urlscan.io logo urlscan.io
SecurityTrails logo

enoc-uat.clm-comarch.com Open in urlscan Pro
156.154.166.19  Public Scan

Go To Rescan Add Verdict Report
URL: https://enoc-uat.clm-comarch.com/offers
Submission: On October 24 via manual from AE — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 1 domains to perform 41 HTTP transactions. The main IP is 156.154.166.19, located in United States and belongs to SECURITYSERVICES, US. The main domain is enoc-uat.clm-comarch.com.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on July 31st 2024. Valid for: a year.
This is the only time enoc-uat.clm-comarch.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
31 156.154.166.19 19905 (SECURITYS...)
10 156.154.166.21 19905 (SECURITYS...)
41 3
Domain Requested by
31 enoc-uat.clm-comarch.com enoc-uat.clm-comarch.com
10 backoffice-enoc-uat.clm-comarch.com enoc-uat.clm-comarch.com
41 2

This site contains no links.

Subject Issuer Validity Valid
enoc-uat.clm-comarch.com
GeoTrust TLS RSA CA G1		 2024-07-31 -
2025-07-30		 a year crt.sh

This page contains 1 frames:

Primary Page: https://enoc-uat.clm-comarch.com/offers
Frame ID: E3E229D78748C7938E937949E5B1DF43
Requests: 38 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Offers | Yes

Page Statistics

41
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

1
Countries

3985 kB
Transfer

4857 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

41 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request offers
enoc-uat.clm-comarch.com/ 		4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/offers
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
a4d451a35ac8f2b6689d9863960523342e28d7a0dbeeabbba38d248a41a1d53c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
Strict-Transport-Security max-age=63072000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Content-Encoding
gzip
Content-Length
1350
Strict-Transport-Security
max-age=63072000; includeSubDomains
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
content-type
text/html
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Thu, 24 Oct 2024 13:37:31 GMT
expires
Wed, 12 Jan 1980 05:00:00 GMT
ntcoent-length
3926
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
pragma
no-cache
server
Apache
strict-transport-security
max-age=63072000; includeSubDomains;
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
client.ns.js
enoc-uat.clm-comarch.com/ 		77 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/client.ns.js
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/offers
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
/
Resource Hash
058b99349e64013ce1a859148e5b5b1fec8443e5bf9c85f89ddc7176f745e07b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

Cache-control
no-store, max-age=0
Content-Length
78847
Content-Type
application/x-javascript
Connection
keep-alive
runtime.de0e4ef239972867.js
enoc-uat.clm-comarch.com/ 		4 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/runtime.de0e4ef239972867.js
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/offers
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
859c4a6882916a5932b55c24c4690e679064fc1415c66bda1f90770ab24e4879
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://enoc-uat.clm-comarch.com
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"ea4-622c4a7a20e6e"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
3748
date
Thu, 24 Oct 2024 13:37:32 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
application/javascript
server
Apache
x-frame-options
SAMEORIGIN
polyfills.de84941a39ceb7be.js
enoc-uat.clm-comarch.com/ 		34 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/polyfills.de84941a39ceb7be.js
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/offers
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
46431f1f3f6a49dd7113abfaf7b484d069c9b4257f4f0b22aaccf82117565606
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://enoc-uat.clm-comarch.com
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"8749-622c4a7a1e03f"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
34633
date
Thu, 24 Oct 2024 13:37:32 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
application/javascript
server
Apache
x-frame-options
SAMEORIGIN
scripts.c91eecdd65e14421.js
enoc-uat.clm-comarch.com/ 		149 KB
152 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/scripts.c91eecdd65e14421.js
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/offers
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
0e19226f74034018a45ba3fde00d3f97f4de91b185038764b51bca7a58ea4c3b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"254f1-622c4a7a1efdf"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
152817
date
Thu, 24 Oct 2024 13:37:32 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
application/javascript
server
Apache
x-frame-options
SAMEORIGIN
main.60abaa25c4228f3d.js
enoc-uat.clm-comarch.com/ 		2 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/main.60abaa25c4228f3d.js
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/offers
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
813486a40f680c7680a48b2eb0c844bb2c0f47121fe14782f8753334e182be8a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://enoc-uat.clm-comarch.com
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"242f34-622c4a7a20a86"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
2371380
date
Thu, 24 Oct 2024 13:37:32 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
application/javascript
server
Apache
x-frame-options
SAMEORIGIN
styles.c19fd77b6eaee5c9.css
enoc-uat.clm-comarch.com/ 		308 KB
40 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/styles.c19fd77b6eaee5c9.css
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/offers
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
0e5c1dadd836792a96be74c43e8f4f9100ad19e3442b3f0489a7c7fd6eeefb76
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

ntcoent-length
315011
Content-Encoding
gzip
etag
"4ce83-622c4a7a1fae6"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
date
Thu, 24 Oct 2024 13:37:32 GMT
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
text/css
x-frame-options
SAMEORIGIN
Transfer-Encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Cache-Control
private
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
x-xss-protection
1; mode=block
server
Apache
Cabin-Regular.ttf
enoc-uat.clm-comarch.com/assets/fonts/cabin/ 		102 KB
105 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/assets/fonts/cabin/Cabin-Regular.ttf
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/offers
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
4c2e1fa3c5fb75fe902ea787cddfe572f8afc700a8b291e6719cd3f8295ad21e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://enoc-uat.clm-comarch.com
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"19948-622c4a7a1a1bf"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
104776
date
Thu, 24 Oct 2024 13:37:32 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
font/ttf
server
Apache
x-frame-options
SAMEORIGIN
runtime.json
enoc-uat.clm-comarch.com/assets/ 		428 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/assets/runtime.json
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/polyfills.de84941a39ceb7be.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
da46a518887e0636efaa611961dc7bb14b006b62ea4a7f6908d8c8e3b181c44e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 12 Jan 1980 05:00:00 GMT
date
Thu, 24 Oct 2024 13:37:36 GMT
last-modified
Mon, 23 Sep 2024 07:51:22 GMT
content-type
application/json
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cache-control
max-age=0, no-cache, no-store, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
cross-origin-resource-policy
same-origin
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
428
x-xss-protection
1; mode=block
server
Apache
503acd93e5a61166ff04f1307a2e4f17cadbb68e
enoc-uat.clm-comarch.com/ 		23 B
394 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/503acd93e5a61166ff04f1307a2e4f17cadbb68e
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/polyfills.de84941a39ceb7be.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
/
Resource Hash
bb4c550fd5f78a0539c7041d66b69274a0ea2ace1f397c3689e72c0ae92c23c1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

Pragma
no-cache
Connection
close
Content-Length
23
parameters
backoffice-enoc-uat.clm-comarch.com/ccms-api/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://backoffice-enoc-uat.clm-comarch.com/ccms-api/parameters
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.21 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
Strict-Transport-Security max-age=63072000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://enoc-uat.clm-comarch.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
access-control-allow-headers
Origin, Content-Type, Authorization, X-total-count, Content-Language,
access-control-allow-methods
GET,POST,PATCH,PUT,DELETE,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
X-total-count,
approadmap
p02-ccmsapi02
cross-origin-opener-policy
same-origin
date
Thu, 24 Oct 2024 13:37:38 GMT
server
Apache
strict-transport-security
max-age=63072000; includeSubDomains;
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
en
backoffice-enoc-uat.clm-comarch.com/ccms-api/languages/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://backoffice-enoc-uat.clm-comarch.com/ccms-api/languages/en
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.21 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
Strict-Transport-Security max-age=63072000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://enoc-uat.clm-comarch.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
access-control-allow-headers
Origin, Content-Type, Authorization, X-total-count, Content-Language,
access-control-allow-methods
GET,POST,PATCH,PUT,DELETE,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
X-total-count,
approadmap
p01-ccmsapi01
cross-origin-opener-policy
same-origin
date
Thu, 24 Oct 2024 13:37:38 GMT
server
Apache
strict-transport-security
max-age=63072000; includeSubDomains;
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
parameters
backoffice-enoc-uat.clm-comarch.com/ccms-api/ 		391 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://backoffice-enoc-uat.clm-comarch.com/ccms-api/parameters
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/polyfills.de84941a39ceb7be.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.21 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
b01ab68ccb3b33d1a1242c7e269ebf4150bfc3a6eaab6a3f57c3bc31f55047da
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Authorization
Basic Y2NtczpNUzlUZ00zVmQ4TG1RYUo0
Referer
https://enoc-uat.clm-comarch.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*

Response headers

access-control-expose-headers
X-total-count,
etag
W/"187-Sy/3AjTUMIr0Ero3bwFCGbPQNzI"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
access-control-allow-methods
GET,POST,PATCH,PUT,DELETE,OPTIONS
date
Thu, 24 Oct 2024 13:37:38 GMT
content-type
application/json; charset=utf-8
access-control-allow-headers
Origin, Content-Type, Authorization, X-total-count, Content-Language,
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
x-dns-prefetch-control
off
cross-origin-opener-policy
same-origin
approadmap
p02-ccmsapi03
x-download-options
noopen
access-control-allow-origin
*
content-length
391
x-xss-protection
1; mode=block
server
Apache
en
backoffice-enoc-uat.clm-comarch.com/ccms-api/languages/ 		25 KB
26 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://backoffice-enoc-uat.clm-comarch.com/ccms-api/languages/en
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/polyfills.de84941a39ceb7be.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.21 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
2c1ca18bd38399a811ba8a7fb62c1f18a46ec499a034793d657272d41eedf930
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Authorization
Basic Y2NtczpNUzlUZ00zVmQ4TG1RYUo0
Referer
https://enoc-uat.clm-comarch.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*

Response headers

access-control-expose-headers
X-total-count,
etag
W/"6351-FLCCVBfELIxsYaiR1lGWtK3+p1E"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
access-control-allow-methods
GET,POST,PATCH,PUT,DELETE,OPTIONS
date
Thu, 24 Oct 2024 13:37:38 GMT
content-type
application/json; charset=utf-8
access-control-allow-headers
Origin, Content-Type, Authorization, X-total-count, Content-Language,
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
x-dns-prefetch-control
off
cross-origin-opener-policy
same-origin
approadmap
p01-ccmsapi02
x-download-options
noopen
access-control-allow-origin
*
content-length
25425
x-xss-protection
1; mode=block
server
Apache
favicon.ico
enoc-uat.clm-comarch.com/ 		12 KB
14 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
dab209d046c2625c2032eeff511951f7aa708b1dbe0ba66f556411641704c352
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"2eee-622c4a7a1c04f"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
12014
date
Thu, 24 Oct 2024 13:37:37 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
image/x-icon
server
Apache
x-frame-options
SAMEORIGIN
75.4520caa275ebe6be.js
enoc-uat.clm-comarch.com/ 		614 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/75.4520caa275ebe6be.js
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/runtime.de0e4ef239972867.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
7c64368fd5157b098884e3eea204a84c01ff1c543511dbd85cea24ae25fe8453
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://enoc-uat.clm-comarch.com
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"266-622c4a7a1e03f"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
614
date
Thu, 24 Oct 2024 13:37:38 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
application/javascript
server
Apache
x-frame-options
SAMEORIGIN
member_menu
backoffice-enoc-uat.clm-comarch.com/ccms-api/navigations/name/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://backoffice-enoc-uat.clm-comarch.com/ccms-api/navigations/name/member_menu?language=en
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.21 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
Strict-Transport-Security max-age=63072000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://enoc-uat.clm-comarch.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
access-control-allow-headers
Origin, Content-Type, Authorization, X-total-count, Content-Language,
access-control-allow-methods
GET,POST,PATCH,PUT,DELETE,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
X-total-count,
approadmap
p02-ccmsapi01
cross-origin-opener-policy
same-origin
date
Thu, 24 Oct 2024 13:37:38 GMT
server
Apache
strict-transport-security
max-age=63072000; includeSubDomains;
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
header_menu
backoffice-enoc-uat.clm-comarch.com/ccms-api/navigations/name/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://backoffice-enoc-uat.clm-comarch.com/ccms-api/navigations/name/header_menu?language=en
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.21 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
Strict-Transport-Security max-age=63072000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://enoc-uat.clm-comarch.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
access-control-allow-headers
Origin, Content-Type, Authorization, X-total-count, Content-Language,
access-control-allow-methods
GET,POST,PATCH,PUT,DELETE,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
X-total-count,
approadmap
p01-ccmsapi03
cross-origin-opener-policy
same-origin
date
Thu, 24 Oct 2024 13:37:38 GMT
server
Apache
strict-transport-security
max-age=63072000; includeSubDomains;
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
app_store
backoffice-enoc-uat.clm-comarch.com/ccms-api/navigations/name/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://backoffice-enoc-uat.clm-comarch.com/ccms-api/navigations/name/app_store?language=en
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.21 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
Strict-Transport-Security max-age=63072000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://enoc-uat.clm-comarch.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
access-control-allow-headers
Origin, Content-Type, Authorization, X-total-count, Content-Language,
access-control-allow-methods
GET,POST,PATCH,PUT,DELETE,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
X-total-count,
approadmap
p02-ccmsapi02
cross-origin-opener-policy
same-origin
date
Thu, 24 Oct 2024 13:37:39 GMT
server
Apache
strict-transport-security
max-age=63072000; includeSubDomains;
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
cmp.svg
enoc-uat.clm-comarch.com/assets/svg/ 		102 KB
105 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/assets/svg/cmp.svg
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/polyfills.de84941a39ceb7be.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
e2e416283416fda247b2f3baa5937bfc2de355e025586ab4d117e72aef5d94f3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

Transfer-Encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"1970f-622c4a7a1f6fe"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
date
Thu, 24 Oct 2024 13:37:38 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
image/svg+xml
server
Apache
x-frame-options
SAMEORIGIN
member_menu
backoffice-enoc-uat.clm-comarch.com/ccms-api/navigations/name/ 		959 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://backoffice-enoc-uat.clm-comarch.com/ccms-api/navigations/name/member_menu?language=en
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/polyfills.de84941a39ceb7be.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.21 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
4977e09229db4622b5f4d671b0ee6a7a99b59fdbf969bb011f42d93a237fc1c3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Authorization
Basic Y2NtczpNUzlUZ00zVmQ4TG1RYUo0
Referer
https://enoc-uat.clm-comarch.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*

Response headers

access-control-expose-headers
X-total-count,
etag
W/"3bf-r14qCyU9CKQk0CtL2/6ss1COCCI"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
access-control-allow-methods
GET,POST,PATCH,PUT,DELETE,OPTIONS
date
Thu, 24 Oct 2024 13:37:39 GMT
content-type
application/json; charset=utf-8
access-control-allow-headers
Origin, Content-Type, Authorization, X-total-count, Content-Language,
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
x-dns-prefetch-control
off
cross-origin-opener-policy
same-origin
approadmap
p02-ccmsapi03
x-download-options
noopen
access-control-allow-origin
*
content-length
959
x-xss-protection
1; mode=block
content-language
en-AU
server
Apache
header_menu
backoffice-enoc-uat.clm-comarch.com/ccms-api/navigations/name/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://backoffice-enoc-uat.clm-comarch.com/ccms-api/navigations/name/header_menu?language=en
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/polyfills.de84941a39ceb7be.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.21 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
36a5700b04cefac066c19762556521c68521add44a8f3eb6db1193b54bb20eef
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Authorization
Basic Y2NtczpNUzlUZ00zVmQ4TG1RYUo0
Referer
https://enoc-uat.clm-comarch.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*

Response headers

access-control-expose-headers
X-total-count,
etag
W/"80b-w5w6pYw0+I/ELAWj+pBoV2GfUdc"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
access-control-allow-methods
GET,POST,PATCH,PUT,DELETE,OPTIONS
date
Thu, 24 Oct 2024 13:37:39 GMT
content-type
application/json; charset=utf-8
access-control-allow-headers
Origin, Content-Type, Authorization, X-total-count, Content-Language,
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
x-dns-prefetch-control
off
cross-origin-opener-policy
same-origin
approadmap
p02-ccmsapi01
x-download-options
noopen
access-control-allow-origin
*
content-length
2059
x-xss-protection
1; mode=block
content-language
en-AU
server
Apache
ENOC_CBD_OFFER_ENABLED
enoc-uat.clm-comarch.com/b2c/parameters/ 		94 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/b2c/parameters/ENOC_CBD_OFFER_ENABLED
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/polyfills.de84941a39ceb7be.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
9c4fa0e4dec2d69a45c541ab304c2247f9f017928f1babf5fa02dbf370a34cfb
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://enoc-uat.clm-comarch.com/offers
Accept-Language
en
Accept
application/json, text/plain, */*
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
date
Thu, 24 Oct 2024 13:37:38 GMT
content-type
application/json
x-frame-options
DENY
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
cross-origin-resource-policy
same-origin
approadmap
p01-b2c02
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
x-server-time
2024-10-24T17:37:38.956+04:00[Asia/Dubai]
x-xss-protection
1; mode=block
server
Apache
YES_REGIONS
enoc-uat.clm-comarch.com/b2c/dictionaries/ 		47 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/b2c/dictionaries/YES_REGIONS
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/polyfills.de84941a39ceb7be.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
ea3e314c7761ec6245ca231dafbb48bff2a3ea17fa71b6fe8f1d2292b4c896c6
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://enoc-uat.clm-comarch.com/offers
Accept-Language
en
Accept
application/json, text/plain, */*
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
date
Thu, 24 Oct 2024 13:37:38 GMT
content-type
application/json
x-frame-options
DENY
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
x-total-count
1
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
x-total-count-limited
false
pragma
no-cache
cross-origin-resource-policy
same-origin
approadmap
p02-b2c02
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
x-server-time
2024-10-24T17:37:38.963+04:00[Asia/Dubai]
x-xss-protection
1; mode=block
server
Apache
app_store
backoffice-enoc-uat.clm-comarch.com/ccms-api/navigations/name/ 		1021 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://backoffice-enoc-uat.clm-comarch.com/ccms-api/navigations/name/app_store?language=en
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/polyfills.de84941a39ceb7be.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.21 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
fe64a50d13d3a0735eec31bc4ae54b476788a168fa71140527da5a3e281f5ea7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Authorization
Basic Y2NtczpNUzlUZ00zVmQ4TG1RYUo0
Referer
https://enoc-uat.clm-comarch.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*

Response headers

access-control-expose-headers
X-total-count,
etag
W/"3fd-t5t74Ev8vFUNaq3yZLRUXfzNaBY"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
access-control-allow-methods
GET,POST,PATCH,PUT,DELETE,OPTIONS
date
Thu, 24 Oct 2024 13:37:39 GMT
content-type
application/json; charset=utf-8
access-control-allow-headers
Origin, Content-Type, Authorization, X-total-count, Content-Language,
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
x-dns-prefetch-control
off
cross-origin-opener-policy
same-origin
approadmap
p02-ccmsapi02
x-download-options
noopen
access-control-allow-origin
*
content-length
1021
x-xss-protection
1; mode=block
content-language
en-AU
server
Apache
google.png
enoc-uat.clm-comarch.com/assets/images/stores/ 		5 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://enoc-uat.clm-comarch.com/assets/images/stores/google.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
e1dd979c56439162cf66bb5ab2bf360c1c0cecb903c80098cadf8978a78c1c4b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"150c-622c4a7a1c81f"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
5388
date
Thu, 24 Oct 2024 13:37:38 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
image/png
server
Apache
x-frame-options
SAMEORIGIN
apple.png
enoc-uat.clm-comarch.com/assets/images/stores/ 		4 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://enoc-uat.clm-comarch.com/assets/images/stores/apple.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
a15a9a4dde1e178dfcd787c32031719079c4e84f8ac420d3f1724d053f776659
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"1179-622c4a7a1a5a7"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
4473
date
Thu, 24 Oct 2024 13:37:38 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
image/png
server
Apache
x-frame-options
SAMEORIGIN
app-gallery.png
enoc-uat.clm-comarch.com/assets/images/stores/ 		1 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://enoc-uat.clm-comarch.com/assets/images/stores/app-gallery.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
94247484e6a104da524333733f2ab52136baa0ced2bff88384647dea5d973bac
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"4c1-622c4a7a1a5a7"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
1217
date
Thu, 24 Oct 2024 13:37:39 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
image/png
server
Apache
x-frame-options
SAMEORIGIN
logo.png
enoc-uat.clm-comarch.com/assets/images/ 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://enoc-uat.clm-comarch.com/assets/images/logo.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
f27d2c9c59f83aa583788563e3b42d44223d5aa9365dfe45099ac0ec66e1d4cf
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"bc2-622c4a7a1ef2e"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
3010
date
Thu, 24 Oct 2024 13:37:39 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
image/png
server
Apache
x-frame-options
SAMEORIGIN
Cabin-Bold.ttf
enoc-uat.clm-comarch.com/assets/fonts/cabin/ 		100 KB
103 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/assets/fonts/cabin/Cabin-Bold.ttf
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
85bc3031aabb020dc98144ce81deb86b1fefe83c483af19cd5dea9e0e1a1390e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://enoc-uat.clm-comarch.com
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"1904c-622c4a7a1a1bf"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
102476
date
Thu, 24 Oct 2024 13:37:39 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
font/ttf
server
Apache
x-frame-options
SAMEORIGIN
Cabin-SemiBold.ttf
enoc-uat.clm-comarch.com/assets/fonts/cabin/ 		102 KB
105 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/assets/fonts/cabin/Cabin-SemiBold.ttf
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
59746e9042f7bf09a2470a0eec96a08a3840862038b47f2a1378df0d1d677fda
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://enoc-uat.clm-comarch.com
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"199e4-622c4a7a1a1bf"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
104932
date
Thu, 24 Oct 2024 13:37:39 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
font/ttf
server
Apache
x-frame-options
SAMEORIGIN
Cabin-Medium.ttf
enoc-uat.clm-comarch.com/assets/fonts/cabin/ 		103 KB
105 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/assets/fonts/cabin/Cabin-Medium.ttf
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
bff11c3223a96fec3a9042fe4464dc04eb0943ccaadf686cf8850a3fd480d7ee
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://enoc-uat.clm-comarch.com
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"19a64-622c4a7a1a1bf"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
105060
date
Thu, 24 Oct 2024 13:37:39 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
font/ttf
server
Apache
x-frame-options
SAMEORIGIN
truncated
/ 		751 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f977fcef479dc56cdb13f0ff9b53c5eb75dd007f761c0834d416e35f12a39e91

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
img/png
truncated
/ 		686 B
686 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d7f1c45bb2bab013f72d9a7db6a967738eebe79e2f56d2af787387eeac78c082

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
img/png
CBD
enoc-uat.clm-comarch.com/b2c/ext/me/cobrand-contact-requests/ 		228 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/b2c/ext/me/cobrand-contact-requests/CBD
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/polyfills.de84941a39ceb7be.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
5985130271c5fd3156dcdc1828e2664b5b60a9940ec993cef5ace2004c813548
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://enoc-uat.clm-comarch.com/offers
Accept-Language
en
Accept
application/json, text/plain, */*
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

x-clm-error
UNAUTHORIZED
x-clm-error-message
Full+authentication+is+required+to+access+this+resource
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
date
Thu, 24 Oct 2024 13:37:39 GMT
content-type
application/json
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
x-clm-error-path
%2Fb2c%2Fext%2Fme%2Fcobrand-contact-requests%2FCBD
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
www-authenticate
Bearer realm="oauth"
cross-origin-resource-policy
same-origin
approadmap
p01-b2c01
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
228
x-xss-protection
1; mode=block
server
Apache
offers
enoc-uat.clm-comarch.com/b2c/ext/ 		2 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://enoc-uat.clm-comarch.com/b2c/ext/offers?orderType=ASCENDING&firstResult=0&maxResults=6&regionCode=UAE&yesPrivileges=false&endDateFrom=2024-10-24T13%3A37%3A39.273Z&onlyActive=true&startDateTo=2024-10-24T13%3A37%3A39.273Z
Requested by
Host: enoc-uat.clm-comarch.com
URL: https://enoc-uat.clm-comarch.com/polyfills.de84941a39ceb7be.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
ab1c649dcc3f3f0e54b731560799ae67242bb6643f91c204b597c08b69348aca
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://enoc-uat.clm-comarch.com/offers
Accept-Language
en
Accept
application/json, text/plain, */*
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
date
Thu, 24 Oct 2024 13:37:39 GMT
content-type
application/json
x-frame-options
DENY
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
x-total-count
12
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
x-total-count-limited
false
pragma
no-cache
cross-origin-resource-policy
same-origin
approadmap
p01-b2c02
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
x-server-time
2024-10-24T17:37:39.507+04:00[Asia/Dubai]
x-xss-protection
1; mode=block
server
Apache
51055
enoc-uat.clm-comarch.com/b2c/files/ 		87 KB
90 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://enoc-uat.clm-comarch.com/b2c/files/51055
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
a6913077f16a3ddcf1dc2f611f4fc372a83b9c8192a6ea651b238c7df503b849
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
file-name
63992 - AutoPro - YES App - Car Wash Van_V3_629x416 bio[7].jpg
date
Thu, 24 Oct 2024 13:37:38 GMT
content-type
image/jpeg
x-frame-options
DENY
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
cross-origin-resource-policy
same-origin
approadmap
p02-b2c01
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
x-server-time
2024-10-24T17:37:39.815+04:00[Asia/Dubai]
x-xss-protection
1; mode=block
server
Apache
30056
enoc-uat.clm-comarch.com/b2c/files/ 		678 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://enoc-uat.clm-comarch.com/b2c/files/30056
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
file-name
60717 - ZOOM New Sites - Yes Loyalty App Banners V2_629 x 416.jpg
date
Thu, 24 Oct 2024 13:37:38 GMT
content-type
image/jpeg
x-frame-options
DENY
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
cross-origin-resource-policy
same-origin
approadmap
p02-b2c02
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
x-server-time
2024-10-24T17:37:39.813+04:00[Asia/Dubai]
x-xss-protection
1; mode=block
server
Apache
51104
enoc-uat.clm-comarch.com/b2c/files/ 		81 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://enoc-uat.clm-comarch.com/b2c/files/51104
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
a0f4f8c5f590faecc72f5f860c1a5be8e6addb786b4cf7b061eb405f5c74a858
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
file-name
63992 - AutoPro - YES App - Car Wash Van_V3_629x416 steam[43].jpg
date
Thu, 24 Oct 2024 13:37:38 GMT
content-type
image/jpeg
x-frame-options
DENY
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
cross-origin-resource-policy
same-origin
approadmap
p02-b2c01
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
x-server-time
2024-10-24T17:37:39.818+04:00[Asia/Dubai]
x-xss-protection
1; mode=block
server
Apache
60052
enoc-uat.clm-comarch.com/b2c/files/ 		15 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://enoc-uat.clm-comarch.com/b2c/files/60052
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
3a45fdd05a5a8070650b85dfc1bdc13e5e8e738031669066ea52d7e01e16f8cc
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
file-name
zoom test.jpg
date
Thu, 24 Oct 2024 13:37:38 GMT
content-type
image/jpeg
x-frame-options
DENY
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
cross-origin-resource-policy
same-origin
approadmap
p01-b2c01
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
x-server-time
2024-10-24T17:37:39.813+04:00[Asia/Dubai]
x-xss-protection
1; mode=block
server
Apache
special-offer-ribbon.png
enoc-uat.clm-comarch.com/assets/images/offers/ 		11 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://enoc-uat.clm-comarch.com/assets/images/offers/special-offer-ribbon.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
16baff88332f6c81303ec3ba6f3519127331fa54fa73226e77e0ddaf82774b6e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy
same-origin
etag
"2c1a-622c4a7a1d09f"
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
x-content-type-options
nosniff
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
11290
date
Thu, 24 Oct 2024 13:37:39 GMT
x-xss-protection
1; mode=block
last-modified
Mon, 23 Sep 2024 07:51:21 GMT
content-type
image/png
server
Apache
x-frame-options
SAMEORIGIN
50108
enoc-uat.clm-comarch.com/b2c/files/ 		367 KB
370 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://enoc-uat.clm-comarch.com/b2c/files/50108
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
9b2f242266c4325f560682610436c76dddf6618fe4d6786f4fcf10c9571487ee
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
file-name
62723 - ZOOM Coffee Subscription-yes banners_v7_Design Specification-offer android-360x269.jpg
date
Thu, 24 Oct 2024 13:37:40 GMT
content-type
image/jpeg
x-frame-options
DENY
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
cross-origin-resource-policy
same-origin
approadmap
p01-b2c02
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
x-server-time
2024-10-24T17:37:40.014+04:00[Asia/Dubai]
x-xss-protection
1; mode=block
server
Apache
46070
enoc-uat.clm-comarch.com/b2c/files/ 		158 KB
161 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://enoc-uat.clm-comarch.com/b2c/files/46070
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
156.154.166.19 , United States, ASN19905 (SECURITYSERVICES, US),
Reverse DNS
vip.scrubbingcenter.com
Software
Apache /
Resource Hash
a21eab5014cf8c506688cd704714ca2b5b8d321af64b0bdb872ee1b974b5dca0
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://enoc-uat.clm-comarch.com/offers

Response headers

x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
file-name
61841 - Zoom Mix N' Match_yes_banner_629x416px_v1_eng.jpg
date
Thu, 24 Oct 2024 13:37:40 GMT
content-type
image/jpeg
x-frame-options
DENY
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains;, max-age=63072000; includeSubDomains
content-security-policy
default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
cross-origin-resource-policy
same-origin
approadmap
p02-b2c02
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
x-server-time
2024-10-24T17:37:40.023+04:00[Asia/Dubai]
x-xss-protection
1; mode=block
server
Apache

Verdicts & Comments Add Verdict or Comment

172 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| deployJava function| Detector function| murmurhash3_32_gc function| SHA1 object| swfobject function| customOnload function| executeClientPluginCode function| ClientJS function| UAParser object| webpackChunk_clm_clm_enoc_mp function| $localize function| Zone function| __zone_symbol__Promise function| __zone_symbol__fetch function| __zone_symbol__queueMicrotask function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforexrselectpatched boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononbeforematchpatched boolean| __zone_symbol__ononbeforetogglepatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontentvisibilityautostatechangepatched boolean| __zone_symbol__ononcontextlostpatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__ononcontextrestoredpatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__ononformdatapatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononsecuritypolicyviolationpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononslotchangepatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointerrawupdatepatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononmessageerrorpatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononpageswappatched boolean| __zone_symbol__ononpagerevealpatched boolean| __zone_symbol__ononscrollendpatched boolean| __zone_symbol__ononscrollsnapchangepatched boolean| __zone_symbol__ononscrollsnapchangingpatched function| $ function| jQuery function| Hammer function| JsBarcode object| __zone_symbol__resizefalse object| __zone_symbol__orientationchangefalse object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse function| __zone_symbol__ON_PROPERTYload object| __zone_symbol__loadfalse string| s function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers object| __zone_symbol__focusfalse object| __zone_symbol__scrollfalse function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener function| eventListeners function| removeAllListeners

3 Cookies

Domain/Path Name / Value
enoc-uat.clm-comarch.com/ Name: cmplang
Value: en
.enoc-uat.clm-comarch.com/ Name: bot_mgt_id
Value: MDMBAAEAsDgiFgAAAAAFteqFm00aZ76IOOKXCUGZeK2iG9IefIKsc6z5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFA6zZPlphFm_wTxMHouTxfK27aOoU0aZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALRLgMaPrlL8Ix-jiOs_cua4h7bU
.clm-comarch.com/ Name: waf_mgt_id
Value: AAE7m00aZzvNiQIAAAAAADs8mmLM8WXHkXQYO4qKqOsM9qhcFj-NEjpOYBhZKrZVOw==J1EaZw==yNwUoF_pZ-p1REwX-P2UJHt80wE=

16 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'speaker-selection'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'conversion-measurement'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'focus-without-user-activation'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'sync-script'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'trust-token-redemption'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'window-placement'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'vertical-scroll'.
security error URL: https://enoc-uat.clm-comarch.com/offers
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
network error URL: https://enoc-uat.clm-comarch.com/b2c/ext/me/cobrand-contact-requests/CBD
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://backoffice-enoc-uat.clm-comarch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://backoffice-enoc-uat.clm-comarch.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://backoffice-enoc-uat.clm-comarch.com; form-action 'none'; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none';frame-src 'none'; worker-src 'none'; manifest-src 'self'; media-src 'none'; prefetch-src 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
Strict-Transport-Security max-age=63072000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

backoffice-enoc-uat.clm-comarch.com
enoc-uat.clm-comarch.com
156.154.166.19
156.154.166.21
058b99349e64013ce1a859148e5b5b1fec8443e5bf9c85f89ddc7176f745e07b
0e19226f74034018a45ba3fde00d3f97f4de91b185038764b51bca7a58ea4c3b
0e5c1dadd836792a96be74c43e8f4f9100ad19e3442b3f0489a7c7fd6eeefb76
16baff88332f6c81303ec3ba6f3519127331fa54fa73226e77e0ddaf82774b6e
2c1ca18bd38399a811ba8a7fb62c1f18a46ec499a034793d657272d41eedf930
36a5700b04cefac066c19762556521c68521add44a8f3eb6db1193b54bb20eef
3a45fdd05a5a8070650b85dfc1bdc13e5e8e738031669066ea52d7e01e16f8cc
46431f1f3f6a49dd7113abfaf7b484d069c9b4257f4f0b22aaccf82117565606
4977e09229db4622b5f4d671b0ee6a7a99b59fdbf969bb011f42d93a237fc1c3
4c2e1fa3c5fb75fe902ea787cddfe572f8afc700a8b291e6719cd3f8295ad21e
59746e9042f7bf09a2470a0eec96a08a3840862038b47f2a1378df0d1d677fda
5985130271c5fd3156dcdc1828e2664b5b60a9940ec993cef5ace2004c813548
7c64368fd5157b098884e3eea204a84c01ff1c543511dbd85cea24ae25fe8453
813486a40f680c7680a48b2eb0c844bb2c0f47121fe14782f8753334e182be8a
859c4a6882916a5932b55c24c4690e679064fc1415c66bda1f90770ab24e4879
85bc3031aabb020dc98144ce81deb86b1fefe83c483af19cd5dea9e0e1a1390e
94247484e6a104da524333733f2ab52136baa0ced2bff88384647dea5d973bac
9b2f242266c4325f560682610436c76dddf6618fe4d6786f4fcf10c9571487ee
9c4fa0e4dec2d69a45c541ab304c2247f9f017928f1babf5fa02dbf370a34cfb
a0f4f8c5f590faecc72f5f860c1a5be8e6addb786b4cf7b061eb405f5c74a858
a15a9a4dde1e178dfcd787c32031719079c4e84f8ac420d3f1724d053f776659
a21eab5014cf8c506688cd704714ca2b5b8d321af64b0bdb872ee1b974b5dca0
a4d451a35ac8f2b6689d9863960523342e28d7a0dbeeabbba38d248a41a1d53c
a6913077f16a3ddcf1dc2f611f4fc372a83b9c8192a6ea651b238c7df503b849
ab1c649dcc3f3f0e54b731560799ae67242bb6643f91c204b597c08b69348aca
b01ab68ccb3b33d1a1242c7e269ebf4150bfc3a6eaab6a3f57c3bc31f55047da
bb4c550fd5f78a0539c7041d66b69274a0ea2ace1f397c3689e72c0ae92c23c1
bff11c3223a96fec3a9042fe4464dc04eb0943ccaadf686cf8850a3fd480d7ee
d7f1c45bb2bab013f72d9a7db6a967738eebe79e2f56d2af787387eeac78c082
da46a518887e0636efaa611961dc7bb14b006b62ea4a7f6908d8c8e3b181c44e
dab209d046c2625c2032eeff511951f7aa708b1dbe0ba66f556411641704c352
e1dd979c56439162cf66bb5ab2bf360c1c0cecb903c80098cadf8978a78c1c4b
e2e416283416fda247b2f3baa5937bfc2de355e025586ab4d117e72aef5d94f3
ea3e314c7761ec6245ca231dafbb48bff2a3ea17fa71b6fe8f1d2292b4c896c6
f27d2c9c59f83aa583788563e3b42d44223d5aa9365dfe45099ac0ec66e1d4cf
f977fcef479dc56cdb13f0ff9b53c5eb75dd007f761c0834d416e35f12a39e91
fe64a50d13d3a0735eec31bc4ae54b476788a168fa71140527da5a3e281f5ea7