app.vanta.com Open in urlscan Pro
52.203.10.41 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Fdocuments%3Ftab...
Effective URL:
https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Fdocuments%3Ftab...
Submission: On February 21 via api (February 21st 2024, 5:09:55 pm UTC) from IE — Scanned from DE

Summary HTTP 45 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 14 IPs in 2 countries across 9 domains to perform 45 HTTP transactions. The main IP is 52.203.10.41, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is app.vanta.com. The Cisco Umbrella rank of the primary domain is 338536.
TLS certificate: Issued by Amazon RSA 2048 M01 on March 25th 2023. Valid for: a year.

This is the only time app.vanta.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 4	52.203.10.41 52.203.10.41	14618 (AMAZON-AES) (AMAZON-AES)
12	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
4	13.32.27.5 13.32.27.5	() ()
1	151.101.130.137 151.101.130.137	() ()
3	99.86.4.9 99.86.4.9	() ()
2	2600:1f18:24e... 2600:1f18:24e6:b902:e376:52a6:4264:a16f	() ()
4	34.66.73.214 34.66.73.214	() ()
2	44.205.146.126 44.205.146.126	() ()
1	2600:1f18:24e... 2600:1f18:24e6:b900:b1ef:143:2f2d:e8da	() ()
2	151.101.64.176 151.101.64.176	() ()
2	44.240.51.134 44.240.51.134	() ()
45	14

4 52.203.10.41 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-203-10-41.compute-1.amazonaws.com

app.vanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

static.vanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.32.27.5 (None, )

ASN- ()

cdn.heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (None, )

ASN- ()

fast.trychameleon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.4.9 (None, )

ASN- ()

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:24e6:b902:e376:52a6:4264:a16f (None, )

ASN- ()

rum.browser-intake-datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.66.73.214 (None, )

ASN- ()

client-api.auryc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.205.146.126 (None, )

ASN- ()

heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:24e6:b900:b1ef:143:2f2d:e8da (None, )

ASN- ()

session-replay.browser-intake-datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.64.176 (None, )

ASN- ()

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.240.51.134 (None, )

ASN- ()

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	vanta.com 1 redirects app.vanta.com — Cisco Umbrella Rank: 338536 static.vanta.com — Cisco Umbrella Rank: 751987	7 MB
6	heapanalytics.com cdn.heapanalytics.com heapanalytics.com	234 KB
5	stripe.com js.stripe.com m.stripe.com	151 KB
4	auryc.com client-api.auryc.com	1 KB
4	gstatic.com fonts.gstatic.com	138 KB
3	browser-intake-datadoghq.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com	1 KB
2	stripe.network m.stripe.network	16 KB
1	trychameleon.com fast.trychameleon.com	2 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	1 KB
45	9

	Domain	Requested by
12	static.vanta.com	app.vanta.com static.vanta.com
4	client-api.auryc.com	static.vanta.com
4	cdn.heapanalytics.com	app.vanta.com cdn.heapanalytics.com
4	fonts.gstatic.com	app.vanta.com fonts.googleapis.com
4	app.vanta.com	1 redirects static.vanta.com
3	js.stripe.com	static.vanta.com js.stripe.com
2	m.stripe.com	m.stripe.network
2	m.stripe.network	js.stripe.com m.stripe.network
2	heapanalytics.com
2	rum.browser-intake-datadoghq.com	static.vanta.com
1	session-replay.browser-intake-datadoghq.com	static.vanta.com
1	fast.trychameleon.com	static.vanta.com
1	fonts.googleapis.com	app.vanta.com
45	13

This site contains links to these domains. Also see Links.

Domain
www.vanta.com

Subject Issuer	Validity	Valid
vanta.com Amazon RSA 2048 M01	`2023-03-25` - `2024-04-22`	a year	crt.sh
static.vanta.com E1	`2024-01-11` - `2024-04-10`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
cdn.heapanalytics.com Amazon RSA 2048 M01	`2023-06-29` - `2024-07-27`	a year	crt.sh
fast.trychameleon.com R3	`2024-01-19` - `2024-04-18`	3 months	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-02-07` - `2024-05-09`	3 months	crt.sh
*.browser-intake-datadoghq.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-17` - `2024-06-18`	a year	crt.sh
*.auryc.com R3	`2024-01-24` - `2024-04-23`	3 months	crt.sh
heapanalytics.com Amazon RSA 2048 M02	`2023-11-09` - `2024-12-08`	a year	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-22` - `2024-03-21`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Fdocuments%3Ftab%3DHR%26status%3DNEEDS_DOCUMENT%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Frame ID: 60E328BA34B892F0508BED6E903D2528
Requests: 37 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 5DB407827D959BA9F8440EB76E02E73C
Requests: 2 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: AF3C7C24DA3F03073FAA96281AF8F3C7
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Vanta

Page URL History Show full URLs

http://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.c... HTTP 301
https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.c... Page URL

Detected technologies

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Heap (Analytics) Expand

Overall confidence: 100%
Detected patterns

heap-\d+\.js

Page Statistics

45
Requests

91 %
HTTPS

38 %
IPv6

9
Domains

13
Subdomains

14
IPs

2
Countries

8215 kB
Transfer

34233 kB
Size

3
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.vanta.com/demo
Title: Contact us.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Fdocuments%3Ftab%3DHR%26status%3DNEEDS_DOCUMENT%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational HTTP 301
https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Fdocuments%3Ftab%3DHR%26status%3DNEEDS_DOCUMENT%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/
Redirect Chain

http://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Fdocuments%3Ftab%3DHR%26status%3DNEEDS_DOCUMENT%26utm_campaign%3DWeeklySummary%26utm_medium%3Dem...
https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Fdocuments%3Ftab%3DHR%26status%3DNEEDS_DOCUMENT%26utm_campaign%3DWeeklySummary%26utm_medium%3De...

1 KB
2 KB

424ms
181ms

Document
text/html

52.203.10.41
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Fdocuments%3Ftab%3DHR%26status%3DNEEDS_DOCUMENT%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.203.10.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-203-10-41.compute-1.amazonaws.com

Software

cloudflare /

Resource Hash

2deb95ef88cf7806b256a593b9d984b3f6015f9e3d3623da948a499e570be835

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://.commandbar.com;object-src 'none';connect-src data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 8590993b0dbb8298-IAD
content-encoding: br
content-length: 496
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
content-type: text/html; charset=utf-8
date: Wed, 21 Feb 2024 17:09:42 GMT
etag: W/"7295d0ae83c5a747c48ca22dac003e24"
expect-ct: max-age=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=abDomosJnPfzrr43D9u29TMhHQ4VKg10IK0IH%2F0stXqwau87HrgBWsI6HywnJTR2j4NeuIqEnf6X6UiA2cLyC0zj7i80l%2FlYh2NM3iLyHbvbixWe0Pq2Qwb2SWFCjobpJ8KQ"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000
uuid: 00f2f8d0-d0dc-11ee-8304-0162843ea8d2
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex
x-xss-protection: 0

Redirect headers

Connection: keep-alive
Content-Length: 134
Content-Type: text/html
Date: Wed, 21 Feb 2024 17:09:41 GMT
Location: https://app.vanta.com:443/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Fdocuments%3Ftab%3DHR%26status%3DNEEDS_DOCUMENT%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Server: awselb/2.0

GET
H2 200 index.ef32215b.css
static.vanta.com/static/ 44 KB
11 KB 467ms
310ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index.ef32215b.css

Requested by

Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Fdocuments%3Ftab%3DHR%26status%3DNEEDS_DOCUMENT%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

810ec34dabbebed972e1a0a93eb83928d505aeb41e4ab8a8205ae0a18616368e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://.commandbar.com;object-src 'none';connect-src data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:09:42 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3ef9496dca9e65924b7c5698e274ca74"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rd3Annyw12Dfv%2FZ1Z2hPsUPxignLj79hJpHrhBtJhGIL8duCPAPtTpPOY6DeCbXoaFh%2FfHYyuWlbdH3oHz9F54L9g1EKGVgCXsAb6%2Bk%2FfDoTJIihCm1kjFt%2F9l%2BNdbwH5ZGR1eAVyTC8jBAT%2Fpag"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8590993cf8f41e99-AMS

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2
fonts.gstatic.com/s/inter/v12/ 37 KB
37 KB 159ms
53ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39e72c0794c12f2dbb14a0f61ca946b535f795b1478fcf795bd26e5cb52ded34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://app.vanta.com/
Origin: https://app.vanta.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 05:02:31 GMT
x-content-type-options: nosniff
age: 43631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37780
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:54:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Feb 2025 05:02:31 GMT

GET
H2 200 L0x8DFMnlVwD4h3hu_qnZypEiw.woff2
fonts.gstatic.com/s/domine/v19/ 27 KB
27 KB 236ms
131ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/domine/v19/L0x8DFMnlVwD4h3hu_qnZypEiw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

331215b2d754c35f93a1868c74124b059095b34b1b49625c9bf149a0e8a19518

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://app.vanta.com/
Origin: https://app.vanta.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 07:33:35 GMT
x-content-type-options: nosniff
age: 34567
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27612
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 19:06:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Feb 2025 07:33:35 GMT

GET
H2 200 css2
fonts.googleapis.com/ 13 KB
1 KB 166ms
62ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Domine:wght@400;600&family=Inter:wght@300;400;500;600;700&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b2c69d708a8abc8a503d23d344b9eeab2159d0a609d60620a7f6c58212f5b8e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Feb 2024 17:09:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 21 Feb 2024 17:09:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Feb 2024 17:09:42 GMT

GET
H2 200 index.679bda3d.css
static.vanta.com/static/ 478 KB
81 KB 290ms
136ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index.679bda3d.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bfba3c3fd364f0ddfaa9ace74f3fa25df63ac491e541b8e342195d51a52afd4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://.commandbar.com;object-src 'none';connect-src data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:09:42 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"0cb873f58d8a3509f6cfa8daea508ccc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GHoXCmifJOqaHg248CqTToT%2FrpYfcBE1gp%2FlOtK98U8PzYpm%2FUOW23gfkfjUoIfhAEWhSJKBi8K0EyzD6H%2F6lMIkejO5%2B9OH8lxA2A39BiSqJUkzXvcYaZZsWS4vQ0v3mpN5gPUid4kMv5qosw%2Bn"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8590993cf8f21e99-AMS

GET
H2 200 index.fd190e71.css
static.vanta.com/static/ 566 B
646 B 287ms
135ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index.fd190e71.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9beae50b8ea51cca1e4fe63ceee608977173aeb44a1d1fa6297d93a3e77f5bd8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://.commandbar.com;object-src 'none';connect-src data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:09:42 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"c78a3167656670f91dc7e03525ef6920"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ALHnOVkGK9088G2PLVmcExCCT8N5DdA1%2FzdYnyGqnAKmnE0SlwcogwgROR7OZCTeRe7njkNt25u40x%2BBMCplK3KPLdjmRY%2BSahiUn3EvWKJ04mYRImihTWbzDSM%2FFnvZALT94R4yrStTZEaJ2CEj"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8590993cf8f31e99-AMS

GET
H2 200 index.04727e09.css
static.vanta.com/static/ 574 B
2 KB 268ms
116ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index.04727e09.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f48582eae2169bd5126b907566d7c70af153b9daff643866b5b98fdac29bd5e7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://.commandbar.com;object-src 'none';connect-src data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:09:42 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"595ce78ec4af2ff37e22c6bf1a059ff7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i875%2BDYkgx5waGfNJJOumo0iPuva%2Fp6M5ZWgwJPJfD8BYxNbN8cU%2FF1Pvu5obYEZhvI1OaPzTBsRdLQKThLfGuZOwVGTK3eXf5N%2FMTifsqetrYbHYoN5S%2BflHDYvHQ1spUsBZf55Bs%2BV41AzPaB2"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8590993cf8f11e99-AMS

GET
H2 200 entry.js Show response
static.vanta.com/static/ 600 B
583 B 98ms
98ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/entry.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

789066657a624ce038d2023f0cf18b10ea28981632fd3e72e6ec69fbd613d90b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://.commandbar.com;object-src 'none';connect-src data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:09:42 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"2ddb57804f772378ad574d41479472c4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6H6Rsm4uEn5anw82i9XPiB0DgfabrsVKSF8EskelZ9Z9gWoa4nGfIUGyykQJGmxIRX4N6y9oKV1etf%2FMqv0RqJ8SbYdeeqCBwAp3UToH8RM%2BP6L4xvxVt%2Bjda9gZHkqQhioVO%2BfKaRPJQs%2FJ4WUK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8590993efa3e1e99-AMS

GET
H2 200 index.2cc4f499.js Show response
static.vanta.com/static/ 16 MB
3 MB 186ms
185ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index.2cc4f499.js

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/entry.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5a92c88316ca463ea150865cfc8dc17929e4aa6ec7ba786e300cf27e8aae69

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://.commandbar.com;object-src 'none';connect-src data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:09:43 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"7e7503ef77b023e134fe639adee92f30"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nDUGdWmo08JWrxwzy0Dr%2BAinbyxbhfcf%2F3bRiV76sUDFdBD6yEuAI%2BvD%2BkNXMHf7g%2BYiE06Bm0swYxOCUR%2BVTk4tHZRKSkK6i99jTN6vEjj0PzIk6%2FYedjwmm9EDJv2G5jZPUr0QC5mmCUiY9iTa"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8590993f9a9a1e99-AMS

GET
H2 200 index.runtime.1320a9f6.js Show response
static.vanta.com/static/ 4 KB
3 KB 101ms
100ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index.runtime.1320a9f6.js

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/entry.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2abd13aeaa208c5820eedbbf03d2eec6c6702a69255cb1f0809eb358455c710

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://.commandbar.com;object-src 'none';connect-src data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:09:43 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"26454de25b56f7d65e2ed5ff786c8296"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wLPBWo7VURwoZu4Vu9O%2BT2oeqG2A3Oco6i1M3AnJWUESfYFHIMITbpUEzI%2BspTIav0deFw75cZb6nwSQchvVTi0gZUDHOaVh7h%2BoW2rssla2n%2FxrKyku8tt1DlwWUsJuYrZvYf4VISxSqLA6cDBA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8590993f9a9b1e99-AMS

GET
H2 200 index.runtime.5cdcfecc.js Show response
static.vanta.com/static/ 31 KB
11 KB 96ms
95ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index.runtime.5cdcfecc.js

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/entry.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ece27120b58c0646ec50fd3b78f13d0bb73e7f3cbac1fbcb9d04bb2584454533

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://.commandbar.com;object-src 'none';connect-src data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:09:43 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"e4cf59026960f0e01da9c37d08a72da7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B2%2FupoAdgmjvR23TD822Tyaxeu%2FHcdr450KrFDAMh6yW8avoHLpAk%2FVYTsV7pMNf%2FL0sfa5sFQaiI8rgXzXKb8%2FxqiM2%2Bni7%2FGMJ7TWaq1aJZ%2B77G3s0%2FMB6XUiY17Fb4U6yE%2BN9Vkv15LmOU%2BMp"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8590993f9a9c1e99-AMS

GET
H2 200 index.66c781cc.js Show response
static.vanta.com/static/ 14 MB
3 MB 433ms
432ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index.66c781cc.js

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/entry.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e13e3921dc321693454c42f7c27b102136ea2d5264b8d6294b47f801cc72cb69

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://.commandbar.com;object-src 'none';connect-src data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:09:43 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"6931c26451cabdd1a5be87979bf79d02"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jibB4%2FXQUVdAkzlAm%2B5KrYgwKE6raHLBPZa9sRmxq9krctSsf9UJ1H7tkAR5PMYmhYw0Vl7eNZNNnH7GzzyGJojVUJ6NhKnGSugPEgPZQBk%2BtiRwERHMfuUhm9aac09XsaH9xJeCX95PhDBstx25"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8590993f9a9d1e99-AMS

GET
H2 200 heap-948124972.js Show response
cdn.heapanalytics.com/js/ 119 KB
38 KB 143ms
46ms Script
application/javascript 13.32.27.5

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.heapanalytics.com/js/heap-948124972.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.5 -, , ASN (),

Reverse DNS

Software

nginx / Express

Resource Hash

c65c5cc8c4671fa42f3d76452be2f573e438aff75ae43eddc9924cb7ee64f9a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:08:14 GMT
content-encoding: br
via: 1.1 ef4ff53b101ef123a46ec560b6c94cb8.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
x-amz-cf-pop: FRA56-C2
age: 90
x-powered-by: Express
etag: W/"1da84-3KFjoFIMnEpnyeIFs0m3cnwGaRo"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=120
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: yAI1YzqO9wfublwjVxYWfTiFgCqUEcS2PluWru4qy34-RqaGXIz8sw==

GET
H2 200 messo.min.js Show response
fast.trychameleon.com/messo/SOeAVlYm1Kff6u9J5AFDbaPsfTr9EOOBq2sZLM1LYalxB9-1KFOH1-CwwKM1tlygzuj0fF/ 4 KB
2 KB 136ms
39ms Script
application/javascript 151.101.130.137

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.trychameleon.com/messo/SOeAVlYm1Kff6u9J5AFDbaPsfTr9EOOBq2sZLM1LYalxB9-1KFOH1-CwwKM1tlygzuj0fF/messo.min.js

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.66c781cc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 -, , ASN (),

Reverse DNS

Software

Resource Hash

990151cb10e0ca555e02f771cfdcd347522fbff5a89de93bf8043b3c99d6f03c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:09:45 GMT
content-encoding: br
via: 1.1 chameleon.io (Hyoid)
strict-transport-security: max-age=31557600
last-modified: Fri, 22 Sep 2023 21:19:38 GMT
etag: "d712cb51ddca79bec27267c5dda35ad1"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, no-cache
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1476

GET
H2 200 v3 Show response
js.stripe.com/ 600 KB
147 KB 158ms
46ms Script
text/javascript 99.86.4.9

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.66c781cc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.9 -, , ASN (),

Reverse DNS

Software

Cloudfront /

Resource Hash

fd14ad513302b20c3cfc56ddf50e0cbb6c7b37e90929c09cdc0983215e8d305f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:09:05 GMT
content-encoding: br
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 41
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
last-modified: Tue, 20 Feb 2024 22:05:19 GMT
server: Cloudfront
etag: W/"9faf3c098157e1e5f44858d831bb11ed"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
timing-allow-origin: *
x-amz-cf-id: FTru8t3VhDnJgAM3TXolcrs3i9GuurcPq9gscXS2NbNjJJ3LteyxIA==

GET
BLOB 200
OK d373bc6a-8433-4abf-a5fb-c6102331aa05
https://app.vanta.com/ 78 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://app.vanta.com/d373bc6a-8433-4abf-a5fb-c6102331aa05
Requested by: Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Fdocuments%3Ftab%3DHR%26status%3DNEEDS_DOCUMENT%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0fe02f62f7609cef88ad3183a29e22e6e7b91ab5dcfaa60ec1afdb6c2adb5cb7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Length: 78
Content-Type: application/javascript

GET
BLOB 200
OK 5e9c8300-ed1d-458b-915c-80329ea04bc7
https://app.vanta.com/ 25 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://app.vanta.com/5e9c8300-ed1d-458b-915c-80329ea04bc7
Requested by: Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Fdocuments%3Ftab%3DHR%26status%3DNEEDS_DOCUMENT%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef42f4aa8f0b88e6d1cf013c7b79133dc4e036a011a70a25fb3113d7685520f0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Length: 25814
Content-Type

POST
H2 200 graphql Show response
app.vanta.com/ 25 B
496 B 125ms
124ms Fetch
application/json 52.203.10.41
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.vanta.com/graphql?operation=userContext

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.2cc4f499.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.203.10.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-203-10-41.compute-1.amazonaws.com

Software

Resource Hash

c7682fb89236766d039f9c72f89dca916ef0003a9c43eba22ca9704194c15115

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

apollographql-client-name: web-client
x-csrf-token: this_csrf_header_is_constant
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
x-datadog-sampling-priority: 1
content-type: application/json
accept: */*
Referer: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Fdocuments%3Ftab%3DHR%26status%3DNEEDS_DOCUMENT%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
apollographql-client-version: 39220e
x-datadog-parent-id: 5351653614614824782
x-datadog-trace-id: 1416375178329568764
graphql-schema-version: 39220e

Response headers

date: Wed, 21 Feb 2024 17:09:46 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-dns-prefetch-control: off
uuid: 033c73a0-d0dc-11ee-866e-8531dd90f8d3
content-length: 25
x-xss-protection: 0
referrer-policy: same-origin
etag: W/"19-AWcZ0/oWRZgbXds9xsp8WpnG9lI"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://app.vanta.com
x-download-options: noopen
access-control-allow-credentials: true
x-robots-tag: noindex

POST
H2 202 rum Show response
rum.browser-intake-datadoghq.com/api/v2/ 53 B
344 B 529ms
244ms Fetch
application/json 2600:1f18:24e6:b902:e376:52a6:4264:a16f

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.46.0%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aweb-client%2Cversion%3Af018081a5d16d6afcef00fd9e0a1dac45a187f92&dd-api-key=pub5be58c436de630b41550fa3f1691dcfb&dd-evp-origin-version=4.46.0&dd-evp-origin=browser&dd-request-id=c94c759a-cc11-4e43-9e04-3a4bd7428305&batch_time=1708535386017

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.2cc4f499.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:24e6:b902:e376:52a6:4264:a16f -, , ASN (),

Reverse DNS

Software

Resource Hash

50c65f047f703cb2449aa65ef4362c8311025002870dbfabdf39c28a645e63b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.vanta.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 21 Feb 2024 17:09:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 53
dd-request-id: c94c759a-cc11-4e43-9e04-3a4bd7428305

GET
H2 200 container.js Show response
cdn.heapanalytics.com/js/replay/2792-Main-prod-heap/ 9 KB
5 KB 45ms
44ms Script
application/javascript 13.32.27.5

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.heapanalytics.com/js/replay/2792-Main-prod-heap/container.js
Requested by: Host: cdn.heapanalytics.com
URL: https://cdn.heapanalytics.com/js/heap-948124972.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.5 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3c32d161cfee462cdfb38beec0dc3bbe9d111724d93cd3e286aa043bb2b011b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: D_480R1RW1qeCSUaWI.7kASZs_uYmMEg
content-encoding: gzip
via: 1.1 ef4ff53b101ef123a46ec560b6c94cb8.cloudfront.net (CloudFront)
date: Wed, 21 Feb 2024 10:43:14 GMT
x-amz-cf-pop: FRA56-C2
age: 30899
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 4577
last-modified: Wed, 06 Dec 2023 01:28:26 GMT
server: AmazonS3
etag: "a816523d8c1a522488e9c713f4bf003b"
content-type: application/javascript
cache-control: public,max-age=86400
accept-ranges: bytes
x-amz-cf-id: CLu6i7r1bRonh3aNdjhzWwjSLTzeakDY_cHnQYitSSNyp-IHvgmWjQ==

GET
H2 200 releasesettings Show response
client-api.auryc.com/ 2 B
160 B 173ms
173ms XHR
application/json 34.66.73.214

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.auryc.com/releasesettings?lib=Web

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.2cc4f499.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.66.73.214 -, , ASN (),

Reverse DNS

Software

istio-envoy /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-authorized-identity: 2792-Main-prod-heap
Referer: https://app.vanta.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
x-authorized-token: b8f4daa15b465e82641d4ee5be8cbc25

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000 ; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Feb 2024 17:09:46 GMT
server: istio-envoy
vary: accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
x-frame-options: DENY
content-type: application/json
access-control-allow-origin: https://app.vanta.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 7
x-xss-protection: 1; mode=block
expires: 0

OPTIONS
H2 200 releasesettings
client-api.auryc.com/ Frame 0
0 467ms
147ms Preflight 34.66.73.214

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.auryc.com/releasesettings?lib=Web

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.66.73.214 -, , ASN (),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: x-authorized-identity,x-authorized-token
Access-Control-Request-Method: GET
Origin: https://app.vanta.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-authorized-identity, x-authorized-token
access-control-allow-methods: OPTIONS,HEAD,GET,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://app.vanta.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
date: Wed, 21 Feb 2024 17:09:46 GMT
expires: 0
pragma: no-cache
server: istio-envoy
strict-transport-security: max-age=31536000 ; includeSubDomains
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
x-envoy-upstream-service-time: 1
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html Show response
js.stripe.com/v3/ Frame 5DB4 200 B
1 KB 42ms
41ms Document
text/html 99.86.4.9

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.9 -, , ASN (),

Reverse DNS

Software

Cloudfront /

Resource Hash

35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.vanta.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 883
cache-control: max-age=31536000
content-length: 200
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 21 Feb 2024 16:55:04 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Fri, 16 Feb 2024 21:04:47 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
x-amz-cf-id: FIhyGYOo-LtfN9sBAm7xu6jX12mqLtvqIq82MRIlPWhppZ-4Xry3cg==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 5DB4 526 B
1 KB 42ms
42ms Script
text/javascript 99.86.4.9

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.9 -, , ASN (),

Reverse DNS

Software

Cloudfront /

Resource Hash

ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 16:55:04 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 883
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
content-length: 526
last-modified: Fri, 16 Feb 2024 21:04:46 GMT
server: Cloudfront
etag: "d96c709017743c0759cf3853d1806ba5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: yC5GwZczM5vBLqZtV0sO5D3AXGdGaWoo1xurmfypEYhIwStNT8byng==

GET
H3 200 fa-regular-400.a2c46ca3.woff2
static.vanta.com/static/ 388 KB
390 KB 206ms
106ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/fa-regular-400.a2c46ca3.woff2

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.04727e09.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b7265fb8e98286a6e61d73e4278df35c0e911db1e8a94c82836d0b21088125b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://.commandbar.com;object-src 'none';connect-src data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.vanta.com/static/index.04727e09.css
Origin: https://app.vanta.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:09:46 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 397196
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "360b3ff42fc66112960a975a4ed00125"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LL%2Ba9AhNFIoZ5m139566AYnJ34FczBVWkNURMX5EiStTwGaxECFJ4M4k9x4%2FFHMckzjF9pRWPAG37F7GhsngdMKudOjGZqdhz5T7oXUeaJJEfMDXuM1mLzYrMYO5hjT3CaxeGN3%2FxWzmcjlRGhMa"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 859099544e900b62-AMS

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 46 KB
46 KB 43ms
42ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Domine:wght@400;600&family=Inter:wght@300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://app.vanta.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:51:45 GMT
x-content-type-options: nosniff
age: 73081
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46704
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Feb 2025 20:51:45 GMT

GET
H2 200 h
heapanalytics.com/ 37 B
260 B 365ms
118ms Image
image/gif 44.205.146.126

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heapanalytics.com/h?a=948124972&u=5211558943149905&v=7552361878058394&s=7028194469557844&b=web&tv=4.0&z=0&h=%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F&q=%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdocuments%253Ftab%253DHR%2526status%253DNEEDS_DOCUMENT%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational&d=app.vanta.com&t=Vanta&ts=1708535386032&sch=1200&scw=1600&st=1708535386170

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.205.146.126 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 17:09:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
etag: W/"25-4iFqfptz9csCeTUceM5hwzR1zqc"
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length: 37

POST
H2 202 replay Show response
session-replay.browser-intake-datadoghq.com/api/v2/ 53 B
344 B 724ms
466ms Fetch
application/json 2600:1f18:24e6:b900:b1ef:143:2f2d:e8da

General

Check archive.org

Show headers Download Go to

Full URL

https://session-replay.browser-intake-datadoghq.com/api/v2/replay?ddsource=browser&ddtags=sdk_version%3A4.46.0%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aweb-client%2Cversion%3Af018081a5d16d6afcef00fd9e0a1dac45a187f92&dd-api-key=pub5be58c436de630b41550fa3f1691dcfb&dd-evp-origin-version=4.46.0&dd-evp-origin=browser&dd-request-id=b1d01fc0-745e-4a83-af9d-3f5799d9a2f4

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.2cc4f499.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:24e6:b900:b1ef:143:2f2d:e8da -, , ASN (),

Reverse DNS

Software

Resource Hash

6ee9c31a7a30715eab585c5d785f1b8ccf61d4393c80c2934bcacebe23702938

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.vanta.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryHZYPbiJGRBx2VCvJ

Response headers

date: Wed, 21 Feb 2024 17:09:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 53
dd-request-id: b1d01fc0-745e-4a83-af9d-3f5799d9a2f4

GET
H3 200 container.js Show response
cdn.heapanalytics.com/js/replay/2792-Main-prod-heap/ 9 KB
5 KB 41ms
41ms Script
application/javascript 13.32.27.5

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.heapanalytics.com/js/replay/2792-Main-prod-heap/container.js
Requested by: Host: cdn.heapanalytics.com
URL: https://cdn.heapanalytics.com/js/heap-948124972.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 13.32.27.5 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3c32d161cfee462cdfb38beec0dc3bbe9d111724d93cd3e286aa043bb2b011b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: D_480R1RW1qeCSUaWI.7kASZs_uYmMEg
content-encoding: gzip
via: 1.1 27f780feafa4114cfc67d86fca85d124.cloudfront.net (CloudFront)
date: Wed, 21 Feb 2024 10:43:14 GMT
age: 30899
x-amz-cf-pop: FRA56-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 4577
last-modified: Wed, 06 Dec 2023 01:28:26 GMT
server: AmazonS3
etag: "a816523d8c1a522488e9c713f4bf003b"
content-type: application/javascript
cache-control: public,max-age=86400
accept-ranges: bytes
x-amz-cf-id: tLomeHwHgcqsrPsUwn5HFJVgD6oO__i5RUw8vKZC62aFx9B0q9LXYg==

GET
H2 200 h
heapanalytics.com/ 37 B
261 B 358ms
118ms Image
image/gif 44.205.146.126

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heapanalytics.com/h?a=948124972&u=5211558943149905&v=2329817013149629&s=7028194469557844&b=web&tv=4.0&z=2&h=%2Flogin&q=%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdomain-redirect%252F657234bfea18d7882cf36ac6%252F%253Fcontinue%253Dhttps%25253A%25252F%25252Fapp.vanta.com%25252Fdocuments%25253Ftab%25253DHR%252526status%25253DNEEDS_DOCUMENT%252526utm_campaign%25253DWeeklySummary%252526utm_medium%25253Demail%252526utm_source%25253Doperational&d=app.vanta.com&t=Vanta&ts=1708535386182&pr=%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F&sp=z&sp=0&sp=ts&sp=1708535386032&sp=d&sp=app.vanta.com&sp=h&sp=%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F&sp=t&sp=Vanta&sp=q&sp=%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdocuments%253Ftab%253DHR%2526status%253DNEEDS_DOCUMENT%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational&sch=1200&scw=1600&st=1708535386182

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.205.146.126 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Feb 2024 17:09:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
etag: W/"25-4iFqfptz9csCeTUceM5hwzR1zqc"
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length: 37

GET
H2 200 inner.html Show response
m.stripe.network/ Frame AF3C 930 B
1 KB 148ms
39ms Document
text/html 151.101.64.176

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 -, , ASN (),

Reverse DNS

Software

Fastly /

Resource Hash

947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 237
cache-control: max-age=300, public
content-encoding: br
content-length: 540
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 21 Feb 2024 17:09:46 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 190
x-content-type-options: nosniff
x-request-id: bf6375bd-0180-472b-8de1-5f8e62d2d3fd
x-served-by: cache-fra-etou8220072-FRA
x-timer: S1708535386.315924,VS0,VE0

POST
H2 200 graphql Show response
app.vanta.com/ 23 B
493 B 122ms
122ms Fetch
application/json 52.203.10.41
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.vanta.com/graphql?operation=getUserLogin

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.2cc4f499.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.203.10.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-203-10-41.compute-1.amazonaws.com

Software

Resource Hash

6bbaeca3971834b646b6ac5ef10a82be7f6fccb409950f00d40206db70fe329f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

apollographql-client-name: web-client
x-csrf-token: this_csrf_header_is_constant
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
x-datadog-sampling-priority: 1
content-type: application/json
accept: */*
Referer: https://app.vanta.com/login?continue=https%3A%2F%2Fapp.vanta.com%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdocuments%253Ftab%253DHR%2526status%253DNEEDS_DOCUMENT%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational
apollographql-client-version: 39220e
x-datadog-parent-id: 186964290185446959
x-datadog-trace-id: 8304149817286137030
graphql-schema-version: 39220e

Response headers

date: Wed, 21 Feb 2024 17:09:46 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-dns-prefetch-control: off
uuid: 035775b0-d0dc-11ee-ac8d-a78e072701ec
content-length: 23
x-xss-protection: 0
referrer-policy: same-origin
etag: W/"17-3u7w0oqvZTJFDVUjVePifsLb5k0"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://app.vanta.com
x-download-options: noopen
access-control-allow-credentials: true
x-robots-tag: noindex

GET
H3 200 login-bg.e278c91b.png
static.vanta.com/static/ 147 KB
149 KB 698ms
698ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.vanta.com/static/login-bg.e278c91b.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb6cf50663ee1130f5bd005ef4569175e096afb8f8ec037abce21a5dcea49e8f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://.commandbar.com;object-src 'none';connect-src data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:09:46 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 150990
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "2c3f5c35f6491fe91af16525ac0776e6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0RzciYRQpPj%2B5KtFK3WJ0DoTRW77Gnie%2BLpw0Im2A%2B2tdnyCUEw%2BndSi06jn10Qn1njxWEK99O%2FAqE0CXbySdBL0yGKTuI%2F%2BaqxyYlQtnGdI2UuL01nFE9qkqKYY%2Fnwv5S81mM%2B1n%2Fhw7c1dcoeh"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 85909955282542a5-EWR

GET
H3 200 L0x8DFMnlVwD4h3hu_qn.woff2
fonts.gstatic.com/s/domine/v20/ 27 KB
27 KB 41ms
41ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/domine/v20/L0x8DFMnlVwD4h3hu_qn.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Domine:wght@400;600&family=Inter:wght@300;400;500;600;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ca7a2bf57b8f60a37d94646e7e67ffda591d8816c58a054d8ff1cc4103ba902

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://app.vanta.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 12:27:21 GMT
x-content-type-options: nosniff
age: 103345
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28060
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:44:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Feb 2025 12:27:21 GMT

GET
H3 200 fa-solid-900.606c9fa0.woff2
static.vanta.com/static/ 318 KB
320 KB 364ms
363ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/fa-solid-900.606c9fa0.woff2

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.fd190e71.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4ce23501f658a336323bd90b52746e73e0ddca6be18651594d169b263db5410

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://.commandbar.com;object-src 'none';connect-src data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.vanta.com/static/index.fd190e71.css
Origin: https://app.vanta.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 17:09:46 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 325592
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "fe9f0be7aa9c07747ec8302c87649404"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GQKsxA1zlJSoPqr%2BOarC4IpkBIxiIWhAob%2BcHFxqCKwTdBcxGDaXOqXK4u%2B5WBUY%2FePLSY125SbNHvxytAE3bSlus%2B9%2B4QkTu5iRnXSusrBPRLjpZyyuObDlhmY%2ByJkgZqKuem%2B0gw%2BBBXiSv2qx"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 85909954efe30b62-AMS

GET
H2 200 out-4.5.43.js Show response
m.stripe.network/ Frame AF3C 87 KB
15 KB 50ms
50ms Script
text/javascript 151.101.64.176

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.43.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 -, , ASN (),

Reverse DNS

Software

Fastly /

Resource Hash

e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Wed, 21 Feb 2024 17:09:46 GMT
x-content-type-options: nosniff
content-encoding: br
via: 1.1 varnish
age: 130
x-cache: HIT
content-length: 15509
x-request-id: 4cd0ed18-3b15-4f3a-b4e0-78dc34e7de6f
x-served-by: cache-fra-etou8220072-FRA
server: Fastly
x-timer: S1708535386.405655,VS0,VE0
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
accept-ranges: bytes
x-cache-hits: 109

POST
H2 200 6 Show response
m.stripe.com/ Frame AF3C 156 B
669 B 657ms
213ms XHR
application/json 44.240.51.134

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.240.51.134 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

77c1f53cf5c5ae08540bc6ab959e21ff8e2936527fb7f1d3814d262bb722292f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 21 Feb 2024 17:09:47 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1708535387033429
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 5
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1708535387033040
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

POST
H2 202 rum Show response
rum.browser-intake-datadoghq.com/api/v2/ 53 B
343 B 149ms
149ms Fetch
application/json 2600:1f18:24e6:b902:e376:52a6:4264:a16f

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.46.0%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aweb-client%2Cversion%3Af018081a5d16d6afcef00fd9e0a1dac45a187f92&dd-api-key=pub5be58c436de630b41550fa3f1691dcfb&dd-evp-origin-version=4.46.0&dd-evp-origin=browser&dd-request-id=b5b2a069-2b04-429e-9943-626664730c77&batch_time=1708535386714

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.2cc4f499.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:24e6:b902:e376:52a6:4264:a16f -, , ASN (),

Reverse DNS

Software

Resource Hash

5df70185f05adffdab13f84d3c044f920392ea514cf4d55cdf82180d742fac15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.vanta.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 21 Feb 2024 17:09:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 53
dd-request-id: b5b2a069-2b04-429e-9943-626664730c77

GET
H3 200 auryc.lib.js Show response
cdn.heapanalytics.com/js/replay/libs/latest/ 695 KB
186 KB 43ms
43ms Script
application/javascript 13.32.27.5

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.heapanalytics.com/js/replay/libs/latest/auryc.lib.js
Requested by: Host: cdn.heapanalytics.com
URL: https://cdn.heapanalytics.com/js/replay/2792-Main-prod-heap/container.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 13.32.27.5 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7453f365efcae51a65348be81f1fa623448c5df91843e1d242915c3dbd202064

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.vanta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: aitZvcoPD_hHYU9VIsednC_iAFYeXHQg
content-encoding: gzip
via: 1.1 27f780feafa4114cfc67d86fca85d124.cloudfront.net (CloudFront)
date: Wed, 21 Feb 2024 07:21:14 GMT
age: 35313
x-amz-cf-pop: FRA56-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 189887
last-modified: Tue, 13 Feb 2024 17:59:41 GMT
server: AmazonS3
etag: "49a5e68ece9e7831ecfad5e0b2ea3cd0"
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: bL15iYGSi4baOpTQEGZIYvAo3WGtXyEWsIM081yX_OhO_dLaCLVwSw==

GET
H2 200 siteconfig Show response
client-api.auryc.com/ 2 KB
1 KB 156ms
156ms XHR
application/json 34.66.73.214

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.auryc.com/siteconfig?lib=web

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.2cc4f499.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.66.73.214 -, , ASN (),

Reverse DNS

Software

istio-envoy /

Resource Hash

66a4e2b283fdd7f741f768185a427d4358582b27919de28b6eae69adabe2f532

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-authorized-identity: 2792-Main-prod-heap
Referer: https://app.vanta.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
x-authorized-token: b8f4daa15b465e82641d4ee5be8cbc25
Content-Type: application/json

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000 ; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Feb 2024 17:09:46 GMT
server: istio-envoy
vary: accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
x-frame-options: DENY
content-type: application/json
access-control-allow-origin: https://app.vanta.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
x-xss-protection: 1; mode=block
expires: 0

OPTIONS
H2 200 siteconfig
client-api.auryc.com/ Frame 0
0 146ms
146ms Preflight 34.66.73.214

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.auryc.com/siteconfig?lib=web

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.66.73.214 -, , ASN (),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-authorized-identity,x-authorized-token
Access-Control-Request-Method: GET
Origin: https://app.vanta.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type, x-authorized-identity, x-authorized-token
access-control-allow-methods: OPTIONS,HEAD,GET,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://app.vanta.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
date: Wed, 21 Feb 2024 17:09:46 GMT
expires: 0
pragma: no-cache
server: istio-envoy
strict-transport-security: max-age=31536000 ; includeSubDomains
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
x-envoy-upstream-service-time: 1
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
BLOB 200
OK 7c161ef1-6275-4aae-a12f-ee859da4b1eb
https://app.vanta.com/ 85 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://app.vanta.com/7c161ef1-6275-4aae-a12f-ee859da4b1eb
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b272e43c528bdb75ea6aacc0fdd09ce62573a3849869f7ea80d532de6a8c57d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Length: 85
Content-Type: application/javascript

GET
BLOB 200
OK e12bb87b-fa0b-48ce-9c13-17e8bdc4bce7
https://app.vanta.com/ 85 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://app.vanta.com/e12bb87b-fa0b-48ce-9c13-17e8bdc4bce7
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b272e43c528bdb75ea6aacc0fdd09ce62573a3849869f7ea80d532de6a8c57d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Length: 85
Content-Type: application/javascript

POST
H2 200 6 Show response
m.stripe.com/ Frame AF3C 156 B
668 B 211ms
210ms XHR
application/json 44.240.51.134

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.240.51.134 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

77c1f53cf5c5ae08540bc6ab959e21ff8e2936527fb7f1d3814d262bb722292f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 21 Feb 2024 17:09:51 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1708535391177447
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 2
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1708535391176958
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.vanta.com/	1970-01-21 04:03:32	Name: _hp2_id.948124972 Value: %7B%22userId%22%3A%225211558943149905%22%2C%22pageviewId%22%3A%222329817013149629%22%2C%22sessionId%22%3A%227028194469557844%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
.vanta.com/	1970-01-20 18:35:37	Name: _hp2_ses_props.948124972 Value: %7B%22ts%22%3A1708535386032%2C%22d%22%3A%22app.vanta.com%22%2C%22h%22%3A%22%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F%22%2C%22q%22%3A%22%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdocuments%253Ftab%253DHR%2526status%253DNEEDS_DOCUMENT%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational%22%7D
app.vanta.com/	1970-01-20 18:35:36	Name: _dd_s Value: logs=1&id=28404c72-33cb-490c-b99e-bef89b0956ae&created=1708535385660&expire=1708536285664&rum=1

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://app.vanta.com/login?continue=https%3A%2F%2Fapp.vanta.com%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdocuments%253Ftab%253DHR%2526status%253DNEEDS_DOCUMENT%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	warning	URL: https://app.vanta.com/login?continue=https%3A%2F%2Fapp.vanta.com%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdocuments%253Ftab%253DHR%2526status%253DNEEDS_DOCUMENT%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational Message: The resource https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://app.vanta.com/login?continue=https%3A%2F%2Fapp.vanta.com%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdocuments%253Ftab%253DHR%2526status%253DNEEDS_DOCUMENT%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational Message: The resource https://fonts.gstatic.com/s/domine/v19/L0x8DFMnlVwD4h3hu_qnZypEiw.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
other	warning	URL: https://app.vanta.com/login?continue=https%3A%2F%2Fapp.vanta.com%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdocuments%253Ftab%253DHR%2526status%253DNEEDS_DOCUMENT%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://app.vanta.com/login?continue=https%3A%2F%2Fapp.vanta.com%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdocuments%253Ftab%253DHR%2526status%253DNEEDS_DOCUMENT%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	warning	URL: https://app.vanta.com/login?continue=https%3A%2F%2Fapp.vanta.com%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdocuments%253Ftab%253DHR%2526status%253DNEEDS_DOCUMENT%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational Message: The resource https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://app.vanta.com/login?continue=https%3A%2F%2Fapp.vanta.com%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdocuments%253Ftab%253DHR%2526status%253DNEEDS_DOCUMENT%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational Message: The resource https://fonts.gstatic.com/s/domine/v19/L0x8DFMnlVwD4h3hu_qnZypEiw.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://.commandbar.com;object-src 'none';connect-src data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.vanta.com
cdn.heapanalytics.com
client-api.auryc.com
fast.trychameleon.com
fonts.googleapis.com
fonts.gstatic.com
heapanalytics.com
js.stripe.com
m.stripe.com
m.stripe.network
rum.browser-intake-datadoghq.com
session-replay.browser-intake-datadoghq.com
static.vanta.com
13.32.27.5
151.101.130.137
151.101.64.176
2600:1f18:24e6:b900:b1ef:143:2f2d:e8da
2600:1f18:24e6:b902:e376:52a6:4264:a16f
2a00:1450:4001:808::200a
2a00:1450:4001:80e::2003
2a06:98c1:3120::3
34.66.73.214
44.205.146.126
44.240.51.134
52.203.10.41
99.86.4.9
0bfba3c3fd364f0ddfaa9ace74f3fa25df63ac491e541b8e342195d51a52afd4
0fe02f62f7609cef88ad3183a29e22e6e7b91ab5dcfaa60ec1afdb6c2adb5cb7
2b7265fb8e98286a6e61d73e4278df35c0e911db1e8a94c82836d0b21088125b
2deb95ef88cf7806b256a593b9d984b3f6015f9e3d3623da948a499e570be835
331215b2d754c35f93a1868c74124b059095b34b1b49625c9bf149a0e8a19518
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
39e72c0794c12f2dbb14a0f61ca946b535f795b1478fcf795bd26e5cb52ded34
3b272e43c528bdb75ea6aacc0fdd09ce62573a3849869f7ea80d532de6a8c57d
3c32d161cfee462cdfb38beec0dc3bbe9d111724d93cd3e286aa043bb2b011b3
4ca7a2bf57b8f60a37d94646e7e67ffda591d8816c58a054d8ff1cc4103ba902
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50c65f047f703cb2449aa65ef4362c8311025002870dbfabdf39c28a645e63b2
5df70185f05adffdab13f84d3c044f920392ea514cf4d55cdf82180d742fac15
66a4e2b283fdd7f741f768185a427d4358582b27919de28b6eae69adabe2f532
6bbaeca3971834b646b6ac5ef10a82be7f6fccb409950f00d40206db70fe329f
6ee9c31a7a30715eab585c5d785f1b8ccf61d4393c80c2934bcacebe23702938
7453f365efcae51a65348be81f1fa623448c5df91843e1d242915c3dbd202064
77c1f53cf5c5ae08540bc6ab959e21ff8e2936527fb7f1d3814d262bb722292f
789066657a624ce038d2023f0cf18b10ea28981632fd3e72e6ec69fbd613d90b
810ec34dabbebed972e1a0a93eb83928d505aeb41e4ab8a8205ae0a18616368e
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
990151cb10e0ca555e02f771cfdcd347522fbff5a89de93bf8043b3c99d6f03c
9beae50b8ea51cca1e4fe63ceee608977173aeb44a1d1fa6297d93a3e77f5bd8
a4ce23501f658a336323bd90b52746e73e0ddca6be18651594d169b263db5410
b2abd13aeaa208c5820eedbbf03d2eec6c6702a69255cb1f0809eb358455c710
b2c69d708a8abc8a503d23d344b9eeab2159d0a609d60620a7f6c58212f5b8e0
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c65c5cc8c4671fa42f3d76452be2f573e438aff75ae43eddc9924cb7ee64f9a1
c7682fb89236766d039f9c72f89dca916ef0003a9c43eba22ca9704194c15115
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e13e3921dc321693454c42f7c27b102136ea2d5264b8d6294b47f801cc72cb69
ece27120b58c0646ec50fd3b78f13d0bb73e7f3cbac1fbcb9d04bb2584454533
ef42f4aa8f0b88e6d1cf013c7b79133dc4e036a011a70a25fb3113d7685520f0
f48582eae2169bd5126b907566d7c70af153b9daff643866b5b98fdac29bd5e7
fb6cf50663ee1130f5bd005ef4569175e096afb8f8ec037abce21a5dcea49e8f
fd14ad513302b20c3cfc56ddf50e0cbb6c7b37e90929c09cdc0983215e8d305f
fd5a92c88316ca463ea150865cfc8dc17929e4aa6ec7ba786e300cf27e8aae69

app.vanta.com Open in urlscan Pro 52.203.10.41 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

45 Requests

91 %HTTPS

38 %IPv6

9 Domains

13 Subdomains

14 IPs

2 Countries

8215 kBTransfer

34233 kBSize

3 Cookies

1 Outgoing links

Page URL History

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

app.vanta.com Open in urlscan Pro
52.203.10.41 Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

91 %
HTTPS

38 %
IPv6

9
Domains

13
Subdomains

14
IPs

2
Countries

8215 kB
Transfer

34233 kB
Size

3
Cookies

45 HTTP transactions
0 data transactions