcr:b09038be-2282-490d-9c4e-58461419b80c/ 		9 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/251x251/dam/jcr:b09038be-2282-490d-9c4e-58461419b80c/404-Cartoon.png
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:62b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
49f664db1c118c321d89b8c0930d030d1c3defbfc72d841aa5f53876e40912b0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
private, no-transform, max-age=1581265
expires
Tue, 08 Oct 2024 11:46:19 GMT
access-control-allow-origin
https://www.bahn.de
content-length
8979
x-serial
444
date
Fri, 20 Sep 2024 04:31:54 GMT
last-modified
Tue, 13 Aug 2024 20:40:02 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
sameorigin
social-media-icons-bdbca9eb.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		9 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/social-media-icons-bdbca9eb.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
bdbca9ebb7897ae1c6c7a28be71388b2cd67d66cbacb176ed3808310e93c9ed8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/404

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=bbc519971973e721
content-length
3671
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
text/css;charset=UTF-8
last-modified
Wed, 03 Jul 2024 07:41:40 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
footer-image-bar-21839a74.css
www.bahn.de/.resources/bahn-common-light/webresources/css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/footer-image-bar-21839a74.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
21839a7404f2f6c58da0e2eb4dd97153566ade111226822bc05813e05770cafa
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/404

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=53aa080c07310187
content-length
481
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
text/css;charset=UTF-8
last-modified
Mon, 22 Apr 2024 13:59:57 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
paypal.svg
assets.static-bahn.de/dam/jcr:41560da4-1f88-47f5-be6a-6a8db627f24f/ 		11 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/dam/jcr:41560da4-1f88-47f5-be6a-6a8db627f24f/paypal.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:62b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e349f08ef2bbd0b0cbf65b912d0d1a9a6409253b7ab8e979473e0c3ce5deea07
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de tealium:; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 20 Oct 2024 04:31:54 GMT
server-timing
intid;desc=c4ca6f85f19be341
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
image/svg+xml;charset=UTF-8
content-disposition
attachment; filename="paypal.svg"
vary
Accept-Encoding
last-modified
Tue, 07 May 2024 07:24:48 GMT
x-frame-options
sameorigin
strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de tealium:; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2592000
access-control-allow-origin
https://www.bahn.de
content-length
4621
x-xss-protection
1; mode=block
icon_action_credit-card_1z1_fix.svg
assets.static-bahn.de/dam/jcr:edff799a-7517-4bff-9655-e569cb1269d9/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/dam/jcr:edff799a-7517-4bff-9655-e569cb1269d9/icon_action_credit-card_1z1_fix.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:62b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b61a0d1104a1e7143331130d523d2818cd93b466fbafd28034250ad09f7522
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de tealium:; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 20 Oct 2024 04:31:54 GMT
server-timing
intid;desc=a2376f7de041851d
date
Fri, 20 Sep 2024 04:31:54 GMT
last-modified
Fri, 22 Dec 2023 12:07:29 GMT
content-type
image/svg+xml;charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="icon_action_credit-card_1z1_fix.svg"
x-frame-options
sameorigin
strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de tealium:; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2592000
access-control-allow-origin
https://www.bahn.de
content-length
1156
x-xss-protection
1; mode=block
icon_action_SEPA_1z1_fix.svg
assets.static-bahn.de/dam/jcr:0850a93d-94a7-4d9c-88b4-23735103fa58/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/dam/jcr:0850a93d-94a7-4d9c-88b4-23735103fa58/icon_action_SEPA_1z1_fix.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:62b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8d5865f67a25e1a395c3acff873f8a053bf8e1ee45028fce3de94348d92c8705
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de tealium:; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 20 Oct 2024 04:31:54 GMT
server-timing
intid;desc=0ddef65985980f49
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
image/svg+xml;charset=UTF-8
content-disposition
attachment; filename="icon_action_SEPA_1z1_fix.svg"
vary
Accept-Encoding
last-modified
Tue, 07 May 2024 07:26:17 GMT
x-frame-options
sameorigin
strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de tealium:; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2592000
access-control-allow-origin
https://www.bahn.de
content-length
1567
x-xss-protection
1; mode=block
icon_action_giropay_1z1_fix.svg
assets.static-bahn.de/dam/jcr:65863c1f-5208-4136-9059-fa2be9eef038/ 		7 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/dam/jcr:65863c1f-5208-4136-9059-fa2be9eef038/icon_action_giropay_1z1_fix.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:62b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
dfd2a379d47c84d2fb258a52c0dab620bccbb859e30d498946182208bbae2bc6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 20 Oct 2024 04:31:54 GMT
server-timing
intid;desc=ca1feaf29818bd09
date
Fri, 20 Sep 2024 04:31:54 GMT
last-modified
Tue, 06 Feb 2024 15:02:10 GMT
content-type
image/svg+xml;charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="icon_action_giropay_1z1_fix.svg"
x-frame-options
sameorigin
strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2592000
access-control-allow-origin
https://www.bahn.de
content-length
2793
x-xss-protection
1; mode=block
icon_action_apple-pay_1z1_fix.svg
assets.static-bahn.de/dam/jcr:bf72ae9d-3274-4e8a-af14-1b5d88ca5ae7/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.static-bahn.de/dam/jcr:bf72ae9d-3274-4e8a-af14-1b5d88ca5ae7/icon_action_apple-pay_1z1_fix.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:62b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b76a5e8ca4f9a0e58f9eb8b3c80c47dd7cf499386bfd8078f4e842b712324a6f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 20 Oct 2024 04:31:54 GMT
server-timing
intid;desc=150afd989630a2ff
date
Fri, 20 Sep 2024 04:31:54 GMT
last-modified
Tue, 07 May 2024 07:26:41 GMT
content-type
image/svg+xml;charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="icon_action_apple-pay_1z1_fix.svg"
x-frame-options
sameorigin
strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2592000
access-control-allow-origin
https://www.bahn.de
content-length
1264
x-xss-protection
1; mode=block
scripts-86882629.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		50 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3e8bb0476e689493da63b0c4ccbe1d515cd5bd6246b9a97c852cb85f90d2db48
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/404

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=810e214fb7ff8ff3
content-length
16704
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
truncated
/ 		364 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e0c58646f6d51cae4b6a321a4cda8506061527ec8ed23b7bd6ecf3467e99a0e4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		455 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80da003d8010021f3babdeafc674e173263d44a224d742b2499ea57e5ef09b19

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8086f37b2fef5219c0b43c66e419e6e1825aabd68be129ed32a07ed15a5a594b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer

Response headers

Content-Type
application/x-font-woff2;charset=utf-8
truncated
/ 		45 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bc25addd219ee127babf8f983627baefcceb59f88331ca84d393b9fc619c5e7e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer

Response headers

Content-Type
application/x-font-woff2;charset=utf-8
truncated
/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5584fe2257cfa5c4adb5512df868b82272393a03b87f977730f8084b5c393e2c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer

Response headers

Content-Type
application/x-font-woff2;charset=utf-8
initTracking-854c298e.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		11 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/initTracking-854c298e.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
88e240baf6987d5efc44757285b2f97a412f6b3dbdac72c3d656fd4046268199
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=f9e95f65ef8c3f37
access-control-allow-origin
*
content-length
4700
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
chunk-XITKSB4Q-8c1b391b.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		26 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/chunk-XITKSB4Q-8c1b391b.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5e7194a3b57cf252592a4dddc97643f4c8c5c0ffdded7ba3f8d1576ae794f0e4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=232078d67ea510e9
access-control-allow-origin
*
content-length
10266
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
vid-ef10c939.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		10 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/vid-ef10c939.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e42ea2fb8ff4efc4ac1a05b6e9838b47298ce4deb0ec04d2fcb728f8b1c8f695
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=81529e9ffcc2a075
access-control-allow-origin
*
content-length
4378
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
initUserContextService-8c8092d6.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		53 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/initUserContextService-8c8092d6.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
60365c3d475e36155109b056dc3e877b3fdcd49a3331aba8ba2a3d0a90cda956
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=43933da7c599fdb3
access-control-allow-origin
*
content-length
17598
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
initDataLayer-1ac2185d.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		918 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/initDataLayer-1ac2185d.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4a4ec7f60674089e5e12a8687cacd6350ddb55afde1467473dcf040eb77b237c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=58bd9fb9b83c5ff7
access-control-allow-origin
*
content-length
478
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
isGkAdmin-76ed63b8.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		632 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/isGkAdmin-76ed63b8.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5fe0949ac94f5f03238d344d61f495408aa9c15c3d93d7e9d61c989d17068503
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/auth-6c60cafc.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=c88b527bf22b916b
access-control-allow-origin
*
content-length
400
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
chunk-EL7KQT2E-68f10927.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		147 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/chunk-EL7KQT2E-68f10927.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c3f2f5aea18c861ea7bee0668bae0ab159871b39a8d261105bacb779bb434346
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/auth-6c60cafc.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=b59536aa2153b073
access-control-allow-origin
*
content-length
152
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 30 Aug 2024 07:55:29 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
truncated
/ 		548 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0e2fb2fa919688694a9e78981ffe2471094402e3e4b7918038f3eef7e9b07bd5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
385b89f7813e4dbf690ea1864d81549e33592c4e36c1f78de6b929cf7b8dfc66

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cb04d2be14960e9c632c828231484563e0ada2c15f8b43ab903328849be6ed61

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b432b7ab78b80c49e0893b5e1fb1c59a4a3341553f9617b628b34efcab3cff4c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a217d4782d409d6a264908367f91ebed4ccd62d8e7a645b68eda7c09e4ab49c9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		516 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a60a6064ac1724bb0abd0c82cc440ed072cb972ec5262430b5b42c7c859d37d1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		208 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a30e6d88034ba9769cf08be9b3069814dfaf577fde4ad1d887b54abc2cdae057

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
accordion-397b714a.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/accordion-397b714a.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
da0da05878016a8152739782300d7d3fd406eedf4ffab2a70c89b1c21e181141
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=c4a9e3bf0b02441f
content-length
1379
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
app-popup.vue-1f130a45.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		14 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-popup.vue-1f130a45.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
96ff4b4bdf5cae30c2a9d985fe762e9188aba066ee4a59eb9300617b1f6babe1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=215a01486e10178d
content-length
5231
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
contentTeaserDropdown-1e1c4cc1.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/contentTeaserDropdown-1e1c4cc1.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5b799ccd31a3b42e7cef954f06f3eafb1072334f722874573dd1b9bfbc21a160
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=e1c1a590abe2cafd
access-control-allow-origin
*
content-length
732
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Fri, 30 Aug 2024 07:55:29 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
defineAuthButtonWebComponent-38ff3de9.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/defineAuthButtonWebComponent-38ff3de9.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b60c822cb7b7adbd1561489f0f381a683518710ededb9f2a9f7409f9d83f4d80
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=61a73d87429905e5
access-control-allow-origin
*
content-length
1853
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
wcagContentLink-c742f10f.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		268 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/wcagContentLink-c742f10f.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8746be007a504a31a049853ffde3017ea0e55c666a0395eda49f9a6b81bbcab7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=6851020f381dc89d
content-length
212
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Mon, 17 Jun 2024 14:42:33 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
index.html
www.bahn.de/.resources/bahn-common/webresources/storage/ Frame FEA2 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common/webresources/storage/index.html
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/initTracking-854c298e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
197be260b9d7d1e294764119d0d174c910b9bf0d15a18ffb9db1df2680b975f3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https:; img-src 'self' data:; object-src 'none';
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/404
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
public, max-age=300
content-encoding
gzip
content-length
762
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https:; img-src 'self' data:; object-src 'none';
content-type
text/html;charset=UTF-8
date
Fri, 20 Sep 2024 04:31:54 GMT
expires
Fri, 20 Sep 2024 04:36:54 GMT
last-modified
Wed, 17 Jul 2024 13:50:10 GMT
server-timing
intid;desc=fa0cfed713256f95
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
sameorigin SAMEORIGIN
x-xss-protection
1; mode=block
utag.js
cms.static-bahn.de/tms/next-main/ 		247 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.static-bahn.de/tms/next-main/utag.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:4000:c:198:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bf2c2cd2c9c937c1e8155e58cfe557b46695a0204c6a7b85484759f41ce6f5e8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

vary
Accept-Encoding
content-encoding
gzip
etag
W/"c545c265ff1d7bd71616f848950ec890"
x-amz-version-id
0xcwmbMPtFBO3YDQBYSeqDITtKfvIAp3
age
9369
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
86kGEZ4n1CO9l6V0qlYAgsUeO3hdhLogV-aC3tCSU1Lm7wh4nNMpyQ==
date
Fri, 20 Sep 2024 01:55:46 GMT
content-type
text/javascript
last-modified
Wed, 11 Sep 2024 15:53:23 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
openid-configuration
accounts.bahn.de/auth/realms/db/.well-known/ 		9 KB
10 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://accounts.bahn.de/auth/realms/db/.well-known/openid-configuration
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/initUserContextService-8c8092d6.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
81.200.195.195 Stuttgart, Germany, ASN34156 (BAHN-AS-BLN, DE),
Reverse DNS
Software
/
Resource Hash
92de6cfaabf195f55016fe59ba4071912f8ce949224b26f12e158208fe03b249
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://*.hcaptcha.com
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.bahn.de/

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Cache-Control
max-age=86400
Connection
keep-alive
Access-Control-Allow-Credentials
true
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
server-timing
intid;desc=55eb00f5b5447b10, intid;desc=55eb00f5b5447b10
Access-Control-Allow-Origin
https://www.bahn.de
Content-Length
8996
Date
Fri, 20 Sep 2024 04:31:54 GMT
X-XSS-Protection
1; mode=block
Content-Type
application/json
Vary
Origin
X-Frame-Options
ALLOW-FROM https://*.hcaptcha.com
runtime-dom.esm-bundler-f028f032.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		14 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/runtime-dom.esm-bundler-f028f032.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
d87177243a1304919fe552d71e2c644093421dd50b5e59f0941215789d8fe94a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/defineAuthButtonWebComponent-38ff3de9.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=5f34f8f3c0368339
access-control-allow-origin
*
content-length
6168
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
index-f9e4f759.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		14 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/index-f9e4f759.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e5b64368bdd7be72889d09eee4cf8b234d947d02d621eb635006fcfb3dbaf69d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/defineAuthButtonWebComponent-38ff3de9.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=250613787ceeffcd
access-control-allow-origin
*
content-length
5997
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
userStore-646ae70a.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		1 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/userStore-646ae70a.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
aae36eabb57025e9eef4e488498fdde690c8a4c2a74cb70cbe54443f57a21780
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/defineAuthButtonWebComponent-38ff3de9.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=f1e05d7f72a0538d
access-control-allow-origin
*
content-length
815
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
runtime-core.esm-bundler-44bc64f9.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		40 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/runtime-core.esm-bundler-44bc64f9.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c5deba186c34454608fc18694b15efab7983e1f4d32dba08d6e84fc80749c254
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/defineAuthButtonWebComponent-38ff3de9.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=d1900c18e5a014ef
content-length
17260
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
useAuth-805ed0b3.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		500 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/useAuth-805ed0b3.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
11e30503b5704601d6c25024d7ca8a114401a4ccc0a4daa87555c1cc0f051f84
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/defineAuthButtonWebComponent-38ff3de9.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=99f95a9dca8a2c8b
access-control-allow-origin
*
content-length
340
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
emptyUser-3b21948e.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		206 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/emptyUser-3b21948e.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6881e51cf19aa1e7debd1fcb8288a815f1c20902a0d8cfaea6389ed411181608
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/defineAuthButtonWebComponent-38ff3de9.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=0917ad574608883b
access-control-allow-origin
*
content-length
195
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
app-desktop-navigation.vue-657b2ac7.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		9 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-desktop-navigation.vue-657b2ac7.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
628d9bdc9ea5c96569439dcd5ad54d9efcd30f29e183c1b6e96578fd9cfec91f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts-86882629.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=3da109831f91144b
content-length
3726
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
consent-layer-loader.js
cms.static-bahn.de/cms/consent-layer/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-loader.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:4000:c:198:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
07c3d9d6c282cd426c02cc8e3088fead8b50d9f5e47084dc7c85a94bcf0fa0f5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

vary
Accept-Encoding
content-encoding
gzip
x-amz-version-id
6vfxQ.pE22Y7uOGDP5zVvfvOiiJXpzPv
etag
W/"cf17926ff14533fb1e717ede310b2145"
age
81755
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
2wCXZkSQfzf3_4Az5-HBFZedfI7S916nUlqtSX38mRLzZKTenpphFA==
date
Thu, 19 Sep 2024 05:49:20 GMT
content-type
text/javascript
last-modified
Tue, 10 Sep 2024 14:30:41 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
1x1.gif
cdn-at.bahn.de/
Redirect Chain
  • https://at.bahn.de/ccrm
  • https://cdn-at.bahn.de/1x1.gif
799 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-at.bahn.de/1x1.gif
Protocol
H2
Server
2a02:6ea0:c700::107 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
86927cafa657ae14a28bdca63befb837251fc4ce67683aa19fdccf4d1bfeef3b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

etag
"07b81fc1dad971b1c82bff6798131113-1"
x-77-cache
HIT
x-cache
HIT
x-age
234101
date
Fri, 20 Sep 2024 04:31:54 GMT
x-rgw-object-type
Normal
content-type
image/gif
last-modified
Tue, 09 Jan 2024 16:31:09 GMT
x-77-nzt-ray
43862e24fcc4ee9abafaec66cb209c2f
x-77-nzt
A8/T0xk3Nzf/dZIDAJySIR83NzfvCCkFAG09WgJaAuoA
x-amz-request-id
tx0000030c51e53f780759a-0066a397e0-688b349-prg
accept-ranges
bytes
x-77-pop
frankfurtDE
content-length
799
x-accel-date-max
1722335464
x-77-age
234101
x-accel-date
1726572613
server
CDN77-Turbo
x-accel-expires
@1727608793

Redirect headers

Transfer-Encoding
chunked
Cache-Control
max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Location
https://cdn-at.bahn.de/1x1.gif
Pragma
no-cache
Connection
close
cross-origin-resource-policy
cross-origin
X-Content-Type-Options
nosniff
Expires
Mon, 26 Jul 1997 05:00:00 GMT
P3P
policyref="https://at.bahn.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Date
Fri, 20 Sep 2024 04:31:54 GMT
X-Xss-Protection
0
Content-Type
text/html; charset=utf-8
Last-Modified
Fr, 20 Sep 2024 04:31:54 GMT
utag.1.js
cms.static-bahn.de/tms/next-main/ 		72 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.static-bahn.de/tms/next-main/utag.1.js?utv=ut4.51.202409111028
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/tms/next-main/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:4000:c:198:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
70abd125ab2bc2f24425957f94ce5a17b243f550c387b103bbd8e5346bbe8b3b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

vary
Accept-Encoding
content-encoding
gzip
x-amz-version-id
g9vaP7cScm4BJK.6BnMRixE.099wPH0B
etag
W/"d7f15330191ce910f7a8cbcdfbf4089f"
age
81777
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
AXioy8X74ESgIay-A6hlYUo7UoVbjPB1cNmRVS44A2sXm2WjPyMx_g==
date
Thu, 19 Sep 2024 05:48:58 GMT
content-type
text/javascript
last-modified
Wed, 11 Sep 2024 15:53:23 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
utag.11.js
cms.static-bahn.de/tms/next-main/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.static-bahn.de/tms/next-main/utag.11.js?utv=ut4.51.202408221218
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/tms/next-main/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:4000:c:198:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8a38e707dea6144966e63ab83e2318966d1f312f78a36ac8cf002cf7ae1169d6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

vary
Accept-Encoding
content-encoding
gzip
x-amz-version-id
0Ufm_NQ9opbzXuQpoGVAH3RRWCEbwZaT
etag
W/"a36e8e039d7d1bca384d200cb40c0bb4"
age
81758
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
eqPfVYyuczQ4YSSzJsNWizVHduhc4c_5WKPyLKouFWcffu5HF38eAQ==
date
Thu, 19 Sep 2024 05:49:17 GMT
content-type
text/javascript
last-modified
Wed, 11 Sep 2024 15:53:23 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
favicon.ico
www.bahn.de/ 		5 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ae0400d6155fbbd61c93d4f5546e8a2e6c96f6aed576f5728f8500e8e9f6f816
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/404

Response headers

content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=2108398
content-encoding
gzip
etag
"1536-61a8354805b40"
x-content-type-options
nosniff
expires
Mon, 14 Oct 2024 14:11:51 GMT
accept-ranges
bytes
content-length
1002
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:53 GMT
content-type
image/x-icon
last-modified
Mon, 10 Jun 2024 06:33:41 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
consent-layer-standalone.41ba11d4beb2f1ae137d.js
cms.static-bahn.de/cms/consent-layer/js/ 		177 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-standalone.41ba11d4beb2f1ae137d.js
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:4000:c:198:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
40caaaad6a98cd6b7b37d35272af677708739579a0797368db15f3fa609a3575

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

vary
Accept-Encoding
content-encoding
gzip
x-amz-version-id
4AUy2w3_rNyTPissFfX25GJKvUecayjW
etag
W/"82a38d19f4dab861c6ce61c6cf583138"
age
81755
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
JJIIve1LQpIRCm2JZVb6Fltdn7WXGAeLN5zjMaGmhb1eEg5PwFQjGQ==
date
Thu, 19 Sep 2024 05:49:20 GMT
content-type
text/javascript
last-modified
Tue, 10 Sep 2024 14:30:41 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
consent-layer.8e86292968e0f92f75e3.js
cms.static-bahn.de/cms/consent-layer/js/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.static-bahn.de/cms/consent-layer/js/consent-layer.8e86292968e0f92f75e3.js
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:4000:c:198:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
67189e946ffc22d1c31c64db7ab21835069f53efa2b256a2652963936d4c0452

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

vary
Accept-Encoding
content-encoding
gzip
x-amz-version-id
wIHh4Adep.eeo3ve9ndivWIvvf.P0rhI
etag
W/"59aba2c03fd85aff81954528985e118c"
age
81791
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
wXRyoBwub2qB0Z63BlQQS9SGE_efsvb7yHhOLGeFvLT4pOU1yHtx-w==
date
Thu, 19 Sep 2024 05:48:44 GMT
content-type
text/javascript
last-modified
Tue, 10 Sep 2024 14:30:42 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
useGet-9578b255.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		140 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/useGet-9578b255.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
05a68979f0a4c3868b9f23d727e35885950ff904be5369b33ba06f8984867098
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-desktop-navigation.vue-657b2ac7.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=8f13521bdc27de9b
access-control-allow-origin
*
content-length
149
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
CmsLink.vue_vue_type_script_setup_true_lang-67c2b4bc.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		605 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/CmsLink.vue_vue_type_script_setup_true_lang-67c2b4bc.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c7c70245b26cc0af474808f1d8cbec719303b20540a5fb61b21a9f3f27b346db
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-desktop-navigation.vue-657b2ac7.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=08e3dc055590d477
access-control-allow-origin
*
content-length
420
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
useI18n-4fd30a28.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		293 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/useI18n-4fd30a28.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fca57a8e83ec69e59b8d9c87f8c771db8f57219860694ea02a40bf181d300aac
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-desktop-navigation.vue-657b2ac7.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=17231c1e42e778c5
content-length
238
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Thu, 19 Sep 2024 11:43:50 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
findAncestorsByLink-21220cb0.js
www.bahn.de/.resources/bahn-common-light/webresources/js/ 		658 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/findAncestorsByLink-21220cb0.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
cb694f3f8ccf93035d41a3cd6d2a1de1607057129b13c4010d4790abf75c91b8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/.resources/bahn-common-light/webresources/js/app-desktop-navigation.vue-657b2ac7.js

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 20 Sep 2025 04:31:54 GMT
server-timing
intid;desc=7738ac671e3eaae7
access-control-allow-origin
*
content-length
409
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/javascript;charset=UTF-8
last-modified
Tue, 10 Sep 2024 08:34:36 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
4.f5a19d9ccd4efc1e9903.js
cms.static-bahn.de/cms/consent-layer/js/ 		188 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.static-bahn.de/cms/consent-layer/js/4.f5a19d9ccd4efc1e9903.js
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:4000:c:198:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2f0229f0e9539381565e9947097662c4563041adbeef1da4b47a25546bcdbdb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

vary
Accept-Encoding
content-encoding
gzip
x-amz-version-id
wJo65b2iiIBd0uIc6w1_nc1TK3cpe_CO
etag
W/"f0f87dc37d674edb5b921138b0308e4e"
age
81796
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
ikDoSk6F4dncMQ3iavbGbe73jqd2X3v1E9j51uKR4mTufxmFeYGyrA==
date
Thu, 19 Sep 2024 05:48:39 GMT
content-type
text/javascript
last-modified
Tue, 10 Sep 2024 14:30:41 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
truncated
/ 		208 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9ba7319051bb586b77a46b5aa7a664f577f1e95a78be1129f12476deeef241c7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8086f37b2fef5219c0b43c66e419e6e1825aabd68be129ed32a07ed15a5a594b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer

Response headers

Content-Type
application/x-font-woff2;charset=utf-8
truncated
/ 		45 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bc25addd219ee127babf8f983627baefcceb59f88331ca84d393b9fc619c5e7e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer

Response headers

Content-Type
application/x-font-woff2;charset=utf-8
truncated
/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5584fe2257cfa5c4adb5512df868b82272393a03b87f977730f8084b5c393e2c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer

Response headers

Content-Type
application/x-font-woff2;charset=utf-8
desktop
www.bahn.de/.rest/navigation/ 		14 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.rest/navigation/desktop?root=a5a66ce9-1eaa-41d7-87d4-1c9e52ea2bb1&site=next-bahn-de&lang=de
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/index-f9e4f759.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4f543ba0ddd8245ef71f0020245943283f16056bdb705c2219467e10827989ba
Security Headers
Name Value
Content-Security-Policy default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/404

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
cache-control
public, max-age=61
content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 20 Sep 2024 04:32:55 GMT
server-timing
intid;desc=6e61b5985d30f7db, intid;desc=6e61b5985d30f7db
content-length
2328
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:54 GMT
content-type
application/json;charset=UTF-8
last-modified
Fri, 20 Sep 2024 04:27:57 GMT
vary
Accept-Encoding
x-frame-options
sameorigin, SAMEORIGIN
auth.v1.html
www.bahn.de/.resources/bahn-common-light/webresources/assets/html/ Frame F8C8
Redirect Chain
  • https://accounts.bahn.de/auth/realms/db/protocol/openid-connect/auth?redirect_uri=https%3A%2F%2Fwww.bahn.de%2F.resources%2Fbahn-common-light%2Fwebresources%2Fassets%2Fhtml%2Fauth.v1.html&client_id=...
  • https://www.bahn.de/.resources/bahn-common-light/webresources/assets/html/auth.v1.html
0
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/assets/html/auth.v1.html
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/initUserContextService-8c8092d6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
public, max-age=31536000
content-encoding
gzip
content-length
20
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-type
text/html;charset=UTF-8
date
Fri, 20 Sep 2024 04:31:55 GMT
expires
Sat, 20 Sep 2025 04:31:55 GMT
last-modified
Fri, 22 Sep 2023 07:01:04 GMT
server-timing
intid;desc=d3ec31d3ddc00697
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
sameorigin SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

Cache-Control
no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
0
Date
Fri, 20 Sep 2024 04:31:54 GMT
Location
https://www.bahn.de/.resources/bahn-common-light/webresources/assets/html/auth.v1.html#error=login_required&state=cOCyNSW9h3
Referrer-Policy
no-referrer
Server-Timing
intid;desc=1bdb2606dd8bd250
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
server-timing
intid;desc=1bdb2606dd8bd250
user-context-data
www.bahn.de/web/api/kundenkonto/ 		90 B
881 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/web/api/kundenkonto/user-context-data
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/initUserContextService-8c8092d6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
efb6f8479192826d16401c81a6d66e06b75793cf696d4cd917084715316a4df8
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/404
x-correlation-id
a4f02d4f-c3e4-4839-a9da-527caf363f2d_ea3c2909-6f32-4f20-8373-8e891fc89cf7
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept
application/json;charset=utf-8
content-type
application/json;charset=utf-8

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
cache-control
private, max-age=60
etag
W/"5a-g3GO6Iib84nBrmVNuRHICMdTzDM"
x-content-type-options
nosniff
server-timing
intid;desc=b7d23670d61c6474, intid;desc=b7d23670d61c6474
content-length
90
date
Fri, 20 Sep 2024 04:31:55 GMT
x-xss-protection
1; mode=block
content-type
application/json; charset=utf-8
vary
accept,authorization,cookie
x-frame-options
SAMEORIGIN
truncated
/ 		448 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f7c24dba7a46112b0f5d36478b8329b6cb76304b48a1b8395b2c4b32b838ac1f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
id
www.bahn.de/st/ 		48 B
750 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/st/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&mid=35251745637062356056897691891428726032&ts=1726806715254
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/tms/next-main/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
jag /
Resource Hash
3425ae99b855093932c6d29d8200f65f8bc556d8cd0ea7fcd0bc0e2cd0622d19
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.bahn.de/404

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
cache-control
private, no-cache, no-store, no-transform
x-content-type-options
nosniff
expires
Fri, 20 Sep 2024 04:31:55 GMT
access-control-allow-origin
*
p3p
CP="This is not a P3P policy"
content-length
48
x-xss-protection
1; mode=block
date
Fri, 20 Sep 2024 04:31:55 GMT
content-type
application/x-javascript;charset=utf-8
server
jag
x-frame-options
SAMEORIGIN
sdk.js
ucm-eu.verint-cdn.com/files/sites/next-bahn-de/live/ 		63 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ucm-eu.verint-cdn.com/files/sites/next-bahn-de/live/sdk.js
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/tms/next-main/utag.11.js?utv=ut4.51.202408221218
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:275d:9400:1b:1f8f:6780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
d599d9a26e991e7669751ad91fca74c6db6c17210005c9e65a2504b86f402b0e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
cache-control
public, max-age=3600
content-encoding
br
age
403
via
1.1 7daf545331a4f565a58e22b0fa952528.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
X0FpXJYKLmD3E9Oh7TVkLbZZa1mrDcrp9D4x3h1ZPwqV_QV9491SAA==
date
Fri, 20 Sep 2024 04:25:12 GMT
content-type
application/javascript; charset=utf-8
x-powered-by
Express
vary
Accept-Encoding
x-amz-cf-pop
FRA56-P11
s97057585113407
www.bahn.de/st/b/ss/dbbahnprod/1/JS-2.23.0/ 		43 B
805 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/st/b/ss/dbbahnprod/1/JS-2.23.0/s97057585113407?AQB=1&ndh=1&pf=1&t=20%2F8%2F2024%206%3A31%3A55%205%20-120&sdid=6045EAC4DF32D440-4BC6D1CAA2DFA9B0&mid=35251745637062356056897691891428726032&ce=UTF-8&ns=deutschebahn&cdp=2&pageName=bahn-de_404page&g=https%3A%2F%2Fwww.bahn.de%2F404&r=https%3A%2F%2Fwww.bahn.de%2F%2Fapp%2F_vertraege%2F_pk%2F_de%2F_deu.shtml&cc=EUR&ch=Content&c3=Anonym&v3=Anonym&c4=Content&v4=Content&c22=https%3A%2F%2Fwww.bahn.de%2F404&v22=https%3A%2F%2Fwww.bahn.de%2F404&c24=bahn-de_404page&v24=bahn-de_404page&v45=32&v46=no%20visitor%20cookie&v47=32&c69=Logout&v69=Logout&c74=bahn-de_404page&v74=bahn-de_404page&c75=https%3A%2F%2Fwww.bahn.de%2F404&v75=https%3A%2F%2Fwww.bahn.de%2F404&v97=Nein&v106=None&v110=bahn-de&v111=www.bahn.de&v112=404page&v113=Content&v115=https%3A%2F%2Fwww.bahn.de%2F404&v116=https%3A%2F%2Fwww.bahn.de%2F%2Fapp%2F_vertraege%2F_pk%2F_de%2F_deu.shtml&v117=de&v118=Landscape&v119=undefined_1600x1200&v120=404page&v121=Logout&v122=Anonym&v126=false&v186=view%3Eut4.51.202409111028&v187=prd--default&v199=next-main%20%3E%20true&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&AQE=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6e8b Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/404

Response headers

etag
3708289185351827456-4618519683984241490
x-content-type-options
nosniff
expires
Fri, 20 Sep 2024 04:31:55 GMT
p3p
CP="This is not a P3P policy"
date
Fri, 20 Sep 2024 04:31:55 GMT
last-modified
Sat, 21 Sep 2024 04:31:55 GMT
content-type
image/gif;charset=utf-8
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-security-policy
default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
cache-control
private, no-cache, no-store, no-transform
pragma
no-cache
access-control-allow-origin
*
content-length
43
x-xss-protection
1; mode=block
server
jag
2VwfARuJAzeMmnZHy6KR3.json
cdn.optimizely.com/datafiles/ 		9 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/datafiles/2VwfARuJAzeMmnZHy6KR3.json
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/auth-6c60cafc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4239 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ff5f106f83818a97d0c9a1b4ea65366e30df0d8f58ac808ee9f4223a516f7ab

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

access-control-max-age
604800
access-control-expose-headers
Access-Control-Allow-Origin, Content-Length
content-encoding
gzip
cf-cache-status
HIT
etag
"ecc7bac0d729e6b84670a50a558662f1"
x-amz-version-id
_2H7qZuEQLeccwtog6MZv7Qf4lHuFEcA
age
27
access-control-allow-methods
GET, HEAD, OPTIONS
date
Fri, 20 Sep 2024 04:31:55 GMT
x-amz-meta-revision
291
content-type
application/json; charset=utf-8
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Wed, 18 Sep 2024 10:52:36 GMT
x-amz-id-2
z6KzzbU8tuSGWv/HWazq1KKYWSnXuD1fqftoyAVsevzFQSOl2/Lri/6kad7vcS0LqZUUKzHw1Fw=
access-control-allow-headers
*
x-amz-replication-status
PENDING
cache-control
max-age=120
x-amz-meta-pci_enabled
False
access-control-allow-credentials
false
x-amz-request-id
FD9TRTJYESQWK2AM
cf-ray
8c5f16b3fd5e4dc0-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1699
server
cloudflare
x-amz-server-side-encryption
AES256
config.json
ucm-eu.verint-cdn.com/files/sites/next-bahn-de/live/ 		128 KB
10 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ucm-eu.verint-cdn.com/files/sites/next-bahn-de/live/config.json
Requested by
Host: ucm-eu.verint-cdn.com
URL: https://ucm-eu.verint-cdn.com/files/sites/next-bahn-de/live/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:275d:9400:1b:1f8f:6780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
e4a603ac3bebd10a38d0ef558a6480d3aa51d883fc4eabcc7105f43920703a8a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
cache-control
public, max-age=3600
content-encoding
br
age
2782
via
1.1 7daf545331a4f565a58e22b0fa952528.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
vsVShLLivaHeVZKwnlooU4Hol_csyHm4tmNBr5oBfn9ZUHpvjxKupg==
date
Fri, 20 Sep 2024 03:45:33 GMT
content-type
application/json; charset=utf-8
x-powered-by
Express
vary
Accept-Encoding
x-amz-cf-pop
FRA56-P11
customcode.js
ucm-eu.verint-cdn.com/files/sites/next-bahn-de/live/ 		17 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ucm-eu.verint-cdn.com/files/sites/next-bahn-de/live/customcode.js
Requested by
Host: ucm-eu.verint-cdn.com
URL: https://ucm-eu.verint-cdn.com/files/sites/next-bahn-de/live/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:275d:9400:1b:1f8f:6780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
b8121cc266f09f35aa0615e9be6d4ab03949d56f830b1c14d3905fc7737a7812
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
cache-control
public, max-age=3600
content-encoding
br
age
1246
via
1.1 7daf545331a4f565a58e22b0fa952528.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
PfsDOf6eyaDpW3e5RQobDZqTirZNP3Ib1A9rX_i9ofkdF0mfsQkfWA==
date
Fri, 20 Sep 2024 04:11:09 GMT
content-type
application/javascript; charset=utf-8
x-powered-by
Express
vary
Accept-Encoding
x-amz-cf-pop
FRA56-P11
visitor.js
ucm-eu.verint-cdn.com/files/modules/unified-websdk/1.14.2/ 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ucm-eu.verint-cdn.com/files/modules/unified-websdk/1.14.2/visitor.js
Requested by
Host: ucm-eu.verint-cdn.com
URL: https://ucm-eu.verint-cdn.com/files/sites/next-bahn-de/live/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:275d:9400:1b:1f8f:6780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
60785390b2730a8e2de767a4f1c6006de12f0a5d01c28bc672582f7b0777d998
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
cache-control
public, max-age=2592000;
content-encoding
br
age
2229144
via
1.1 7daf545331a4f565a58e22b0fa952528.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
JzDEA8n0nfwl4RTn4kpa810tWBCL5hOkQfnT2jnU6ed7Cu-SFUsI0A==
date
Sun, 25 Aug 2024 09:19:31 GMT
content-type
application/javascript; charset=utf-8
x-powered-by
Express
vary
Accept-Encoding
x-amz-cf-pop
FRA56-P11
rules-engine.js
ucm-eu.verint-cdn.com/files/modules/unified-websdk/1.14.2/ 		46 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ucm-eu.verint-cdn.com/files/modules/unified-websdk/1.14.2/rules-engine.js
Requested by
Host: ucm-eu.verint-cdn.com
URL: https://ucm-eu.verint-cdn.com/files/sites/next-bahn-de/live/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:275d:9400:1b:1f8f:6780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
09c9cbbe1ba84294bc51b67964769e38920405b1b2a274a947a5fa1a2a1d761a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
cache-control
public, max-age=2592000;
content-encoding
br
age
2127035
via
1.1 7daf545331a4f565a58e22b0fa952528.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
vEH5jVT6nziRIallbYk_7Kb5v5vfJADcHSjDh23FBDTTVw7ajxARgg==
date
Mon, 26 Aug 2024 13:41:20 GMT
content-type
application/javascript; charset=utf-8
x-powered-by
Express
vary
Accept-Encoding
x-amz-cf-pop
FRA56-P11
database.js
ucm-eu.verint-cdn.com/files/modules/unified-websdk/1.14.2/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ucm-eu.verint-cdn.com/files/modules/unified-websdk/1.14.2/database.js
Requested by
Host: ucm-eu.verint-cdn.com
URL: https://ucm-eu.verint-cdn.com/files/sites/next-bahn-de/live/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:275d:9400:1b:1f8f:6780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
977617feb489eede86f22aa5a53f942de5841f9688b3a5b341423d8e99dafb7f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
cache-control
public, max-age=2592000;
content-encoding
br
age
2315537
via
1.1 7daf545331a4f565a58e22b0fa952528.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
eE1JIZeQ8_NQ_F6Kp1Jdv8UjDyolugnFAW8AIGpAuF4sKradHlN_EA==
date
Sat, 24 Aug 2024 09:19:38 GMT
content-type
application/javascript; charset=utf-8
x-powered-by
Express
vary
Accept-Encoding
x-amz-cf-pop
FRA56-P11
scoring-engine.js
ucm-eu.verint-cdn.com/files/modules/unified-websdk/1.14.2/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ucm-eu.verint-cdn.com/files/modules/unified-websdk/1.14.2/scoring-engine.js
Requested by
Host: ucm-eu.verint-cdn.com
URL: https://ucm-eu.verint-cdn.com/files/sites/next-bahn-de/live/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:275d:9400:1b:1f8f:6780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
08a89ab4432c5c334c41a29fecaa8c8c7c595c8633aad0300c61913703279ba5
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.bahn.de
Referer
https://www.bahn.de/

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
cache-control
public, max-age=2592000;
content-encoding
br
age
2229144
via
1.1 7daf545331a4f565a58e22b0fa952528.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
7xA-K2lhIwOV8J4qxvkxMhzTld7tZebc-pNqbnyFID__cFp7DHrFbQ==
date
Sun, 25 Aug 2024 09:19:31 GMT
content-type
application/javascript; charset=utf-8
x-powered-by
Express
vary
Accept-Encoding
x-amz-cf-pop
FRA56-P11

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| bahn object| skyframe object| consentLayer object| cmsFrontendConfig object| digitalData object| abTestingService object| authentication object| personalisationService object| asyncServices object| classValidatorMetadataStorage string| view object| tmsTagConfig function| isInIframe object| utag function| loadLibrary object| utag_cfg_ovrd object| utag_data function| DataLayerHelper object| teal object| helper object| __VUE_INSTANCE_SETTERS__ object| __VUE_SSR_SETTERS__ object| webpack_consent-layer string| globalAccount object| s function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq object| s_c_il number| s_c_in boolean| __VUE__ string| lastBuiltCorrelationId object| adobe function| Visitor function| uwsReady object| optimizely object| s_i_dbbahnprod object| unifiedSDK

16 Cookies

Domain/Path Name / Value
accounts.bahn.de/auth/realms/db/ Name: AUTH_SESSION_ID
Value: e220fe9c-e42c-455f-9e47-c18051988f30.rh-sso-6468c7dd4b-dthds
accounts.bahn.de/auth/realms/db/ Name: AUTH_SESSION_ID_LEGACY
Value: e220fe9c-e42c-455f-9e47-c18051988f30.rh-sso-6468c7dd4b-dthds
accounts.bahn.de/auth/realms/db/ Name: IDM_SID
Value: 692eff26-ef98-4274-87d2-fe83d38a1789
accounts.bahn.de/auth/realms/db/ Name: TS0135fa4a
Value: 0144e11a9195e24c998efc15edf7ba35f5c8ca383c26d93aaa38953f08f8116a33037b8e74c77cb015e48537f856d586ebcedf8490
.bahn.de/ Name: request_consent_v
Value: 3
.accounts.bahn.de/ Name: TS016c400a
Value: 0144e11a9195e24c998efc15edf7ba35f5c8ca383c26d93aaa38953f08f8116a33037b8e74c77cb015e48537f856d586ebcedf8490
accounts.bahn.de/ Name: TS51bc32fa027
Value: 0850f34bcdab2000e8631f8f8339d1dc218f44f1fa10ce91b6afad7a836cedba4daeaf2b7f932a7c081891bd29113000c56be31210c58c72aee79d9e6a0e456a54884a96446551b00cad251b56eaeb1f3729605543c9beb32917d1f4d138f710
www.bahn.de/ Name: TS01309da6
Value: 0144e11a91517914994e985818f24c984041672ad4c4efae5a2e60280ca37a6c930883ca58ac76e0ad98648badce9bd517cb7472d3
.bahn.de/ Name: utag_main
Value: v_id:01920db36889003ef3fdfde62b5205065001705d00b08$_sn:1$_se:1%3Bexp-session$_ss:1%3Bexp-session$_st:1726808514505%3Bexp-session$ses_id:1726806714505%3Bexp-session$_pn:1%3Bexp-session$vapi_domain:bahn.de
.bahn.de/ Name: s_ecid
Value: MCMID%7C35251745637062356056897691891428726032
.bahn.de/ Name: s_cc
Value: true
.bahn.de/ Name: AMCVS_5FA50A5953FB37E50A4C98BC%40AdobeOrg
Value: 1
.bahn.de/ Name: AMCV_5FA50A5953FB37E50A4C98BC%40AdobeOrg
Value: 179643557%7CMCIDTS%7C19987%7CMCMID%7C35251745637062356056897691891428726032%7CMCAID%7CNONE%7CMCOPTOUT-1726813915s%7CNONE%7CvVersion%7C5.5.0
.bahn.de/ Name: uws_session
Value: %7B%22start%22%3A1726806715541%2C%22count%22%3A1%2C%22referrer%22%3A%22www.bahn.de%2F%2Fapp%2F_vertraege%2F_pk%2F_de%2F_deu.shtml%22%7D%7Csession_timeout
.bahn.de/ Name: uws_rate_comparators
Value: %7B%22global%22%3A63820942%7D%7Csession_timeout
.bahn.de/ Name: uws_visitor
Value: %7B%22vid%22%3A%22172680671554130146%22%2C%22start%22%3A1726806715541%2C%22count%22%3A1%7D%7C1734582715563

2 Console Messages

Source Level URL
Text
network error URL: https://www.bahn.de//app/_vertraege/_pk/_de/_deu.shtml
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.bahn.de/404
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https: tealium:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: tealium: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.bahn.de
assets.static-bahn.de
at.bahn.de
cdn-at.bahn.de
cdn.optimizely.com
cms.static-bahn.de
ucm-eu.verint-cdn.com
www.bahn.de
2600:9000:20eb:4000:c:198:5740:93a1
2600:9000:275d:9400:1b:1f8f:6780:93a1
2606:4700::6812:4239
2a02:26f0:4700::17d4:6e8b
2a02:26f0:480:23::1726:62b8
2a02:6ea0:c700::107
81.200.195.195
85.14.248.91
05a68979f0a4c3868b9f23d727e35885950ff904be5369b33ba06f8984867098
07c3d9d6c282cd426c02cc8e3088fead8b50d9f5e47084dc7c85a94bcf0fa0f5
08a89ab4432c5c334c41a29fecaa8c8c7c595c8633aad0300c61913703279ba5
09c9cbbe1ba84294bc51b67964769e38920405b1b2a274a947a5fa1a2a1d761a
0e2fb2fa919688694a9e78981ffe2471094402e3e4b7918038f3eef7e9b07bd5
11e30503b5704601d6c25024d7ca8a114401a4ccc0a4daa87555c1cc0f051f84
14e08fdf7fe5d7730600a7b84470169ad2ff63685435928a765f89893dc9f0a9
197be260b9d7d1e294764119d0d174c910b9bf0d15a18ffb9db1df2680b975f3
21839a7404f2f6c58da0e2eb4dd97153566ade111226822bc05813e05770cafa
3425ae99b855093932c6d29d8200f65f8bc556d8cd0ea7fcd0bc0e2cd0622d19
343f61a4c8f52288d55f9d9cdd9c6d6b69a9db6d19c61a549298cc1705714020
385b89f7813e4dbf690ea1864d81549e33592c4e36c1f78de6b929cf7b8dfc66
3e8bb0476e689493da63b0c4ccbe1d515cd5bd6246b9a97c852cb85f90d2db48
40caaaad6a98cd6b7b37d35272af677708739579a0797368db15f3fa609a3575
46ce05d42c0ace6157a2a88e54fee3c5de0527ba259f3964c650f4c0b8114e9c
49f664db1c118c321d89b8c0930d030d1c3defbfc72d841aa5f53876e40912b0
4a4ec7f60674089e5e12a8687cacd6350ddb55afde1467473dcf040eb77b237c
4f543ba0ddd8245ef71f0020245943283f16056bdb705c2219467e10827989ba
5584fe2257cfa5c4adb5512df868b82272393a03b87f977730f8084b5c393e2c
5b799ccd31a3b42e7cef954f06f3eafb1072334f722874573dd1b9bfbc21a160
5e7194a3b57cf252592a4dddc97643f4c8c5c0ffdded7ba3f8d1576ae794f0e4
5fe0949ac94f5f03238d344d61f495408aa9c15c3d93d7e9d61c989d17068503
60365c3d475e36155109b056dc3e877b3fdcd49a3331aba8ba2a3d0a90cda956
60785390b2730a8e2de767a4f1c6006de12f0a5d01c28bc672582f7b0777d998
628d9bdc9ea5c96569439dcd5ad54d9efcd30f29e183c1b6e96578fd9cfec91f
67189e946ffc22d1c31c64db7ab21835069f53efa2b256a2652963936d4c0452
6881e51cf19aa1e7debd1fcb8288a815f1c20902a0d8cfaea6389ed411181608
6c07f0f49f7e916013ffb23ff077ad637ca84d74ab6ca83ca41f1192135be9ea
70abd125ab2bc2f24425957f94ce5a17b243f550c387b103bbd8e5346bbe8b3b
8086f37b2fef5219c0b43c66e419e6e1825aabd68be129ed32a07ed15a5a594b
80da003d8010021f3babdeafc674e173263d44a224d742b2499ea57e5ef09b19
86927cafa657ae14a28bdca63befb837251fc4ce67683aa19fdccf4d1bfeef3b
8746be007a504a31a049853ffde3017ea0e55c666a0395eda49f9a6b81bbcab7
88e240baf6987d5efc44757285b2f97a412f6b3dbdac72c3d656fd4046268199
8a38e707dea6144966e63ab83e2318966d1f312f78a36ac8cf002cf7ae1169d6
8d5865f67a25e1a395c3acff873f8a053bf8e1ee45028fce3de94348d92c8705
92de6cfaabf195f55016fe59ba4071912f8ce949224b26f12e158208fe03b249
96ff4b4bdf5cae30c2a9d985fe762e9188aba066ee4a59eb9300617b1f6babe1
977617feb489eede86f22aa5a53f942de5841f9688b3a5b341423d8e99dafb7f
9ba7319051bb586b77a46b5aa7a664f577f1e95a78be1129f12476deeef241c7
9d4b501a133bf42f12e3d7f72ebd02256f587e6227e40794f24f6ce47909ee0e
9ff5f106f83818a97d0c9a1b4ea65366e30df0d8f58ac808ee9f4223a516f7ab
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a217d4782d409d6a264908367f91ebed4ccd62d8e7a645b68eda7c09e4ab49c9
a2f0229f0e9539381565e9947097662c4563041adbeef1da4b47a25546bcdbdb
a30e6d88034ba9769cf08be9b3069814dfaf577fde4ad1d887b54abc2cdae057
a60a6064ac1724bb0abd0c82cc440ed072cb972ec5262430b5b42c7c859d37d1
aae36eabb57025e9eef4e488498fdde690c8a4c2a74cb70cbe54443f57a21780
ae0400d6155fbbd61c93d4f5546e8a2e6c96f6aed576f5728f8500e8e9f6f816
b1a3fded96ea035a85bc57354fc31c3020f16ea26a0cd7f83213b446fa4c9c17
b432b7ab78b80c49e0893b5e1fb1c59a4a3341553f9617b628b34efcab3cff4c
b60c822cb7b7adbd1561489f0f381a683518710ededb9f2a9f7409f9d83f4d80
b76a5e8ca4f9a0e58f9eb8b3c80c47dd7cf499386bfd8078f4e842b712324a6f
b8121cc266f09f35aa0615e9be6d4ab03949d56f830b1c14d3905fc7737a7812
bc25addd219ee127babf8f983627baefcceb59f88331ca84d393b9fc619c5e7e
bdbca9ebb7897ae1c6c7a28be71388b2cd67d66cbacb176ed3808310e93c9ed8
bf2c2cd2c9c937c1e8155e58cfe557b46695a0204c6a7b85484759f41ce6f5e8
c3f2f5aea18c861ea7bee0668bae0ab159871b39a8d261105bacb779bb434346
c5deba186c34454608fc18694b15efab7983e1f4d32dba08d6e84fc80749c254
c7c70245b26cc0af474808f1d8cbec719303b20540a5fb61b21a9f3f27b346db
cb04d2be14960e9c632c828231484563e0ada2c15f8b43ab903328849be6ed61
cb694f3f8ccf93035d41a3cd6d2a1de1607057129b13c4010d4790abf75c91b8
d599d9a26e991e7669751ad91fca74c6db6c17210005c9e65a2504b86f402b0e
d87177243a1304919fe552d71e2c644093421dd50b5e59f0941215789d8fe94a
da0da05878016a8152739782300d7d3fd406eedf4ffab2a70c89b1c21e181141
da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe
dfd2a379d47c84d2fb258a52c0dab620bccbb859e30d498946182208bbae2bc6
e0a05c7dfbfab6cac8e00a91f558242e72741a554a4cdc598d02c2e4dd038901
e0c58646f6d51cae4b6a321a4cda8506061527ec8ed23b7bd6ecf3467e99a0e4
e349f08ef2bbd0b0cbf65b912d0d1a9a6409253b7ab8e979473e0c3ce5deea07
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b61a0d1104a1e7143331130d523d2818cd93b466fbafd28034250ad09f7522
e42ea2fb8ff4efc4ac1a05b6e9838b47298ce4deb0ec04d2fcb728f8b1c8f695
e4a603ac3bebd10a38d0ef558a6480d3aa51d883fc4eabcc7105f43920703a8a
e5b64368bdd7be72889d09eee4cf8b234d947d02d621eb635006fcfb3dbaf69d
ebd2c53dc1e1739c079620657c5ac09d27d9772bb325b972d1db0f354774fb19
efb6f8479192826d16401c81a6d66e06b75793cf696d4cd917084715316a4df8
f7c24dba7a46112b0f5d36478b8329b6cb76304b48a1b8395b2c4b32b838ac1f
fca57a8e83ec69e59b8d9c87f8c771db8f57219860694ea02a40bf181d300aac