urlscan.io logo urlscan.io
SecurityTrails logo

hackerone.com Open in urlscan Pro
2606:4700::6810:6434  Public Scan

Go To Rescan Add Verdict Report
URL: https://hackerone.com/reports/83578
Submission: On September 07 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 4 domains to perform 38 HTTP transactions. The main IP is 2606:4700::6810:6434, located in United States and belongs to CLOUDFLARENET, US. The main domain is hackerone.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 12th 2020. Valid for: 2 years.
This is the only time hackerone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
32 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 52.218.212.73 16509 (AMAZON-02)
38 6
32    2606:4700::6810:6434 (United States)

ASN13335 (CLOUDFLARENET, US)
hackerone.com
1    2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2606:4700::6811:ea35 (United States)

ASN13335 (CLOUDFLARENET, US)
errors.hackerone.net
1    52.218.212.73 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-r-w.amazonaws.com
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
Domain Requested by
32 hackerone.com hackerone.com
3 www.google-analytics.com hackerone.com
www.google-analytics.com
1 hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
1 errors.hackerone.net hackerone.com
38 4

This site contains no links.

Subject Issuer Validity Valid
hackerone.com
DigiCert SHA2 Extended Validation Server CA		 2020-02-12 -
2022-03-09		 2 years crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
errors.hackerone.net
DigiCert SHA2 Extended Validation Server CA		 2020-12-23 -
2022-01-23		 a year crt.sh
*.s3-us-west-2.amazonaws.com
DigiCert Baltimore CA-2 G2		 2021-06-23 -
2022-07-24		 a year crt.sh

This page contains 1 frames:

Primary Page: https://hackerone.com/reports/83578
Frame ID: 146005D50FA6C40CE9BE3B191D078F05
Requests: 39 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

#83578 owncloud.com: PermError SPF Permanent Error: Too many DNS lookups

Detected technologies

Overall confidence: 50%
Detected patterns
  • meta csrf-param /^authenticity_token$/i
Overall confidence: 50%
Detected patterns
  • meta csrf-param /^authenticity_token$/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

38
Requests

97 %
HTTPS

80 %
IPv6

4
Domains

4
Subdomains

6
IPs

2
Countries

2376 kB
Transfer

10675 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

38 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 83578
hackerone.com/reports/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/reports/83578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc80c99734fc297843947aebf533aca789df6e0a3bf5abd37d4d6051e7990d78
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
hackerone.com
:scheme
https
:path
/reports/83578
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:10 GMT
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store
content-disposition
inline; filename="response.html"
x-request-id
7b8d576a-a4a9-42c9-ae5a-fd60438220b5
etag
W/"dc80c99734fc297843947aebf533aca7"
set-cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; path=/; expires=Sat, 07 Sep 2041 14:22:10 GMT; secure; HttpOnly; SameSite=None __Host-session=TE90QnVTSFdreUpyNnZmWm83cU1vbWJQTTc3WFNMUWhDR3BZd1BWK2VncTIyZWJvK1hKNUpFK1hoalpHODJMNEpFQWNTOVMvaS9vUk1XNjZ4M3dGVGFCL2hqT2dwMXdNRS9FZWttT1lSOVNsWmtTVFZLNE8yMGd1UmlmSEdpMU5LUHE1TlBreTk2TVVYSDE3bVNDSEpONUhQWXh5QjVpQTFHaG54dDN1Y0Y0Y1ZGS1RnZURmblp1Y24vOWpDRG1hTit4bVU2WGdFSHBDMHBmSW1rb29xQlYrWXFHQWtvbGJaQ1FCc054c1Rva2Ird0NSTHRIWnJLbllzUFJJODVWWmcrU09wV1psM2JIMmYzVm5nKzhFbjBiaU01RGRxU3g1aUFIVm8wd1NvNW89LS0zK0wyQWhLWjlFSzZXaXlDTjNXYmJBPT0%3D--dd1e80e5f4a462157ac0ecaba655d055c077a724; path=/; expires=Tue, 21 Sep 2021 14:22:10 GMT; secure; HttpOnly; SameSite=None
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-frame-options
DENY
x-content-type-options
nosniff
x-xss-protection
1; mode=block
x-download-options
noopen
x-permitted-cross-domain-policies
none
referrer-policy
strict-origin-when-cross-origin
expect-ct
enforce, max-age=86400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
68b096747a7fd70d-FRA
content-encoding
br
vendors~main.cf9b328e.chunk.css
hackerone.com/assets/static/css/ 		15 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/static/css/vendors~main.cf9b328e.chunk.css
Requested by
Host: hackerone.com
URL: https://hackerone.com/reports/83578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41f8017dfce3679e0bd7f9c524ee808387d7705a78916a7166a8ed84be8c228d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/static/css/vendors~main.cf9b328e.chunk.css
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; __Host-session=TE90QnVTSFdreUpyNnZmWm83cU1vbWJQTTc3WFNMUWhDR3BZd1BWK2VncTIyZWJvK1hKNUpFK1hoalpHODJMNEpFQWNTOVMvaS9vUk1XNjZ4M3dGVGFCL2hqT2dwMXdNRS9FZWttT1lSOVNsWmtTVFZLNE8yMGd1UmlmSEdpMU5LUHE1TlBreTk2TVVYSDE3bVNDSEpONUhQWXh5QjVpQTFHaG54dDN1Y0Y0Y1ZGS1RnZURmblp1Y24vOWpDRG1hTit4bVU2WGdFSHBDMHBmSW1rb29xQlYrWXFHQWtvbGJaQ1FCc054c1Rva2Ird0NSTHRIWnJLbllzUFJJODVWWmcrU09wV1psM2JIMmYzVm5nKzhFbjBiaU01RGRxU3g1aUFIVm8wd1NvNW89LS0zK0wyQWhLWjlFSzZXaXlDTjNXYmJBPT0%3D--dd1e80e5f4a462157ac0ecaba655d055c077a724
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
433442
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 02 Sep 2021 13:57:36 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
text/css
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b096761d3dd70d-FRA
expires
Fri, 08 Oct 2021 14:22:10 GMT
main.de2cbd38.css
hackerone.com/assets/static/css/ 		5 MB
471 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/static/css/main.de2cbd38.css
Requested by
Host: hackerone.com
URL: https://hackerone.com/reports/83578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31ab35cfd4181e258f783d58d8ce39bb9cb36288fde769bd373d967a1c94fe59
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/static/css/main.de2cbd38.css
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; __Host-session=TE90QnVTSFdreUpyNnZmWm83cU1vbWJQTTc3WFNMUWhDR3BZd1BWK2VncTIyZWJvK1hKNUpFK1hoalpHODJMNEpFQWNTOVMvaS9vUk1XNjZ4M3dGVGFCL2hqT2dwMXdNRS9FZWttT1lSOVNsWmtTVFZLNE8yMGd1UmlmSEdpMU5LUHE1TlBreTk2TVVYSDE3bVNDSEpONUhQWXh5QjVpQTFHaG54dDN1Y0Y0Y1ZGS1RnZURmblp1Y24vOWpDRG1hTit4bVU2WGdFSHBDMHBmSW1rb29xQlYrWXFHQWtvbGJaQ1FCc054c1Rva2Ird0NSTHRIWnJLbllzUFJJODVWWmcrU09wV1psM2JIMmYzVm5nKzhFbjBiaU01RGRxU3g1aUFIVm8wd1NvNW89LS0zK0wyQWhLWjlFSzZXaXlDTjNXYmJBPT0%3D--dd1e80e5f4a462157ac0ecaba655d055c077a724
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
89158
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 06 Sep 2021 13:35:32 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
text/css
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b096761d40d70d-FRA
expires
Fri, 08 Oct 2021 14:22:10 GMT
vendor-c3c42b51ea238385dd0fe1c4b7c84e4dc9beb8c01c991878923ec9ffa5d0b5cd.css
hackerone.com/assets/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/vendor-c3c42b51ea238385dd0fe1c4b7c84e4dc9beb8c01c991878923ec9ffa5d0b5cd.css
Requested by
Host: hackerone.com
URL: https://hackerone.com/reports/83578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3c42b51ea238385dd0fe1c4b7c84e4dc9beb8c01c991878923ec9ffa5d0b5cd
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/vendor-c3c42b51ea238385dd0fe1c4b7c84e4dc9beb8c01c991878923ec9ffa5d0b5cd.css
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; __Host-session=TE90QnVTSFdreUpyNnZmWm83cU1vbWJQTTc3WFNMUWhDR3BZd1BWK2VncTIyZWJvK1hKNUpFK1hoalpHODJMNEpFQWNTOVMvaS9vUk1XNjZ4M3dGVGFCL2hqT2dwMXdNRS9FZWttT1lSOVNsWmtTVFZLNE8yMGd1UmlmSEdpMU5LUHE1TlBreTk2TVVYSDE3bVNDSEpONUhQWXh5QjVpQTFHaG54dDN1Y0Y0Y1ZGS1RnZURmblp1Y24vOWpDRG1hTit4bVU2WGdFSHBDMHBmSW1rb29xQlYrWXFHQWtvbGJaQ1FCc054c1Rva2Ird0NSTHRIWnJLbllzUFJJODVWWmcrU09wV1psM2JIMmYzVm5nKzhFbjBiaU01RGRxU3g1aUFIVm8wd1NvNW89LS0zK0wyQWhLWjlFSzZXaXlDTjNXYmJBPT0%3D--dd1e80e5f4a462157ac0ecaba655d055c077a724
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
1609587
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 06 Aug 2021 18:44:04 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
text/css
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b096761d42d70d-FRA
expires
Fri, 08 Oct 2021 14:22:10 GMT
constants-b7af17fea48e05a177cda20dfbfde6d632bc559f3ab172a1cfb6969893db2692.js
hackerone.com/assets/ 		46 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/constants-b7af17fea48e05a177cda20dfbfde6d632bc559f3ab172a1cfb6969893db2692.js
Requested by
Host: hackerone.com
URL: https://hackerone.com/reports/83578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7af17fea48e05a177cda20dfbfde6d632bc559f3ab172a1cfb6969893db2692
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/constants-b7af17fea48e05a177cda20dfbfde6d632bc559f3ab172a1cfb6969893db2692.js
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; __Host-session=TE90QnVTSFdreUpyNnZmWm83cU1vbWJQTTc3WFNMUWhDR3BZd1BWK2VncTIyZWJvK1hKNUpFK1hoalpHODJMNEpFQWNTOVMvaS9vUk1XNjZ4M3dGVGFCL2hqT2dwMXdNRS9FZWttT1lSOVNsWmtTVFZLNE8yMGd1UmlmSEdpMU5LUHE1TlBreTk2TVVYSDE3bVNDSEpONUhQWXh5QjVpQTFHaG54dDN1Y0Y0Y1ZGS1RnZURmblp1Y24vOWpDRG1hTit4bVU2WGdFSHBDMHBmSW1rb29xQlYrWXFHQWtvbGJaQ1FCc054c1Rva2Ird0NSTHRIWnJLbllzUFJJODVWWmcrU09wV1psM2JIMmYzVm5nKzhFbjBiaU01RGRxU3g1aUFIVm8wd1NvNW89LS0zK0wyQWhLWjlFSzZXaXlDTjNXYmJBPT0%3D--dd1e80e5f4a462157ac0ecaba655d055c077a724
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
626138
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 31 Aug 2021 07:47:28 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/javascript
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b096761d43d70d-FRA
expires
Fri, 08 Oct 2021 14:22:10 GMT
vendors~main.aa349b05.chunk.js
hackerone.com/assets/static/js/ 		3 MB
957 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Requested by
Host: hackerone.com
URL: https://hackerone.com/reports/83578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6a7e39d163f6a15f719b779f02b23e98b050a220f0d7c67961e7e48c6057091
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/static/js/vendors~main.aa349b05.chunk.js
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; __Host-session=TE90QnVTSFdreUpyNnZmWm83cU1vbWJQTTc3WFNMUWhDR3BZd1BWK2VncTIyZWJvK1hKNUpFK1hoalpHODJMNEpFQWNTOVMvaS9vUk1XNjZ4M3dGVGFCL2hqT2dwMXdNRS9FZWttT1lSOVNsWmtTVFZLNE8yMGd1UmlmSEdpMU5LUHE1TlBreTk2TVVYSDE3bVNDSEpONUhQWXh5QjVpQTFHaG54dDN1Y0Y0Y1ZGS1RnZURmblp1Y24vOWpDRG1hTit4bVU2WGdFSHBDMHBmSW1rb29xQlYrWXFHQWtvbGJaQ1FCc054c1Rva2Ird0NSTHRIWnJLbllzUFJJODVWWmcrU09wV1psM2JIMmYzVm5nKzhFbjBiaU01RGRxU3g1aUFIVm8wd1NvNW89LS0zK0wyQWhLWjlFSzZXaXlDTjNXYmJBPT0%3D--dd1e80e5f4a462157ac0ecaba655d055c077a724
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
15805
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 07 Sep 2021 09:58:09 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/javascript
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b096761d46d70d-FRA
expires
Fri, 08 Oct 2021 14:22:10 GMT
main.fda3b099.js
hackerone.com/assets/static/js/ 		1 MB
365 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/static/js/main.fda3b099.js
Requested by
Host: hackerone.com
URL: https://hackerone.com/reports/83578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4d2b7660bfcdf3acf3913f204ff7c5b60c20110dae0c93135e5a195fa263a8c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/static/js/main.fda3b099.js
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; __Host-session=TE90QnVTSFdreUpyNnZmWm83cU1vbWJQTTc3WFNMUWhDR3BZd1BWK2VncTIyZWJvK1hKNUpFK1hoalpHODJMNEpFQWNTOVMvaS9vUk1XNjZ4M3dGVGFCL2hqT2dwMXdNRS9FZWttT1lSOVNsWmtTVFZLNE8yMGd1UmlmSEdpMU5LUHE1TlBreTk2TVVYSDE3bVNDSEpONUhQWXh5QjVpQTFHaG54dDN1Y0Y0Y1ZGS1RnZURmblp1Y24vOWpDRG1hTit4bVU2WGdFSHBDMHBmSW1rb29xQlYrWXFHQWtvbGJaQ1FCc054c1Rva2Ird0NSTHRIWnJLbllzUFJJODVWWmcrU09wV1psM2JIMmYzVm5nKzhFbjBiaU01RGRxU3g1aUFIVm8wd1NvNW89LS0zK0wyQWhLWjlFSzZXaXlDTjNXYmJBPT0%3D--dd1e80e5f4a462157ac0ecaba655d055c077a724
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
15805
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 07 Sep 2021 09:58:10 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/javascript
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b096761d48d70d-FRA
expires
Fri, 08 Oct 2021 14:22:10 GMT
application-929246d848aa547a6956502fca1cb3f6449bbb562d54d7ae66a34682b4fc7743.js
hackerone.com/assets/ 		582 B
400 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/application-929246d848aa547a6956502fca1cb3f6449bbb562d54d7ae66a34682b4fc7743.js
Requested by
Host: hackerone.com
URL: https://hackerone.com/reports/83578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
929246d848aa547a6956502fca1cb3f6449bbb562d54d7ae66a34682b4fc7743
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/application-929246d848aa547a6956502fca1cb3f6449bbb562d54d7ae66a34682b4fc7743.js
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; __Host-session=TE90QnVTSFdreUpyNnZmWm83cU1vbWJQTTc3WFNMUWhDR3BZd1BWK2VncTIyZWJvK1hKNUpFK1hoalpHODJMNEpFQWNTOVMvaS9vUk1XNjZ4M3dGVGFCL2hqT2dwMXdNRS9FZWttT1lSOVNsWmtTVFZLNE8yMGd1UmlmSEdpMU5LUHE1TlBreTk2TVVYSDE3bVNDSEpONUhQWXh5QjVpQTFHaG54dDN1Y0Y0Y1ZGS1RnZURmblp1Y24vOWpDRG1hTit4bVU2WGdFSHBDMHBmSW1rb29xQlYrWXFHQWtvbGJaQ1FCc054c1Rva2Ird0NSTHRIWnJLbllzUFJJODVWWmcrU09wV1psM2JIMmYzVm5nKzhFbjBiaU01RGRxU3g1aUFIVm8wd1NvNW89LS0zK0wyQWhLWjlFSzZXaXlDTjNXYmJBPT0%3D--dd1e80e5f4a462157ac0ecaba655d055c077a724
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
1609587
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 06 Aug 2021 18:44:04 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/javascript
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b096761d49d70d-FRA
expires
Fri, 08 Oct 2021 14:22:10 GMT
gates
hackerone.com/ 		2 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/gates
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; __Host-session=TE90QnVTSFdreUpyNnZmWm83cU1vbWJQTTc3WFNMUWhDR3BZd1BWK2VncTIyZWJvK1hKNUpFK1hoalpHODJMNEpFQWNTOVMvaS9vUk1XNjZ4M3dGVGFCL2hqT2dwMXdNRS9FZWttT1lSOVNsWmtTVFZLNE8yMGd1UmlmSEdpMU5LUHE1TlBreTk2TVVYSDE3bVNDSEpONUhQWXh5QjVpQTFHaG54dDN1Y0Y0Y1ZGS1RnZURmblp1Y24vOWpDRG1hTit4bVU2WGdFSHBDMHBmSW1rb29xQlYrWXFHQWtvbGJaQ1FCc054c1Rva2Ird0NSTHRIWnJLbllzUFJJODVWWmcrU09wV1psM2JIMmYzVm5nKzhFbjBiaU01RGRxU3g1aUFIVm8wd1NvNW89LS0zK0wyQWhLWjlFSzZXaXlDTjNXYmJBPT0%3D--dd1e80e5f4a462157ac0ecaba655d055c077a724
:path
/gates
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://hackerone.com/reports/83578
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-disposition
inline; filename="response.json"
x-xss-protection
1; mode=block
x-request-id
1d116e20-ca75-4e9b-8693-e91e219f71ec
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
etag
W/"44136fa355b3678a1146ad16f7e8649e"
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
set-cookie
__Host-session=Smx5SmlNbjNtTllnaUJ1YWk2U3YyZlkyZTc0RC9yQjNGeitSQ1lvb2ZiUW40MU0vMGZYeXpzTk9SRFF3M3hUUG5QS29HVk9laVF5dHRaeVV5WXoyQzNRWVJ3Mmk3eCt4dS80UHo4cVJUeUpxemVoV0t3MnBqbTVYenlaVVp3WllaUmoyTGp1U3d3ZE14VWUwZ0ZURGM3dlcrNmd4T0tHZTA1RHVKamE4ckIzeFRJMFFlaXVFQnhoNGJKTE9CZjdGcEpaOTNZeHc4YmZhRTF4RWM3Nkc3ZkZVL0E3R2FQTzNJL3UzNjJLOUVSSDVFWWNlajJGZ0d2U3hWYXJLS2V6RUZheVdHZXdjbnB0TU81U1VxejdVWjBWcm1KYkRxcC9NMWloT0lGNDNiN009LS1LMVMxeTh6UStCaE5iNVE5Q1Uyd2F3PT0%3D--0c5090d16e09f9cd1a18f2908a85f95e47b4515d; path=/; expires=Tue, 21 Sep 2021 14:22:11 GMT; secure; HttpOnly; SameSite=None
cf-ray
68b096783911d70d-FRA
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/application-929246d848aa547a6956502fca1cb3f6449bbb562d54d7ae66a34682b4fc7743.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://hackerone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
5411
date
Tue, 07 Sep 2021 12:52:00 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Tue, 07 Sep 2021 14:52:00 GMT
current_user
hackerone.com/ 		151 B
740 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/current_user
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
748575ea552615fa5692e57081d6e1415de2f8737c427805be6f43d10b8c9871
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; __Host-session=Smx5SmlNbjNtTllnaUJ1YWk2U3YyZlkyZTc0RC9yQjNGeitSQ1lvb2ZiUW40MU0vMGZYeXpzTk9SRFF3M3hUUG5QS29HVk9laVF5dHRaeVV5WXoyQzNRWVJ3Mmk3eCt4dS80UHo4cVJUeUpxemVoV0t3MnBqbTVYenlaVVp3WllaUmoyTGp1U3d3ZE14VWUwZ0ZURGM3dlcrNmd4T0tHZTA1RHVKamE4ckIzeFRJMFFlaXVFQnhoNGJKTE9CZjdGcEpaOTNZeHc4YmZhRTF4RWM3Nkc3ZkZVL0E3R2FQTzNJL3UzNjJLOUVSSDVFWWNlajJGZ0d2U3hWYXJLS2V6RUZheVdHZXdjbnB0TU81U1VxejdVWjBWcm1KYkRxcC9NMWloT0lGNDNiN009LS1LMVMxeTh6UStCaE5iNVE5Q1Uyd2F3PT0%3D--0c5090d16e09f9cd1a18f2908a85f95e47b4515d
:path
/current_user
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://hackerone.com/reports/83578
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-disposition
inline; filename="response.json"
x-xss-protection
1; mode=block
x-request-id
17a1eb45-6b67-4613-91c3-8edf24c2788e
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
etag
W/"748575ea552615fa5692e57081d6e141"
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
set-cookie
__Host-session=UkVScVM4SENCcGJ4aFlXSWJSMUZmbHhKK09XSml2ZUh2Y2d2UGhQRHBMdy9VeDdIMHFKQ1Z6TVVaVzBpOVh6M3I1VGl6MU9UNVF5T1FnUVlKdnM4eUdMekpiTjMvSUxKYXVUZWUyQk1FczVKY2tIa0Jqcm9admloNUhIbDh5bDNXSjhyWjROOFdhRkxQdHhuQXJoUEpINUd1WDRCbzJKUkFqcVpiUk00Rk5pKzdMcHBNQmRTR2UzK3gwQXk3N3J2dHJwOThOWTNZK3FtaUpiUFFYUHZvV1FVZnY0TWhwdVpjUVpCanczMkR2S2ZVeFYyNnRWR2lTb01DZmpZc3cvUDlMQ212QUhXRzBSMEpPQWVxNThEeVBwYmc5UXZYMjRrV3JxUnlrN2lpcGs9LS12UzJiUVhYaTlCSEhHUVJDeTV4RmVRPT0%3D--72a83fc8247f9cf624cc85a445abd1aa401d6aa1; path=/; expires=Tue, 21 Sep 2021 14:22:11 GMT; secure; HttpOnly; SameSite=None
cf-ray
68b0967c1834d70d-FRA
138.f57fe8c8.chunk.js
hackerone.com/assets/static/js/ 		598 B
672 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/static/js/138.f57fe8c8.chunk.js
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.fda3b099.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27eaac13ecb9b0a7d040c56f263495942fddfdb2d82ec0d21c03b280bc7d05af
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/static/js/138.f57fe8c8.chunk.js
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; __Host-session=Smx5SmlNbjNtTllnaUJ1YWk2U3YyZlkyZTc0RC9yQjNGeitSQ1lvb2ZiUW40MU0vMGZYeXpzTk9SRFF3M3hUUG5QS29HVk9laVF5dHRaeVV5WXoyQzNRWVJ3Mmk3eCt4dS80UHo4cVJUeUpxemVoV0t3MnBqbTVYenlaVVp3WllaUmoyTGp1U3d3ZE14VWUwZ0ZURGM3dlcrNmd4T0tHZTA1RHVKamE4ckIzeFRJMFFlaXVFQnhoNGJKTE9CZjdGcEpaOTNZeHc4YmZhRTF4RWM3Nkc3ZkZVL0E3R2FQTzNJL3UzNjJLOUVSSDVFWWNlajJGZ0d2U3hWYXJLS2V6RUZheVdHZXdjbnB0TU81U1VxejdVWjBWcm1KYkRxcC9NMWloT0lGNDNiN009LS1LMVMxeTh6UStCaE5iNVE5Q1Uyd2F3PT0%3D--0c5090d16e09f9cd1a18f2908a85f95e47b4515d
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
15790
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 07 Sep 2021 09:58:09 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/javascript
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b0967c284fd70d-FRA
expires
Fri, 08 Oct 2021 14:22:11 GMT
168.cf7e6da8.chunk.js
hackerone.com/assets/static/js/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/static/js/168.cf7e6da8.chunk.js
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.fda3b099.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81e2e00404439b30a0c775636a45ce0ca3fc755815616e25597a8211e8c86669
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/static/js/168.cf7e6da8.chunk.js
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; __Host-session=Smx5SmlNbjNtTllnaUJ1YWk2U3YyZlkyZTc0RC9yQjNGeitSQ1lvb2ZiUW40MU0vMGZYeXpzTk9SRFF3M3hUUG5QS29HVk9laVF5dHRaeVV5WXoyQzNRWVJ3Mmk3eCt4dS80UHo4cVJUeUpxemVoV0t3MnBqbTVYenlaVVp3WllaUmoyTGp1U3d3ZE14VWUwZ0ZURGM3dlcrNmd4T0tHZTA1RHVKamE4ckIzeFRJMFFlaXVFQnhoNGJKTE9CZjdGcEpaOTNZeHc4YmZhRTF4RWM3Nkc3ZkZVL0E3R2FQTzNJL3UzNjJLOUVSSDVFWWNlajJGZ0d2U3hWYXJLS2V6RUZheVdHZXdjbnB0TU81U1VxejdVWjBWcm1KYkRxcC9NMWloT0lGNDNiN009LS1LMVMxeTh6UStCaE5iNVE5Q1Uyd2F3PT0%3D--0c5090d16e09f9cd1a18f2908a85f95e47b4515d
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
15804
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 07 Sep 2021 09:58:09 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/javascript
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b0967c2851d70d-FRA
expires
Fri, 08 Oct 2021 14:22:11 GMT
linkid.js
www.google-analytics.com/plugins/ua/ 		2 KB
882 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://hackerone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 13:50:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
age
1909
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
expires
Tue, 07 Sep 2021 14:50:22 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://hackerone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 07 Sep 2021 14:22:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://hackerone.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
graphql_token.json
hackerone.com/current_user/ 		24 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/current_user/graphql_token.json
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d53ac77407bdb417b09ed34066c69a6ea8d4ed7cc0978f11732457071bd73b0a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/current_user/graphql_token.json
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; __Host-session=Smx5SmlNbjNtTllnaUJ1YWk2U3YyZlkyZTc0RC9yQjNGeitSQ1lvb2ZiUW40MU0vMGZYeXpzTk9SRFF3M3hUUG5QS29HVk9laVF5dHRaeVV5WXoyQzNRWVJ3Mmk3eCt4dS80UHo4cVJUeUpxemVoV0t3MnBqbTVYenlaVVp3WllaUmoyTGp1U3d3ZE14VWUwZ0ZURGM3dlcrNmd4T0tHZTA1RHVKamE4ckIzeFRJMFFlaXVFQnhoNGJKTE9CZjdGcEpaOTNZeHc4YmZhRTF4RWM3Nkc3ZkZVL0E3R2FQTzNJL3UzNjJLOUVSSDVFWWNlajJGZ0d2U3hWYXJLS2V6RUZheVdHZXdjbnB0TU81U1VxejdVWjBWcm1KYkRxcC9NMWloT0lGNDNiN009LS1LMVMxeTh6UStCaE5iNVE5Q1Uyd2F3PT0%3D--0c5090d16e09f9cd1a18f2908a85f95e47b4515d; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-disposition
inline; filename="response.json"
x-xss-protection
1; mode=block
x-request-id
c6fd3370-946a-4c3a-8b1a-ef86e3e0fd2e
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
etag
W/"d53ac77407bdb417b09ed34066c69a6e"
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
set-cookie
__Host-session=cGFYMm1kY2I2TWNhekhxTlVWM09KekY0c1BtczRpbVN3NTgvWlBvK250YjFSMjNpWWlITW8yK0VOTEVBeExCWTJ5U0xUeFZMT0Jra3IweWtEd1J6TlJRNGZ3NXJzWHBTNkxyaWlFbVBRNTEraHhwSTk0LzE5RXNvc3UyNkhTWWZOYXhHS0Z0TnJRbnd1aTFzeHBGYnJCQ3BCMWdGaXlwVm1PaGN1ZVNNT1c2QlhUN3FXQ0o1WU5ybzFDTDViOWRRMDVtb05SbTdDZkFUanVCZFE2K2hYeVhRQk9OV0JYMDZBYmx2MUFIWTVDTkdDYlN1Z1UramRwT1VWOFVmb2tTYXAvc0pCaTBRNGVSMGNuTHdLR3NUakFhSnRWbUZFWm43eTBaS1hNbTUwN0U9LS0zRkhYWnpSV1hPTGZFRE9GeTZYbnd3PT0%3D--cc19d17def9fcf316bf3fa9aa58e2f357a4507b5; path=/; expires=Tue, 21 Sep 2021 14:22:12 GMT; secure; HttpOnly; SameSite=None
cf-ray
68b0967c68cbd70d-FRA
83578.json
hackerone.com/reports/ 		0
0
chevron-left.0d10ea46.svg
hackerone.com/assets/static/media/ 		161 B
261 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/static/media/chevron-left.0d10ea46.svg
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
66a1750b4eaba9bc9006423272119330f9391be376bbf1dbc8c57e3ca0ad8cc6
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/static/media/chevron-left.0d10ea46.svg
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=UkVScVM4SENCcGJ4aFlXSWJSMUZmbHhKK09XSml2ZUh2Y2d2UGhQRHBMdy9VeDdIMHFKQ1Z6TVVaVzBpOVh6M3I1VGl6MU9UNVF5T1FnUVlKdnM4eUdMekpiTjMvSUxKYXVUZWUyQk1FczVKY2tIa0Jqcm9admloNUhIbDh5bDNXSjhyWjROOFdhRkxQdHhuQXJoUEpINUd1WDRCbzJKUkFqcVpiUk00Rk5pKzdMcHBNQmRTR2UzK3gwQXk3N3J2dHJwOThOWTNZK3FtaUpiUFFYUHZvV1FVZnY0TWhwdVpjUVpCanczMkR2S2ZVeFYyNnRWR2lTb01DZmpZc3cvUDlMQ212QUhXRzBSMEpPQWVxNThEeVBwYmc5UXZYMjRrV3JxUnlrN2lpcGs9LS12UzJiUVhYaTlCSEhHUVJDeTV4RmVRPT0%3D--72a83fc8247f9cf624cc85a445abd1aa401d6aa1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
1609586
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 19 Aug 2021 15:03:48 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
image/svg+xml
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b0967d6aefd70d-FRA
expires
Fri, 08 Oct 2021 14:22:12 GMT
truncated
/ 		162 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1f34d4ed02952ca2f829183aa242a7b730a22be46ef7d433d73fc850acf19c54

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
Poppins-SemiBold.4cdacb8f.ttf
hackerone.com/assets/static/media/ 		152 KB
152 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/static/media/Poppins-SemiBold.4cdacb8f.ttf
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.de2cbd38.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf9c1ff640acc8bb5441a9b564360943f9db90969742aa33a36329b2828d2759
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://hackerone.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=UkVScVM4SENCcGJ4aFlXSWJSMUZmbHhKK09XSml2ZUh2Y2d2UGhQRHBMdy9VeDdIMHFKQ1Z6TVVaVzBpOVh6M3I1VGl6MU9UNVF5T1FnUVlKdnM4eUdMekpiTjMvSUxKYXVUZWUyQk1FczVKY2tIa0Jqcm9admloNUhIbDh5bDNXSjhyWjROOFdhRkxQdHhuQXJoUEpINUd1WDRCbzJKUkFqcVpiUk00Rk5pKzdMcHBNQmRTR2UzK3gwQXk3N3J2dHJwOThOWTNZK3FtaUpiUFFYUHZvV1FVZnY0TWhwdVpjUVpCanczMkR2S2ZVeFYyNnRWR2lTb01DZmpZc3cvUDlMQ212QUhXRzBSMEpPQWVxNThEeVBwYmc5UXZYMjRrV3JxUnlrN2lpcGs9LS12UzJiUVhYaTlCSEhHUVJDeTV4RmVRPT0%3D--72a83fc8247f9cf624cc85a445abd1aa401d6aa1
:path
/assets/static/media/Poppins-SemiBold.4cdacb8f.ttf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/assets/static/css/main.de2cbd38.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://hackerone.com
Referer
https://hackerone.com/assets/static/css/main.de2cbd38.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
1609325
vary
Accept-Encoding
content-length
155192
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 19 Aug 2021 15:03:48 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/octet-stream
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
accept-ranges
bytes
cf-ray
68b0967d8b0ed70d-FRA
expires
Fri, 08 Oct 2021 14:22:12 GMT
Poppins-Regular.8b6af8e5.ttf
hackerone.com/assets/static/media/ 		154 KB
155 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/static/media/Poppins-Regular.8b6af8e5.ttf
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.de2cbd38.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://hackerone.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=UkVScVM4SENCcGJ4aFlXSWJSMUZmbHhKK09XSml2ZUh2Y2d2UGhQRHBMdy9VeDdIMHFKQ1Z6TVVaVzBpOVh6M3I1VGl6MU9UNVF5T1FnUVlKdnM4eUdMekpiTjMvSUxKYXVUZWUyQk1FczVKY2tIa0Jqcm9admloNUhIbDh5bDNXSjhyWjROOFdhRkxQdHhuQXJoUEpINUd1WDRCbzJKUkFqcVpiUk00Rk5pKzdMcHBNQmRTR2UzK3gwQXk3N3J2dHJwOThOWTNZK3FtaUpiUFFYUHZvV1FVZnY0TWhwdVpjUVpCanczMkR2S2ZVeFYyNnRWR2lTb01DZmpZc3cvUDlMQ212QUhXRzBSMEpPQWVxNThEeVBwYmc5UXZYMjRrV3JxUnlrN2lpcGs9LS12UzJiUVhYaTlCSEhHUVJDeTV4RmVRPT0%3D--72a83fc8247f9cf624cc85a445abd1aa401d6aa1
:path
/assets/static/media/Poppins-Regular.8b6af8e5.ttf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/assets/static/css/main.de2cbd38.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://hackerone.com
Referer
https://hackerone.com/assets/static/css/main.de2cbd38.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
1609325
vary
Accept-Encoding
content-length
158192
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 19 Aug 2021 15:03:48 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/octet-stream
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
accept-ranges
bytes
cf-ray
68b0967d8b0fd70d-FRA
expires
Fri, 08 Oct 2021 14:22:12 GMT
UbuntuMono-Bold.46f0a3ad.ttf
hackerone.com/assets/static/media/ 		170 KB
170 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/static/media/UbuntuMono-Bold.46f0a3ad.ttf
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.de2cbd38.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1febee51defc0145669117eae46e891ca4e3e4b9836cfe494c822062d300fa2b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://hackerone.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=UkVScVM4SENCcGJ4aFlXSWJSMUZmbHhKK09XSml2ZUh2Y2d2UGhQRHBMdy9VeDdIMHFKQ1Z6TVVaVzBpOVh6M3I1VGl6MU9UNVF5T1FnUVlKdnM4eUdMekpiTjMvSUxKYXVUZWUyQk1FczVKY2tIa0Jqcm9admloNUhIbDh5bDNXSjhyWjROOFdhRkxQdHhuQXJoUEpINUd1WDRCbzJKUkFqcVpiUk00Rk5pKzdMcHBNQmRTR2UzK3gwQXk3N3J2dHJwOThOWTNZK3FtaUpiUFFYUHZvV1FVZnY0TWhwdVpjUVpCanczMkR2S2ZVeFYyNnRWR2lTb01DZmpZc3cvUDlMQ212QUhXRzBSMEpPQWVxNThEeVBwYmc5UXZYMjRrV3JxUnlrN2lpcGs9LS12UzJiUVhYaTlCSEhHUVJDeTV4RmVRPT0%3D--72a83fc8247f9cf624cc85a445abd1aa401d6aa1
:path
/assets/static/media/UbuntuMono-Bold.46f0a3ad.ttf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/assets/static/css/main.de2cbd38.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://hackerone.com
Referer
https://hackerone.com/assets/static/css/main.de2cbd38.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
1609324
vary
Accept-Encoding
content-length
174008
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 19 Aug 2021 15:03:48 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/octet-stream
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
accept-ranges
bytes
cf-ray
68b0967d8b12d70d-FRA
expires
Fri, 08 Oct 2021 14:22:12 GMT
logo-white.de7350f2.svg
hackerone.com/assets/static/media/ 		6 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hackerone.com/assets/static/media/logo-white.de7350f2.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d04d9b6203e0a41075d3283ef1ba7e4786bd6964d0b6006f6fbfad2aefbecb99
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/static/media/logo-white.de7350f2.svg
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=cGFYMm1kY2I2TWNhekhxTlVWM09KekY0c1BtczRpbVN3NTgvWlBvK250YjFSMjNpWWlITW8yK0VOTEVBeExCWTJ5U0xUeFZMT0Jra3IweWtEd1J6TlJRNGZ3NXJzWHBTNkxyaWlFbVBRNTEraHhwSTk0LzE5RXNvc3UyNkhTWWZOYXhHS0Z0TnJRbnd1aTFzeHBGYnJCQ3BCMWdGaXlwVm1PaGN1ZVNNT1c2QlhUN3FXQ0o1WU5ybzFDTDViOWRRMDVtb05SbTdDZkFUanVCZFE2K2hYeVhRQk9OV0JYMDZBYmx2MUFIWTVDTkdDYlN1Z1UramRwT1VWOFVmb2tTYXAvc0pCaTBRNGVSMGNuTHdLR3NUakFhSnRWbUZFWm43eTBaS1hNbTUwN0U9LS0zRkhYWnpSV1hPTGZFRE9GeTZYbnd3PT0%3D--cc19d17def9fcf316bf3fa9aa58e2f357a4507b5
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
1254281
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 23 Aug 2021 22:45:32 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
image/svg+xml
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b0967e4c79d70d-FRA
expires
Fri, 08 Oct 2021 14:22:12 GMT
graphql
hackerone.com/ 		20 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88ecf92326f1ff8da3d81eb38e1a84528de5661b7ec30b895ba82c43118380af
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://hackerone.com
accept-encoding
gzip, deflate, br
accept-language
en-US
x-auth-token
----
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=cGFYMm1kY2I2TWNhekhxTlVWM09KekY0c1BtczRpbVN3NTgvWlBvK250YjFSMjNpWWlITW8yK0VOTEVBeExCWTJ5U0xUeFZMT0Jra3IweWtEd1J6TlJRNGZ3NXJzWHBTNkxyaWlFbVBRNTEraHhwSTk0LzE5RXNvc3UyNkhTWWZOYXhHS0Z0TnJRbnd1aTFzeHBGYnJCQ3BCMWdGaXlwVm1PaGN1ZVNNT1c2QlhUN3FXQ0o1WU5ybzFDTDViOWRRMDVtb05SbTdDZkFUanVCZFE2K2hYeVhRQk9OV0JYMDZBYmx2MUFIWTVDTkdDYlN1Z1UramRwT1VWOFVmb2tTYXAvc0pCaTBRNGVSMGNuTHdLR3NUakFhSnRWbUZFWm43eTBaS1hNbTUwN0U9LS0zRkhYWnpSV1hPTGZFRE9GeTZYbnd3PT0%3D--cc19d17def9fcf316bf3fa9aa58e2f357a4507b5
sec-fetch-dest
empty
content-length
1516
:path
/graphql
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json
accept
*/*
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
POST
accept
*/*
Referer
https://hackerone.com/reports/83578
X-Auth-Token
----
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
c2d134c1-0a30-4eb8-b91f-4e5e0c2d8bf5
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
etag
W/"88ecf92326f1ff8da3d81eb38e1a8452"
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
set-cookie
__Host-session=MkdkTVJaSDArNkZ6YTFPQW1MelV3eUdiQ3YvY21mVldONVVrTE9mdDIxYmMxNks5MkFOM0xBKzFrdHlsYUdEV1kva3cza053S1VuVVBmS0VvdjZPNmtKZzlucW42cHcrb0lsYXRtTDhJTDVzajlTRjltNnJpSWZuT25RMkhHcXRvZ2dYZTFQV3RTTXZLMjU3ZnY3Zms2S0I2K0lHVjdrN216bTdNL3JhVU9MZmJSQk9RTWNkN1JrUU1rc2gxekxBaUx6WmR1V0RsdWVEQXpXcUYzUjE5Mkt1SmZKb0hVK2wzbENibGFleTR5THJnOTBCTlk0b2V2Wi9qTlIzdTRnaHp5WlphWHFxSVNweTF3eUg2ZnFhOWQxZUN5Njk4NktDWWdDaHFBbXBJK2M9LS1BUUJTeThrakFnN3MwZlJadmhnWWNRPT0%3D--82903887f42a353977273fe7d37fc9171c8fb8f6; path=/; expires=Tue, 21 Sep 2021 14:22:12 GMT; secure; HttpOnly; SameSite=None
cf-ray
68b0967e6cc0d70d-FRA
graphql
hackerone.com/ 		385 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e0bd44775ce339b38ee9da3b7700d4da8fb44a1ce445d5ee2a22c5cba0f3129
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://hackerone.com
accept-encoding
gzip, deflate, br
accept-language
en-US
x-auth-token
----
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=cGFYMm1kY2I2TWNhekhxTlVWM09KekY0c1BtczRpbVN3NTgvWlBvK250YjFSMjNpWWlITW8yK0VOTEVBeExCWTJ5U0xUeFZMT0Jra3IweWtEd1J6TlJRNGZ3NXJzWHBTNkxyaWlFbVBRNTEraHhwSTk0LzE5RXNvc3UyNkhTWWZOYXhHS0Z0TnJRbnd1aTFzeHBGYnJCQ3BCMWdGaXlwVm1PaGN1ZVNNT1c2QlhUN3FXQ0o1WU5ybzFDTDViOWRRMDVtb05SbTdDZkFUanVCZFE2K2hYeVhRQk9OV0JYMDZBYmx2MUFIWTVDTkdDYlN1Z1UramRwT1VWOFVmb2tTYXAvc0pCaTBRNGVSMGNuTHdLR3NUakFhSnRWbUZFWm43eTBaS1hNbTUwN0U9LS0zRkhYWnpSV1hPTGZFRE9GeTZYbnd3PT0%3D--cc19d17def9fcf316bf3fa9aa58e2f357a4507b5
sec-fetch-dest
empty
content-length
552
:path
/graphql
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json
accept
*/*
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
POST
accept
*/*
Referer
https://hackerone.com/reports/83578
X-Auth-Token
----
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
4f0922dd-7950-458b-b7ef-f779f87684e7
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
etag
W/"9e0bd44775ce339b38ee9da3b7700d4d"
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
set-cookie
__Host-session=R3hSV0tjcC83Qk5ObHRZaTY4dU5hUkxxbmNxdmcyWHBFR1NNQUNzL0ZZd3BxM3FGUGJzVGxZVXh3bGhWZTV4cURBM3ZPQ0NoR0h3ak1zS2UrR0g0RU9VSG1jYStyT1RGY1hsVUdPTVJvL1hhNVVCN3gzczQyQytReCt3UVZXN05SQmxtQkM2dGJ5QVlESWxSaklrU1RkOEVYcXl0b2l6SzE0RU9FeEVTcXg0YlQyUXZvV3ZxQk4rd0plWkpPV2s5WDVEY2dnd2NsdEdEeGVyRVlUSEYvNWdPR3hLQ1hXdGtjMzlFRGh6L3pGcDVEZGp2RmsxWWNqbHpjVUZacy82NmhCdnJjTlNVR1lLTkJGaWRIRVlCT2c1azczQWRxdGJkUlk1bk9oMVlEMms9LS02dTd1WEMxZ2ZMVzI5RW5sQ0VWQ3R3PT0%3D--28a0032c518612b24f495aef4dd588d03c89cb82; path=/; expires=Tue, 21 Sep 2021 14:22:12 GMT; secure; HttpOnly; SameSite=None
cf-ray
68b0967e6cc4d70d-FRA
graphql
hackerone.com/ 		8 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f49bf54a05215aaaf358f733b886cc7369a1d42e51f6d76b88eafe108c3d1b4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://hackerone.com
accept-encoding
gzip, deflate, br
accept-language
en-US
x-auth-token
----
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=cGFYMm1kY2I2TWNhekhxTlVWM09KekY0c1BtczRpbVN3NTgvWlBvK250YjFSMjNpWWlITW8yK0VOTEVBeExCWTJ5U0xUeFZMT0Jra3IweWtEd1J6TlJRNGZ3NXJzWHBTNkxyaWlFbVBRNTEraHhwSTk0LzE5RXNvc3UyNkhTWWZOYXhHS0Z0TnJRbnd1aTFzeHBGYnJCQ3BCMWdGaXlwVm1PaGN1ZVNNT1c2QlhUN3FXQ0o1WU5ybzFDTDViOWRRMDVtb05SbTdDZkFUanVCZFE2K2hYeVhRQk9OV0JYMDZBYmx2MUFIWTVDTkdDYlN1Z1UramRwT1VWOFVmb2tTYXAvc0pCaTBRNGVSMGNuTHdLR3NUakFhSnRWbUZFWm43eTBaS1hNbTUwN0U9LS0zRkhYWnpSV1hPTGZFRE9GeTZYbnd3PT0%3D--cc19d17def9fcf316bf3fa9aa58e2f357a4507b5
sec-fetch-dest
empty
content-length
279
:path
/graphql
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json
accept
*/*
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
POST
accept
*/*
Referer
https://hackerone.com/reports/83578
X-Auth-Token
----
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
f6a4f42b-b087-4106-82ef-0fdaf77db5fb
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
etag
W/"0f49bf54a05215aaaf358f733b886cc7"
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
set-cookie
__Host-session=ZDVmVExvOHlzck5rS1YrQXNmRUJDbThQM0huTVJYOHBMMjh5OU9lY1dPWVZOVFh4eDVPKzlpZTREUE9PdlZsTTl4WFQwbEJsSis3MDF3UWo1RWFEbVdXRnlnVXdBYTdQVDEyUFVFOTlFcWFzdGQyTXVTcVFYNlVIcjFZT1haZHFreUR2MVJXZ0VLQk5kdEYwMVdOSjFmeW0wOWVhYmFKK0JxdUIyOTdWUEV3aWUxNGpPZFZTVkxxbHJIQjJldnFSSzI0aTk4RTd0d3hJSUNnTEtIamR6WEJaZUphZVNYY2pUYUlCWnp1M0swY0tyUjV1dVVtZFExUnd5VUE2YkpmZU5MNUd5cThHci8yQkh6Q2hGTnR0RzUrMStpaktCVmgxQzQ2MmFtblVFY1U9LS00K25MRmVlZHBaUU9IYlVoeGF6R0RRPT0%3D--28282b076c6496dacbe2c962a03b723bdb98918a; path=/; expires=Tue, 21 Sep 2021 14:22:12 GMT; secure; HttpOnly; SameSite=None
cf-ray
68b0967e6cc6d70d-FRA
graphql
hackerone.com/ 		648 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aecf37e8153031fd133318e832f8a08bdba35c3a9993412f858554554448636e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://hackerone.com
accept-encoding
gzip, deflate, br
accept-language
en-US
x-auth-token
----
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=cGFYMm1kY2I2TWNhekhxTlVWM09KekY0c1BtczRpbVN3NTgvWlBvK250YjFSMjNpWWlITW8yK0VOTEVBeExCWTJ5U0xUeFZMT0Jra3IweWtEd1J6TlJRNGZ3NXJzWHBTNkxyaWlFbVBRNTEraHhwSTk0LzE5RXNvc3UyNkhTWWZOYXhHS0Z0TnJRbnd1aTFzeHBGYnJCQ3BCMWdGaXlwVm1PaGN1ZVNNT1c2QlhUN3FXQ0o1WU5ybzFDTDViOWRRMDVtb05SbTdDZkFUanVCZFE2K2hYeVhRQk9OV0JYMDZBYmx2MUFIWTVDTkdDYlN1Z1UramRwT1VWOFVmb2tTYXAvc0pCaTBRNGVSMGNuTHdLR3NUakFhSnRWbUZFWm43eTBaS1hNbTUwN0U9LS0zRkhYWnpSV1hPTGZFRE9GeTZYbnd3PT0%3D--cc19d17def9fcf316bf3fa9aa58e2f357a4507b5
sec-fetch-dest
empty
content-length
1256
:path
/graphql
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json
accept
*/*
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
POST
accept
*/*
Referer
https://hackerone.com/reports/83578
X-Auth-Token
----
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json

Response headers

date
Tue, 07 Sep 2021 14:22:13 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
71b845ff-2075-4851-bd17-11495d45d839
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
etag
W/"aecf37e8153031fd133318e832f8a08b"
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
set-cookie
__Host-session=UjVkS3dpSUJ5OFlpdGg2c0lVaEUzMWdoQjFKRVVOaE93bGVacHpmRmNPL0lPbkljR01EK2xicTZqNXkrUmNVWkpqaTBLZ28zSUpNT1FjSGxrR3hnMHlYYWVsVHBUb1o2OWYvYndab0d4VUVJUEszM0FRNkR1TFhXUzI1Q3BHQXJ1RkhTVFdaT0doVGNudDVrRkgwRmFuTCtrWUxDUS8yaVZKM1BCbUNRbTdNRWpkeTZFQWJJK3lldFZ6ZXBMOVNUWUxrM2VBM2hPZ2tvaWkrdTdpQ0xDMW4xQmNxaUF2Rm1RK1REcnc2aitwd0RtZE04ZFFiSXVIbzBTMGZBRzEwaWJNWGcwYWRwQWpnUnBuS3QvZWxTa3Z6Y1VweGRkUW9wRHdRVEFuQW9aYTg9LS1zTkxVMUdYZmRtRFNkTEFkKzhOZHVRPT0%3D--f107400d9c5ab0e100394fc4d63719a2c3a53415; path=/; expires=Tue, 21 Sep 2021 14:22:13 GMT; secure; HttpOnly; SameSite=None
cf-ray
68b0967e6cc9d70d-FRA
83578.json
hackerone.com/reports/ 		21 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/reports/83578.json
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d815606fa5d7162661c315d075b91fb79568ba3960826dbc3de39650ca546ef3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
x-csrf-token
GX25HQG9Nr1nXMx3vIrwmPoGUfzO7sgQ8wyyew+txWD3V6HYyFuOvlyKmpEkJdBivq6ezB+tm+loqODKp5PNkQ==
accept-language
en-US
sec-fetch-dest
empty
x-requested-with
XMLHttpRequest
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=R3hSV0tjcC83Qk5ObHRZaTY4dU5hUkxxbmNxdmcyWHBFR1NNQUNzL0ZZd3BxM3FGUGJzVGxZVXh3bGhWZTV4cURBM3ZPQ0NoR0h3ak1zS2UrR0g0RU9VSG1jYStyT1RGY1hsVUdPTVJvL1hhNVVCN3gzczQyQytReCt3UVZXN05SQmxtQkM2dGJ5QVlESWxSaklrU1RkOEVYcXl0b2l6SzE0RU9FeEVTcXg0YlQyUXZvV3ZxQk4rd0plWkpPV2s5WDVEY2dnd2NsdEdEeGVyRVlUSEYvNWdPR3hLQ1hXdGtjMzlFRGh6L3pGcDVEZGp2RmsxWWNqbHpjVUZacy82NmhCdnJjTlNVR1lLTkJGaWRIRVlCT2c1azczQWRxdGJkUlk1bk9oMVlEMms9LS02dTd1WEMxZ2ZMVzI5RW5sQ0VWQ3R3PT0%3D--28a0032c518612b24f495aef4dd588d03c89cb82
:path
/reports/83578.json
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://hackerone.com/reports/83578
X-CSRF-Token
GX25HQG9Nr1nXMx3vIrwmPoGUfzO7sgQ8wyyew+txWD3V6HYyFuOvlyKmpEkJdBivq6ezB+tm+loqODKp5PNkQ==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
X-Requested-With
XMLHttpRequest

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-disposition
inline; filename="response.json"
x-xss-protection
1; mode=block
x-request-id
054673f8-7bcf-4f92-8b1f-b3cff714e7b5
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
etag
W/"d815606fa5d7162661c315d075b91fb7"
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
set-cookie
__Host-session=dEN5YmNkTldWajNYNEpjeVdQVEtCWDFsdTU5b2M5YzlORys3ZWVOSjFpL1B0Mnc2bCthZGRDUUpDQXVHN2lIVDhEYVJyVHFiWDBydW1FQXpGbW1PZmJlNVZxZUU2clhyM3dWVktwRzl1aW41UHI1OXFvMk5sSXhEeGZhcG5kVFB0eFZnK05rRmZzVElWMTZsSEFpR1VhNi8xWFpzemU2eGhuTm1RTHhOL3lzUnhPTjRFSVB6KzVUMjQrUzROYm1LQ3BJbEdvZEcrU1hpRWQ5czJubUtnOGJJR20vWksrL3lkaHBaRkdDU0NBKzdzTUszNHhoSFE1eVk5RmNjU2NwMjI0cmxqMmZKM1JndVRjc1ZzeTIzNStPVlJEM2dGMjZyQ2ZUSzRrWVFvYWs9LS1oS21OMm9ZaSs2N0JSNnJ4UVVkZjJBPT0%3D--dd628ec1da48faf1cfa51de63f1156fd30125616; path=/; expires=Tue, 21 Sep 2021 14:22:12 GMT; secure; HttpOnly; SameSite=None
cf-ray
68b09680580ed70d-FRA
effra-regular.41247f5b.woff
hackerone.com/assets/static/media/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/static/media/effra-regular.41247f5b.woff
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.de2cbd38.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
447f89ebd0d856515058930185bfe0eb54716368f39d2be50bde10bb296e8e89
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://hackerone.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=R3hSV0tjcC83Qk5ObHRZaTY4dU5hUkxxbmNxdmcyWHBFR1NNQUNzL0ZZd3BxM3FGUGJzVGxZVXh3bGhWZTV4cURBM3ZPQ0NoR0h3ak1zS2UrR0g0RU9VSG1jYStyT1RGY1hsVUdPTVJvL1hhNVVCN3gzczQyQytReCt3UVZXN05SQmxtQkM2dGJ5QVlESWxSaklrU1RkOEVYcXl0b2l6SzE0RU9FeEVTcXg0YlQyUXZvV3ZxQk4rd0plWkpPV2s5WDVEY2dnd2NsdEdEeGVyRVlUSEYvNWdPR3hLQ1hXdGtjMzlFRGh6L3pGcDVEZGp2RmsxWWNqbHpjVUZacy82NmhCdnJjTlNVR1lLTkJGaWRIRVlCT2c1azczQWRxdGJkUlk1bk9oMVlEMms9LS02dTd1WEMxZ2ZMVzI5RW5sQ0VWQ3R3PT0%3D--28a0032c518612b24f495aef4dd588d03c89cb82
:path
/assets/static/media/effra-regular.41247f5b.woff
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/assets/static/css/main.de2cbd38.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://hackerone.com
Referer
https://hackerone.com/assets/static/css/main.de2cbd38.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
1609586
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 19 Aug 2021 15:03:48 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/font-woff
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b096808847d70d-FRA
expires
Fri, 08 Oct 2021 14:22:12 GMT
sidebar-expand.5e3c3791.svg
hackerone.com/assets/static/media/ 		304 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/static/media/sidebar-expand.5e3c3791.svg
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29184e7e7ab81e3a3a03b7878c141d52a2102e6c8fb28525037f97e3e4005ad0
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/static/media/sidebar-expand.5e3c3791.svg
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=R3hSV0tjcC83Qk5ObHRZaTY4dU5hUkxxbmNxdmcyWHBFR1NNQUNzL0ZZd3BxM3FGUGJzVGxZVXh3bGhWZTV4cURBM3ZPQ0NoR0h3ak1zS2UrR0g0RU9VSG1jYStyT1RGY1hsVUdPTVJvL1hhNVVCN3gzczQyQytReCt3UVZXN05SQmxtQkM2dGJ5QVlESWxSaklrU1RkOEVYcXl0b2l6SzE0RU9FeEVTcXg0YlQyUXZvV3ZxQk4rd0plWkpPV2s5WDVEY2dnd2NsdEdEeGVyRVlUSEYvNWdPR3hLQ1hXdGtjMzlFRGh6L3pGcDVEZGp2RmsxWWNqbHpjVUZacy82NmhCdnJjTlNVR1lLTkJGaWRIRVlCT2c1azczQWRxdGJkUlk1bk9oMVlEMms9LS02dTd1WEMxZ2ZMVzI5RW5sQ0VWQ3R3PT0%3D--28a0032c518612b24f495aef4dd588d03c89cb82
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
1609585
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 19 Aug 2021 15:03:48 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
image/svg+xml
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b096808853d70d-FRA
expires
Fri, 08 Oct 2021 14:22:12 GMT
edit.0a838a27.svg
hackerone.com/assets/static/media/ 		276 B
295 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/static/media/edit.0a838a27.svg
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f5ab1c0873416012a02bf62b119978c922dcec241b60eeeda727559e536b7dd
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/static/media/edit.0a838a27.svg
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=R3hSV0tjcC83Qk5ObHRZaTY4dU5hUkxxbmNxdmcyWHBFR1NNQUNzL0ZZd3BxM3FGUGJzVGxZVXh3bGhWZTV4cURBM3ZPQ0NoR0h3ak1zS2UrR0g0RU9VSG1jYStyT1RGY1hsVUdPTVJvL1hhNVVCN3gzczQyQytReCt3UVZXN05SQmxtQkM2dGJ5QVlESWxSaklrU1RkOEVYcXl0b2l6SzE0RU9FeEVTcXg0YlQyUXZvV3ZxQk4rd0plWkpPV2s5WDVEY2dnd2NsdEdEeGVyRVlUSEYvNWdPR3hLQ1hXdGtjMzlFRGh6L3pGcDVEZGp2RmsxWWNqbHpjVUZacy82NmhCdnJjTlNVR1lLTkJGaWRIRVlCT2c1azczQWRxdGJkUlk1bk9oMVlEMms9LS02dTd1WEMxZ2ZMVzI5RW5sQ0VWQ3R3PT0%3D--28a0032c518612b24f495aef4dd588d03c89cb82
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
1608939
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 19 Aug 2021 15:03:47 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
image/svg+xml
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b096808854d70d-FRA
expires
Fri, 08 Oct 2021 14:22:12 GMT
plus-light.2b2b227f.svg
hackerone.com/assets/static/media/ 		251 B
245 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/assets/static/media/plus-light.2b2b227f.svg
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
abf812db4242d3e4f93c1de48dfa58dec2fc39b9611ccf8ac34549ff78f89856
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/static/media/plus-light.2b2b227f.svg
pragma
no-cache
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=R3hSV0tjcC83Qk5ObHRZaTY4dU5hUkxxbmNxdmcyWHBFR1NNQUNzL0ZZd3BxM3FGUGJzVGxZVXh3bGhWZTV4cURBM3ZPQ0NoR0h3ak1zS2UrR0g0RU9VSG1jYStyT1RGY1hsVUdPTVJvL1hhNVVCN3gzczQyQytReCt3UVZXN05SQmxtQkM2dGJ5QVlESWxSaklrU1RkOEVYcXl0b2l6SzE0RU9FeEVTcXg0YlQyUXZvV3ZxQk4rd0plWkpPV2s5WDVEY2dnd2NsdEdEeGVyRVlUSEYvNWdPR3hLQ1hXdGtjMzlFRGh6L3pGcDVEZGp2RmsxWWNqbHpjVUZacy82NmhCdnJjTlNVR1lLTkJGaWRIRVlCT2c1azczQWRxdGJkUlk1bk9oMVlEMms9LS02dTd1WEMxZ2ZMVzI5RW5sQ0VWQ3R3PT0%3D--28a0032c518612b24f495aef4dd588d03c89cb82
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://hackerone.com/reports/83578
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 07 Sep 2021 14:22:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
1608938
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 19 Aug 2021 15:03:48 GMT
server
cloudflare
x-frame-options
DENY
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
image/svg+xml
cache-control
public, max-age=2678400
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
cf-ray
68b096808856d70d-FRA
expires
Fri, 08 Oct 2021 14:22:12 GMT
graphql
hackerone.com/ 		4 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b612007b2e6395535a95a137bc35bfc394054accfdc1a22e4e0c07860bd5fd3f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://hackerone.com
accept-encoding
gzip, deflate, br
accept-language
en-US
x-auth-token
----
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=R3hSV0tjcC83Qk5ObHRZaTY4dU5hUkxxbmNxdmcyWHBFR1NNQUNzL0ZZd3BxM3FGUGJzVGxZVXh3bGhWZTV4cURBM3ZPQ0NoR0h3ak1zS2UrR0g0RU9VSG1jYStyT1RGY1hsVUdPTVJvL1hhNVVCN3gzczQyQytReCt3UVZXN05SQmxtQkM2dGJ5QVlESWxSaklrU1RkOEVYcXl0b2l6SzE0RU9FeEVTcXg0YlQyUXZvV3ZxQk4rd0plWkpPV2s5WDVEY2dnd2NsdEdEeGVyRVlUSEYvNWdPR3hLQ1hXdGtjMzlFRGh6L3pGcDVEZGp2RmsxWWNqbHpjVUZacy82NmhCdnJjTlNVR1lLTkJGaWRIRVlCT2c1azczQWRxdGJkUlk1bk9oMVlEMms9LS02dTd1WEMxZ2ZMVzI5RW5sQ0VWQ3R3PT0%3D--28a0032c518612b24f495aef4dd588d03c89cb82
sec-fetch-dest
empty
content-length
8693
:path
/graphql
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json
accept
*/*
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
POST
accept
*/*
Referer
https://hackerone.com/reports/83578
X-Auth-Token
----
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json

Response headers

date
Tue, 07 Sep 2021 14:22:13 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
fd0f6612-1e80-4659-b048-29b90ce481d1
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
etag
W/"b612007b2e6395535a95a137bc35bfc3"
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
set-cookie
__Host-session=THRndlJWcFFZNTJaaHl4WEtERDIxOGtoK1RsWElUK0RtT3pNSUxUVEc1cURDeFpaaFFQa1ZqaWJaQ1cvdlcycnVnemkrRDBvK1hFTWs2TnJiKzNNV2tSRUhMS3pwdTBGeTNVeFY5WnBwQkphNlpjNHJ0blB3K3lSN3pVQStCOWhsZ3o4ZnpBUXFSbHg0dVFGYzU2eWZEVS8xSXR0UW04YU9wRmIvbGhWWHBNTTNKT2ZEamZaZm5YMTRNdk5OQnp2Y3dvL3VRWmdETkpzUEVHWVdqYW5BN01yYy9zdVRYTkxvQnpuNk1Gd1RhTkNZU1QxWGdVSEllVWgwVnF1WWR4MlVEN2kzQjYzNEk3VndVVE11K3ZhaUNUV1V6bDRzZTZwS0dEVUVMS3JBU1U9LS04cE5VMVRmRXBiakNnR3RObkNWVmJRPT0%3D--8f3768b7d9a103d9cf8f26086955e4f8e5b706e0; path=/; expires=Tue, 21 Sep 2021 14:22:13 GMT; secure; HttpOnly; SameSite=None
cf-ray
68b09680e8d9d70d-FRA
notifications
hackerone.com/ 		49 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/notifications
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9150fbd683b9c553d2881b9d1ea04168329e5a2cd999ce0ec99ee34b8eab678
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://hackerone.com
accept-encoding
gzip, deflate, br
x-csrf-token
GX25HQG9Nr1nXMx3vIrwmPoGUfzO7sgQ8wyyew+txWD3V6HYyFuOvlyKmpEkJdBivq6ezB+tm+loqODKp5PNkQ==
accept-language
en-US
sec-fetch-dest
empty
x-requested-with
XMLHttpRequest
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=dEN5YmNkTldWajNYNEpjeVdQVEtCWDFsdTU5b2M5YzlORys3ZWVOSjFpL1B0Mnc2bCthZGRDUUpDQXVHN2lIVDhEYVJyVHFiWDBydW1FQXpGbW1PZmJlNVZxZUU2clhyM3dWVktwRzl1aW41UHI1OXFvMk5sSXhEeGZhcG5kVFB0eFZnK05rRmZzVElWMTZsSEFpR1VhNi8xWFpzemU2eGhuTm1RTHhOL3lzUnhPTjRFSVB6KzVUMjQrUzROYm1LQ3BJbEdvZEcrU1hpRWQ5czJubUtnOGJJR20vWksrL3lkaHBaRkdDU0NBKzdzTUszNHhoSFE1eVk5RmNjU2NwMjI0cmxqMmZKM1JndVRjc1ZzeTIzNStPVlJEM2dGMjZyQ2ZUSzRrWVFvYWs9LS1oS21OMm9ZaSs2N0JSNnJ4UVVkZjJBPT0%3D--dd628ec1da48faf1cfa51de63f1156fd30125616
content-length
72
:path
/notifications
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/x-www-form-urlencoded; charset=UTF-8
accept
*/*
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
PATCH
Accept
*/*
Referer
https://hackerone.com/reports/83578
X-CSRF-Token
GX25HQG9Nr1nXMx3vIrwmPoGUfzO7sgQ8wyyew+txWD3V6HYyFuOvlyKmpEkJdBivq6ezB+tm+loqODKp5PNkQ==
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Tue, 07 Sep 2021 14:22:13 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
x-request-id
87eaa985-f15c-4644-b498-6a374ecb7446
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
expect-ct
enforce, max-age=86400
x-frame-options
DENY
x-download-options
noopen
content-type
*/*; charset=utf-8
cache-control
no-cache
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
set-cookie
__Host-session=YWxnT1Ara2o5aWlQeGI0by9JRVUrcjQxT3ljRlhMQndTcXUyd0crTDJCZDduQnFFc245L0tKbGpGMXNqOEIrR3JOUHN1NHlwNzN2TlNZa2xnREFPbmZOUmdHTjFIakl2c2FPbWU0Q3lZdmFPdGVLdGJwaDAyUi83WVVVSTluYm11a1VyVlJsV1pnbWIvL1Bhc2NyUHVjT3JlM1JRc1hWNzZPK1VSSTdrYy9KSTVsU3pra3d1U1VKcXppb1BCSnBaTFh0a2NNYVhEU21GM0QwclNxVW52WTJJeXRsa2xieWxrWkdHQ3JlTVBSdHZPMFl5RlFpdm9pWEE0c05WbFU2L29oMC9MTjBlUkV1dkhrUWhIUVplNEtQTUVLYnc4REZTT2tOaEl3R3JPRGc9LS04TUE2QXBWejBGS1ZyOExyYVJ3RmRBPT0%3D--4b1fb4f3770ec28c8e0917450762df5af3f3bde8; path=/; expires=Tue, 21 Sep 2021 14:22:13 GMT; secure; HttpOnly; SameSite=None
cf-ray
68b096834d6dd70d-FRA
participants
hackerone.com/reports/83578/ 		7 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/reports/83578/participants
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fbfc79065b9504100a29b8a067a627b73bed50f8eb082d74d222bcfaaf3d336
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
x-csrf-token
GX25HQG9Nr1nXMx3vIrwmPoGUfzO7sgQ8wyyew+txWD3V6HYyFuOvlyKmpEkJdBivq6ezB+tm+loqODKp5PNkQ==
accept-language
en-US
sec-fetch-dest
empty
x-requested-with
XMLHttpRequest
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=dEN5YmNkTldWajNYNEpjeVdQVEtCWDFsdTU5b2M5YzlORys3ZWVOSjFpL1B0Mnc2bCthZGRDUUpDQXVHN2lIVDhEYVJyVHFiWDBydW1FQXpGbW1PZmJlNVZxZUU2clhyM3dWVktwRzl1aW41UHI1OXFvMk5sSXhEeGZhcG5kVFB0eFZnK05rRmZzVElWMTZsSEFpR1VhNi8xWFpzemU2eGhuTm1RTHhOL3lzUnhPTjRFSVB6KzVUMjQrUzROYm1LQ3BJbEdvZEcrU1hpRWQ5czJubUtnOGJJR20vWksrL3lkaHBaRkdDU0NBKzdzTUszNHhoSFE1eVk5RmNjU2NwMjI0cmxqMmZKM1JndVRjc1ZzeTIzNStPVlJEM2dGMjZyQ2ZUSzRrWVFvYWs9LS1oS21OMm9ZaSs2N0JSNnJ4UVVkZjJBPT0%3D--dd628ec1da48faf1cfa51de63f1156fd30125616
:path
/reports/83578/participants
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://hackerone.com/reports/83578
X-CSRF-Token
GX25HQG9Nr1nXMx3vIrwmPoGUfzO7sgQ8wyyew+txWD3V6HYyFuOvlyKmpEkJdBivq6ezB+tm+loqODKp5PNkQ==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
X-Requested-With
XMLHttpRequest

Response headers

date
Tue, 07 Sep 2021 14:22:13 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-disposition
inline; filename="response.json"
x-xss-protection
1; mode=block
x-request-id
5df41eb9-0a71-4410-b821-00db0f19e0f2
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
etag
W/"3fbfc79065b9504100a29b8a067a627b"
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
set-cookie
__Host-session=ZzJhOVNvOGt1c3NJVFA3WUliQ0xoWndpZGkrNi83NXFlOGFKTHdkOWRncUd5UUM0cTFSaktOQ0hoSjJPTEdOQ2pRN1o0VEg2SGU4ajFQRzNmRlJOd1ZJckRaVDRRdmRqMUdKYWk5cTVrVHFBT0NSTzA1cWY5RHpERXBlUUliKzJ2dHkwQU1mYXRBdnlJRDRhYVBzcHRDOXk3ZktZeTl0T0tOWjBMMHFuellrcCtjKzhBWDRQRU1Eak9Pb1JnSHJ5YlhRNkErZ01UWDFIUGJkd0JpS1FkR1A3d2JXYWVMMlNQdGlEeTNPQjhCL1c1c2VybkZuYnMxaGV0NVNZeGF3UDFpSlQ4Z1JFbGpKaEZ1NG94ZHdIZXlvTUpyT1lEazJ5MjJWY0ttOWk2eEk9LS1UdkRWNzhNeVJaMGFTRWRJZTNQNXFBPT0%3D--7340e1528bdb9623ebe4109c305af84bc6ad239a; path=/; expires=Tue, 21 Sep 2021 14:22:13 GMT; secure; HttpOnly; SameSite=None
cf-ray
68b096834d71d70d-FRA
/
errors.hackerone.net/api/26/store/ 		41 B
647 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://errors.hackerone.net/api/26/store/?sentry_version=7&sentry_client=raven-js%2F3.27.2&sentry_key=90427e0cbcf0487db664e4357d17761b
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:ea35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c72756ba717b671ab08934ec5db087c8ae7395e3d7813c008a9bb6d4b443834e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; block-all-mixed-content; form-action 'none'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/34/csp-report/?sentry_key=959b5f6ed24d477c928e8dd455cc5071
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 07 Sep 2021 14:22:13 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
vary
Origin
content-length
41
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
https://hackerone.com
access-control-expose-headers
x-sentry-rate-limits, x-sentry-error, retry-after
content-security-policy
default-src 'none'; block-all-mixed-content; form-action 'none'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/34/csp-report/?sentry_key=959b5f6ed24d477c928e8dd455cc5071
cf-ray
68b09683ab4c0eaf-FRA
b5f65e84b294d95ac0e5fb3698d567882eeab915bc7725c4748f6d620a9f6f32
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/7wmdx6dqde5ngn7mwop6h5a33wdk/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/7wmdx6dqde5ngn7mwop6h5a33wdk/b5f65e84b294d95ac0e5fb3698d567882eeab915bc7725c4748f6d620a9f6f32?response-content-disposition=inline%3B%20filename%3D%22pugal.jpg%22%3B%20filename%2A%3DUTF-8%27%27pugal.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQRPZ7OXEF%2F20210907%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20210907T142212Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEEEaCXVzLXdlc3QtMiJGMEQCIHislz4foiFJ8AIjA6vYxOtkiMfwwB0vP5W8TP52dmteAiBh5HZE0vUkypubnJjZO3%2B4ntqBZwncFEi6pEyPIU%2BdzCqDBAiK%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAIaDDAxMzYxOTI3NDg0OSIMqBG%2FT6Xy2sapnhhKKtcDt%2FZrlMJCf4GbFHuzdwp4Od1dYUfN4usLHEPqykYKtnoKt%2B6AoATsWKhFoiknnO1gafB5mYtUuz1mW7YtVrm%2BTd%2BXAuznPpV1vuvjVvJcFhpdhb0%2BmaxMUY9iNqpLzGO2phpv%2BdVnfURbzUoK2MYRsk4RJY2xLeZMJWMsjq12MHjn4xxLVLXFhOPNAFUYQiL0sgU%2BcDEUl8%2FzD2QyWrGYdFflG0zAfspYlZZRzsjJmGhoxI0zcGFITK7iJE9oNjIFbceKT278IkOFkeTKvkU47b2gqUos4dfXJM4xTUfH1e%2BwI4%2FVTwxpgFfwyCdWJcrYnWuiTwObmYfWZgw0Wh5G8%2BTr%2FfqxKSNHSmDxVbJ9qgzTH9mpmlTAg61NbJFHtE8UQcUGf03g0vhMmZCd2fOOLEt0swBQ0pS3FRqaYq2id3cIYcHxQXMWWfdJCzHzCcnjhenIVo4MMIRnG1wjJFqqaNQq47irzNC%2FvEhoNQI5vcLEhX%2BZ2vr6uee79jtQFOXCrlVCElZWm5Ww0SU9ZpJ%2BHQmv9CzMbthUX9qGuhUWO2nwsjSrgSDkucgbcg0j7touF%2FedCWXXjxeOVg2WVggsSf7Sxi0hWfXgnsYQ4XxUFN69yqIaH%2F2DMOHb3IkGOqYBMLJwQ18EsshMvepkQspVGoAADq1Y7YYN5EsS1KNixbT3CqYOOcU9teMAW21zqvJMQtwaD4jq8KWTyqfKPcPQ%2FSl6evZaEBbBkPAJxtmAgtdOBUBEg5C%2FZWG04KaELZIoSy3rVY6foYvv0u8arI73GBYWniDeHXgOre6bpS%2F0QhTTd3A5qbZ1uwuWlO%2BwAEodqJvvHW2ZayGcSoCczxjEXWGxbD6I9g%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=e75f3e22929ae4f6a36f42e79d405e470f4c58d8dfc5271510b5fba53b746fca
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.212.73 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
c20fdaa6e0de6c68254768dad5d9cfd4f8ec46ddc5d7f987fbd84ece7879a918

Request headers

Referer
https://hackerone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
Date
Tue, 07 Sep 2021 14:22:14 GMT
Last-Modified
Wed, 25 Aug 2021 07:51:27 GMT
Server
AmazonS3
x-amz-request-id
ZHE7ZF163QNB0N4W
ETag
"659371bdebddecc10845c392c60f572f"
x-amz-version-id
_0HGH8jJ.uS6kQt0GkDUXeMHpgB4t0hX
Cache-Control
private, no-cache, no-store, must-revalidate
x-amz-replication-status
COMPLETED
Content-Disposition
inline; filename="pugal.jpg"; filename*=UTF-8''pugal.jpg
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
1859
x-amz-id-2
rlHMS/s8yrNO/Th0r+vmZNfs684ruxGHKh6HlxmFTs+JfAZFaC5BAFU5Z2WmHl+z9+XBV2VvTcE=
graphql
hackerone.com/ 		8 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
880cb988c8d28012f0fb5453505a71200701d8465dc027ce8c7391b05a789fcc
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://hackerone.com
accept-encoding
gzip, deflate, br
accept-language
en-US
x-auth-token
----
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=dEN5YmNkTldWajNYNEpjeVdQVEtCWDFsdTU5b2M5YzlORys3ZWVOSjFpL1B0Mnc2bCthZGRDUUpDQXVHN2lIVDhEYVJyVHFiWDBydW1FQXpGbW1PZmJlNVZxZUU2clhyM3dWVktwRzl1aW41UHI1OXFvMk5sSXhEeGZhcG5kVFB0eFZnK05rRmZzVElWMTZsSEFpR1VhNi8xWFpzemU2eGhuTm1RTHhOL3lzUnhPTjRFSVB6KzVUMjQrUzROYm1LQ3BJbEdvZEcrU1hpRWQ5czJubUtnOGJJR20vWksrL3lkaHBaRkdDU0NBKzdzTUszNHhoSFE1eVk5RmNjU2NwMjI0cmxqMmZKM1JndVRjc1ZzeTIzNStPVlJEM2dGMjZyQ2ZUSzRrWVFvYWs9LS1oS21OMm9ZaSs2N0JSNnJ4UVVkZjJBPT0%3D--dd628ec1da48faf1cfa51de63f1156fd30125616
sec-fetch-dest
empty
content-length
612
:path
/graphql
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json
accept
*/*
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
POST
accept
*/*
Referer
https://hackerone.com/reports/83578
X-Auth-Token
----
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json

Response headers

date
Tue, 07 Sep 2021 14:22:13 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
8729ccbf-12ce-4542-a564-c2eb89080204
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
etag
W/"880cb988c8d28012f0fb5453505a7120"
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
set-cookie
__Host-session=a2lqajNZd25KQStZUWYzU3ZIcGZJRDE4N1pIREZIdk9JSGlNOE9NcUl2L2ZUMVNLSmxoaE1QZjFPU0Q4emdPYWN3Q1h4QmRwZUcyMy9meENOVVZGL1hCZlZvZXFmL1NRWE96SmFMSFRqTnl6TGR2elRSWlluN2ZUM3VnYlJ5Y1hOUktXQU1xcmlaREVseEFyZFplT0lzYWo5V0wza1dUQmhkMXdhRE1zdnNhUzlMWEQwOWxsZnpBTE9LV1pRa1FYeVFCeXhhR1RIR1h6VVpqQUhieXVzZGRsRWU1a0ZuTHpFQjJIRmMvbmpUNW9wRWNJZEJBcS9RS0Y3VFZ3enNlbjB6VUxORDZzN0crTVlqR2FPeGY1cmt6UW85T01SMWtLbGxiekQyNXpzOFE9LS0za3lPVjVRY1hLbkZSVnQwbkhNbEtnPT0%3D--31b81261f85581ce923bc9ae7b1d1e7610175f37; path=/; expires=Tue, 21 Sep 2021 14:22:13 GMT; secure; HttpOnly; SameSite=None
cf-ray
68b096837db7d70d-FRA
graphql
hackerone.com/ 		377 B
848 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c07baae9b45f1f7710d159638509bcbd4c013109f08bf81909af56c6daa1a2a4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://hackerone.com
accept-encoding
gzip, deflate, br
accept-language
en-US
x-auth-token
----
cookie
h1_device_id=410bcd3d-1d86-4478-bec9-a600d6dd60c7; _ga=GA1.2.281492419.1631024532; _gid=GA1.2.2011900363.1631024532; __Host-session=dEN5YmNkTldWajNYNEpjeVdQVEtCWDFsdTU5b2M5YzlORys3ZWVOSjFpL1B0Mnc2bCthZGRDUUpDQXVHN2lIVDhEYVJyVHFiWDBydW1FQXpGbW1PZmJlNVZxZUU2clhyM3dWVktwRzl1aW41UHI1OXFvMk5sSXhEeGZhcG5kVFB0eFZnK05rRmZzVElWMTZsSEFpR1VhNi8xWFpzemU2eGhuTm1RTHhOL3lzUnhPTjRFSVB6KzVUMjQrUzROYm1LQ3BJbEdvZEcrU1hpRWQ5czJubUtnOGJJR20vWksrL3lkaHBaRkdDU0NBKzdzTUszNHhoSFE1eVk5RmNjU2NwMjI0cmxqMmZKM1JndVRjc1ZzeTIzNStPVlJEM2dGMjZyQ2ZUSzRrWVFvYWs9LS1oS21OMm9ZaSs2N0JSNnJ4UVVkZjJBPT0%3D--dd628ec1da48faf1cfa51de63f1156fd30125616
sec-fetch-dest
empty
content-length
1132
:path
/graphql
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json
accept
*/*
cache-control
no-cache
:authority
hackerone.com
referer
https://hackerone.com/reports/83578
:scheme
https
sec-fetch-site
same-origin
:method
POST
accept
*/*
Referer
https://hackerone.com/reports/83578
X-Auth-Token
----
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json

Response headers

date
Tue, 07 Sep 2021 14:22:13 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
46a9f586-4786-4ffa-8fef-9060c0a5a291
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
etag
W/"c07baae9b45f1f7710d159638509bcbd"
expect-ct
enforce, max-age=86400
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
set-cookie
__Host-session=TUFWSWVZNTQ5Q2dBditXdDhVV29FOXBkRy81MWNBb0JKUGhJUlo1L3JZNnBLYXdTRytYNkNSTUNlVmUxeGYrR0RRMTRwTTMrQlRQQkFJZThJNUxMTExveVhWR3IxNjVDaHJrYmEvelByaTRNLzBDRmdLbFZuN1VXMzBwVzhHeGtZSDRqSGxidHZiNFZ1QjRzN1ZKZUtRZlpQZmZCc2RlWUd2YVh5aHNCeDdndGVOeDUyU0g2NlZXQldXVVErZk5LWG1GTktjekhybFlYNVFMVjhCbURmYnRxY3N4aUIraWVuYnZScmQ3bEo5R2FvbzUyYjFHc1UyT0QrWHZHSHBXYXIwQlJSeVJtZi9xSDFld3J2VU9iU3ZjRlhyZE5XSWFOcU9wR1RtL04wNXc9LS1TcnRiMHREamU5NDJxVlQzc2dEVkdRPT0%3D--1034215ee3cfff3b2157eb0b2d77a0dacbadea2e; path=/; expires=Tue, 21 Sep 2021 14:22:13 GMT; secure; HttpOnly; SameSite=None
cf-ray
68b096837db8d70d-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
hackerone.com
URL
https://hackerone.com/reports/83578.json

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| constants object| webpackJsonphackerone function| setImmediate function| clearImmediate object| regeneratorRuntime object| Backbone function| _ object| current_user function| Mousetrap function| saveAs function| Dropzone object| regjsgen object| notifications object| TeamStore function| jQuery string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

4 Cookies

Domain/Path Name / Value
.hackerone.com/ Name: _gid
Value: GA1.2.2011900363.1631024532
hackerone.com/ Name: __Host-session
Value: cGFYMm1kY2I2TWNhekhxTlVWM09KekY0c1BtczRpbVN3NTgvWlBvK250YjFSMjNpWWlITW8yK0VOTEVBeExCWTJ5U0xUeFZMT0Jra3IweWtEd1J6TlJRNGZ3NXJzWHBTNkxyaWlFbVBRNTEraHhwSTk0LzE5RXNvc3UyNkhTWWZOYXhHS0Z0TnJRbnd1aTFzeHBGYnJCQ3BCMWdGaXlwVm1PaGN1ZVNNT1c2QlhUN3FXQ0o1WU5ybzFDTDViOWRRMDVtb05SbTdDZkFUanVCZFE2K2hYeVhRQk9OV0JYMDZBYmx2MUFIWTVDTkdDYlN1Z1UramRwT1VWOFVmb2tTYXAvc0pCaTBRNGVSMGNuTHdLR3NUakFhSnRWbUZFWm43eTBaS1hNbTUwN0U9LS0zRkhYWnpSV1hPTGZFRE9GeTZYbnd3PT0%3D--cc19d17def9fcf316bf3fa9aa58e2f357a4507b5
.hackerone.com/ Name: _ga
Value: GA1.2.281492419.1631024532
hackerone.com/ Name: h1_device_id
Value: 410bcd3d-1d86-4478-bec9-a600d6dd60c7

1 Console Messages

Source Level URL
Text
console-api error URL: https://hackerone.com/assets/static/js/vendors~main.aa349b05.chunk.js(Line 2)
Message:
TypeError: Cannot read property 'getItem' of null

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

errors.hackerone.net
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
hackerone.com
www.google-analytics.com
hackerone.com
2606:4700::6810:6434
2606:4700::6811:ea35
2a00:1450:4001:829::200e
2a00:1450:4001:82a::200e
52.218.212.73
0f49bf54a05215aaaf358f733b886cc7369a1d42e51f6d76b88eafe108c3d1b4
1f34d4ed02952ca2f829183aa242a7b730a22be46ef7d433d73fc850acf19c54
1febee51defc0145669117eae46e891ca4e3e4b9836cfe494c822062d300fa2b
27eaac13ecb9b0a7d040c56f263495942fddfdb2d82ec0d21c03b280bc7d05af
29184e7e7ab81e3a3a03b7878c141d52a2102e6c8fb28525037f97e3e4005ad0
31ab35cfd4181e258f783d58d8ce39bb9cb36288fde769bd373d967a1c94fe59
3fbfc79065b9504100a29b8a067a627b73bed50f8eb082d74d222bcfaaf3d336
41f8017dfce3679e0bd7f9c524ee808387d7705a78916a7166a8ed84be8c228d
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
447f89ebd0d856515058930185bfe0eb54716368f39d2be50bde10bb296e8e89
66a1750b4eaba9bc9006423272119330f9391be376bbf1dbc8c57e3ca0ad8cc6
748575ea552615fa5692e57081d6e1415de2f8737c427805be6f43d10b8c9871
78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527
7f5ab1c0873416012a02bf62b119978c922dcec241b60eeeda727559e536b7dd
81e2e00404439b30a0c775636a45ce0ca3fc755815616e25597a8211e8c86669
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
880cb988c8d28012f0fb5453505a71200701d8465dc027ce8c7391b05a789fcc
88ecf92326f1ff8da3d81eb38e1a84528de5661b7ec30b895ba82c43118380af
929246d848aa547a6956502fca1cb3f6449bbb562d54d7ae66a34682b4fc7743
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9e0bd44775ce339b38ee9da3b7700d4da8fb44a1ce445d5ee2a22c5cba0f3129
a9150fbd683b9c553d2881b9d1ea04168329e5a2cd999ce0ec99ee34b8eab678
abf812db4242d3e4f93c1de48dfa58dec2fc39b9611ccf8ac34549ff78f89856
aecf37e8153031fd133318e832f8a08bdba35c3a9993412f858554554448636e
b612007b2e6395535a95a137bc35bfc394054accfdc1a22e4e0c07860bd5fd3f
b7af17fea48e05a177cda20dfbfde6d632bc559f3ab172a1cfb6969893db2692
bf9c1ff640acc8bb5441a9b564360943f9db90969742aa33a36329b2828d2759
c07baae9b45f1f7710d159638509bcbd4c013109f08bf81909af56c6daa1a2a4
c20fdaa6e0de6c68254768dad5d9cfd4f8ec46ddc5d7f987fbd84ece7879a918
c3c42b51ea238385dd0fe1c4b7c84e4dc9beb8c01c991878923ec9ffa5d0b5cd
c72756ba717b671ab08934ec5db087c8ae7395e3d7813c008a9bb6d4b443834e
d04d9b6203e0a41075d3283ef1ba7e4786bd6964d0b6006f6fbfad2aefbecb99
d53ac77407bdb417b09ed34066c69a6ea8d4ed7cc0978f11732457071bd73b0a
d815606fa5d7162661c315d075b91fb79568ba3960826dbc3de39650ca546ef3
dc80c99734fc297843947aebf533aca789df6e0a3bf5abd37d4d6051e7990d78
f4d2b7660bfcdf3acf3913f204ff7c5b60c20110dae0c93135e5a195fa263a8c
f6a7e39d163f6a15f719b779f02b23e98b050a220f0d7c67961e7e48c6057091
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62