auth.merch.co Open in urlscan Pro
2600:9000:2249:5600:15:b275:8c40:93a1  Public Scan

Submitted URL: http://tesla.merch.co/wit
Effective URL: https://auth.merch.co/?redirectURL=https%3A%2F%2Ftesla.merch.co%2F
Submission: On August 18 via manual from US — Scanned from DE

Summary

This website contacted 11 IPs in 2 countries across 6 domains to perform 58 HTTP transactions. The main IP is 2600:9000:2249:5600:15:b275:8c40:93a1, located in United States and belongs to AMAZON-02, US. The main domain is auth.merch.co.
TLS certificate: Issued by Amazon RSA 2048 M01 on November 10th 2022. Valid for: a year.
This is the only time auth.merch.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 9 2600:9000:225... 16509 (AMAZON-02)
4 2600:9000:236... 16509 (AMAZON-02)
12 104.18.70.113 13335 (CLOUDFLAR...)
14 2600:9000:224... 16509 (AMAZON-02)
3 104.16.53.111 13335 (CLOUDFLAR...)
3 18.66.97.53 16509 (AMAZON-02)
5 52.202.173.66 14618 (AMAZON-AES)
3 52.222.236.122 16509 (AMAZON-02)
1 18.66.112.19 16509 (AMAZON-02)
2 34.120.195.249 396982 (GOOGLE-CL...)
58 11
Apex Domain
Subdomains
Transfer
32 merch.co
tesla.merch.co
assets.merch.co
auth.merch.co
api.merch.co
1 MB
12 zdassets.com
static.zdassets.com — Cisco Umbrella Rank: 2385
ekr.zdassets.com — Cisco Umbrella Rank: 2709
828 KB
6 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 991
script.hotjar.com — Cisco Umbrella Rank: 1166
177 KB
3 zendesk.com
merchhelp.zendesk.com
2 KB
2 sentry.io
o1067284.ingest.sentry.io
433 B
1 hotjar.io
vc.hotjar.io — Cisco Umbrella Rank: 3143
259 B
58 6
Domain Requested by
14 auth.merch.co tesla.merch.co
auth.merch.co
9 static.zdassets.com tesla.merch.co
static.zdassets.com
auth.merch.co
9 tesla.merch.co 1 redirects tesla.merch.co
5 api.merch.co tesla.merch.co
auth.merch.co
4 assets.merch.co tesla.merch.co
auth.merch.co
3 script.hotjar.com static.hotjar.com
3 static.hotjar.com auth.merch.co
tesla.merch.co
3 merchhelp.zendesk.com static.zdassets.com
3 ekr.zdassets.com static.zdassets.com
2 o1067284.ingest.sentry.io auth.merch.co
tesla.merch.co
1 vc.hotjar.io tesla.merch.co
58 11

This site contains no links.

Subject Issuer Validity Valid
*.merch.co
Amazon RSA 2048 M01
2022-11-10 -
2023-12-10
a year crt.sh
zdassets.com
Cloudflare Inc ECC CA-3
2022-11-10 -
2023-11-09
a year crt.sh
merchhelp.zendesk.com
Cloudflare Inc ECC CA-3
2023-06-12 -
2024-06-10
a year crt.sh
*.hotjar.com
Amazon ECDSA 256 M01
2023-03-09 -
2024-04-06
a year crt.sh
api.merch.co
Amazon RSA 2048 M01
2023-02-21 -
2024-03-22
a year crt.sh
*.hotjar.io
Amazon ECDSA 256 M01
2023-03-09 -
2024-04-06
a year crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-07-25 -
2024-08-24
a year crt.sh

This page contains 5 frames:

Primary Page: https://auth.merch.co/?redirectURL=https%3A%2F%2Ftesla.merch.co%2F
Frame ID: F8891A64AF112EE60391AA49BD509AC8
Requests: 37 HTTP requests in this frame

Frame: https://auth.merch.co/one-sign-in?origin=https://tesla.merch.co/wit
Frame ID: EE0C418F1B223110691507DD72CE82D2
Requests: 12 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1a67289.js
Frame ID: 65A90CCB2582C0A9E4BA6172E8A51442
Requests: 3 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1a67289.js
Frame ID: 0445680A99E191B8DE49ED6329B92176
Requests: 3 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1a67289.js
Frame ID: 65B55E0C25F71FEEA395D6511BB436E6
Requests: 3 HTTP requests in this frame

Screenshot

Page Title

Merch Authentication

Page URL History Show full URLs

  1. http://tesla.merch.co/wit HTTP 301
    https://tesla.merch.co/wit Page URL
  2. https://auth.merch.co/?redirectURL=https%3A%2F%2Ftesla.merch.co%2F Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Overall confidence: 100%
Detected patterns
  • twemoji(?:\.min)?\.js

Page Statistics

58
Requests

95 %
HTTPS

30 %
IPv6

6
Domains

11
Subdomains

11
IPs

2
Countries

2398 kB
Transfer

8245 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://tesla.merch.co/wit HTTP 301
    https://tesla.merch.co/wit Page URL
  2. https://auth.merch.co/?redirectURL=https%3A%2F%2Ftesla.merch.co%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://tesla.merch.co/wit HTTP 301
  • https://tesla.merch.co/wit

58 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
wit
tesla.merch.co/
Redirect Chain
  • http://tesla.merch.co/wit
  • https://tesla.merch.co/wit
5 KB
3 KB
Document
General
Full URL
https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:9600:1c:a56d:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
8502c227a4d3367b712c1e8e2a2c2e99cf0775d6f2e9be43abec270ea893b9e1
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
58142
content-encoding
br
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
content-type
text/html
date
Fri, 18 Aug 2023 16:54:21 GMT
etag
W/"386de45bae23b350cff60d943874ecaf"
last-modified
Wed, 16 Aug 2023 13:57:32 GMT
referrer-policy
no-referrer
server
CloudFront
strict-transport-security
max-age=31536000
vary
Accept-Encoding Origin
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
x-amz-cf-id
w1kqT3NIyv2DU3gjtFTto6vAZ1Hj-aEGM9QBTmN4NXtu6MdfazcB-Q==
x-amz-cf-pop
FRA60-P4
x-amz-server-side-encryption
AES256
x-amz-version-id
GE129nJVCg4i1vECa8HO33A6kJcGwJ22
x-cache
Error from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
167
Content-Security-Policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Content-Type
text/html
Date
Fri, 18 Aug 2023 16:54:20 GMT
Location
https://tesla.merch.co/wit
Referrer-Policy
no-referrer
Server
CloudFront
Vary
Origin
Via
1.1 307395f1eb3989f15e6f525475291c86.cloudfront.net (CloudFront)
X-Amz-Cf-Id
2DUS865iRxVSry_NUuqxCxMBQEaPxDqrKJzhdbHZ2kAl2oI0SrSWOg==
X-Amz-Cf-Pop
FRA60-P4
X-Cache
Redirect from cloudfront
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
twemoji.min.js
assets.merch.co/
17 KB
4 KB
Script
General
Full URL
https://assets.merch.co/twemoji.min.js
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:3c00:6:4931:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a740dbcdaf3c5a7a5594d21684202c222c5a077f67e0c6cb89b76115431d0a3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:21 GMT
content-encoding
br
via
1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
last-modified
Mon, 09 Jan 2023 16:27:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
58142
x-amz-server-side-encryption
AES256
etag
W/"e528d769d37461a1a2460653b825c742"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
GTRQHv7RMCp3FrKENYVh65MlK39h4-OuBwzeA2zEDg4uQvF19wiQ5A==
merch-logo-splash.svg
tesla.merch.co/assets/images/logo/
919 B
2 KB
Image
General
Full URL
https://tesla.merch.co/assets/images/logo/merch-logo-splash.svg
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:9600:1c:a56d:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
b010bc750ef65967355f000d34be188c5faf80a8a6a81d6f061488ebbf61fa7b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-amz-version-id
FpWXR5eEknPbSVm1hEJA55hnS1rflxuj
date
Fri, 18 Aug 2023 16:54:21 GMT
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA60-P4
age
58142
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
919
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:32 GMT
server
CloudFront
etag
"769a6bc6cbf4e78be8294e1589fc7545"
vary
Accept-Encoding, Origin
content-type
image/svg+xml
accept-ranges
bytes
x-amz-cf-id
XEFvVl6DK6R6dllcGtUvnwozVz-asVEF3sz2VQP-HcyusWH4Zon6yw==
snippet.js
static.zdassets.com/ekr/
10 KB
5 KB
Script
General
Full URL
https://static.zdassets.com/ekr/snippet.js?key=0819307f-c5ad-4f29-9b93-e2fb93a0b97d
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f22f6e9d4852f8be0706b62fbd0eba20f6cb56171def5e387b2d95fcd07df01
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:21 GMT
x-amz-version-id
hKEbdq289Xo7bHrM.yPFOdJ37r5nFwfe
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
TDMX7FKV107EPGGF
age
55
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-amz-id-2
mEfdnHG+4ET9FRTmDfKIS9KIphFr6cE7h0qgEQh3SSJ2Xe72azrgYiHC2WUZuGsOGb8murwKyAaI/5BNPwNdrQ==
last-modified
Wed, 09 Aug 2023 01:01:02 GMT
server
cloudflare
etag
W/"42d94c325a0b012e41f9c3907853625a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATwOyxO4AUhfi42Ri5Tl04MUSMboSS8ltXEiJKmhN31nyVpxSTFfdbBVOcg4GGYxmUzLoCSY2kDf6RB82U5o%2FgpM8EaezkDRFshzdZhrUrhedublIbt1NfuchDNFFrcstV8ZVYM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=3600, s-maxage=60
cf-ray
7f8bada038d618d9-FRA
runtime.b2fda545c73fa615.js
tesla.merch.co/
1 KB
2 KB
Script
General
Full URL
https://tesla.merch.co/runtime.b2fda545c73fa615.js
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:9600:1c:a56d:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
5e4d7873d7b4fefd85dd1f8960c389721a7a4d69744ea4f4769cc57e44efd2b8
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://tesla.merch.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-amz-version-id
l_gX2cXLb72pMB11e1w8.FhM3SZGS3.D
content-encoding
br
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
date
Fri, 18 Aug 2023 16:54:21 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-amz-cf-pop
FRA60-P4
age
58142
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:32 GMT
server
CloudFront
etag
W/"5cfa05d06e6b0ed32ff90e3eb1b02a0d"
vary
Accept-Encoding, Origin
content-type
text/javascript
access-control-allow-origin
https://tesla.merch.co
x-amz-cf-id
DAtjTg52kCpKrHDy8VO__RN170W1X11p4SjXEVGKh879M8qhwIAMfw==
polyfills.90a120e0ee3fd1da.js
tesla.merch.co/
33 KB
13 KB
Script
General
Full URL
https://tesla.merch.co/polyfills.90a120e0ee3fd1da.js
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:9600:1c:a56d:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
b1f9a11385153eccb8a93ada228b62bcb97277e7cc8aacc8dfc981536e91ebd5
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://tesla.merch.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-amz-version-id
POJcsAupw1zwoGztAJS89TerHCR21upz
content-encoding
br
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
date
Fri, 18 Aug 2023 16:54:21 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-amz-cf-pop
FRA60-P4
age
58142
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:32 GMT
server
CloudFront
etag
W/"4f6509a7679cd76b515871f59622cd95"
vary
Accept-Encoding, Origin
content-type
text/javascript
access-control-allow-origin
https://tesla.merch.co
x-amz-cf-id
1_Dyns5RZ0fegMw_MoLS7NqsFlQ6rSemiS0MSuD5EB2E4b8B2ZJpEQ==
main.8f2a3edab222034c.js
tesla.merch.co/
1 MB
360 KB
Script
General
Full URL
https://tesla.merch.co/main.8f2a3edab222034c.js
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:9600:1c:a56d:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
5ed8ed5a767dcf3f2a8d69b7830bee5e4ce75b0bb391d244f8103119c516fa72
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://tesla.merch.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-amz-version-id
Z_.j4dwyB_8v.vxcdWPax9gfybPMX_jj
content-encoding
br
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
date
Fri, 18 Aug 2023 16:54:21 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-amz-cf-pop
FRA60-P4
age
58142
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:32 GMT
server
CloudFront
etag
W/"09f81a66abbfdefdd5c72b18076201d9"
vary
Accept-Encoding, Origin
content-type
text/javascript
access-control-allow-origin
https://tesla.merch.co
x-amz-cf-id
5AsMMRWcpFM5TR6EzW1QWTQ840pvTPG2-WDL5I42H98nQrzdR5_MBQ==
inter.css
tesla.merch.co/assets/fonts/inter/
435 B
2 KB
Stylesheet
General
Full URL
https://tesla.merch.co/assets/fonts/inter/inter.css
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:9600:1c:a56d:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
9406b1a2f54860b463354533a32c95b3f64a5c4aac6033891af1619325932943
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-amz-version-id
ct7xJnhIOHUQMmaS_hk0QPFHeNPAouBb
date
Fri, 18 Aug 2023 16:54:21 GMT
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA60-P4
age
58142
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
435
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:32 GMT
server
CloudFront
etag
"00a7a48a0d09943edb1374ceed84d72b"
vary
Accept-Encoding, Origin
content-type
text/css
accept-ranges
bytes
x-amz-cf-id
nz8eqnGonlNAzGbI0XAlwNFlLvIeHvoWP-6v8Xgpnf-B2IJChPBPDA==
splash-screen.css
tesla.merch.co/assets/styles/
2 KB
2 KB
Stylesheet
General
Full URL
https://tesla.merch.co/assets/styles/splash-screen.css
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:9600:1c:a56d:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
4054c224e5090b864df5132d71d3268f4d493489ceb420cf1513b77bdfc2f2ca
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-amz-version-id
sillUE5QKGbsIHtrkasZEl4DWg2XxBx0
content-encoding
br
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
date
Fri, 18 Aug 2023 16:54:21 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-amz-cf-pop
FRA60-P4
age
58141
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:32 GMT
server
CloudFront
etag
W/"1d8ee3a51b9dfa22f54e21b9cc5470c0"
vary
Accept-Encoding, Origin
content-type
text/css
x-amz-cf-id
kgJqO3z21X4Ohz97L0lIuQmv60CdlyjYOMlYdxkyRy7rLM7DAU8R_Q==
styles.05358dcf5aea548c.css
tesla.merch.co/
74 KB
12 KB
Stylesheet
General
Full URL
https://tesla.merch.co/styles.05358dcf5aea548c.css
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:9600:1c:a56d:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
0b2eaee5d588e65783286cefff81feef0a2db2fda1cdcb11dfe2cd852857fcc6
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-amz-version-id
AbfJjMqH555ErV1A0ZR_pSntznRgfi_U
content-encoding
br
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
date
Fri, 18 Aug 2023 16:54:21 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-amz-cf-pop
FRA60-P4
age
58141
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:32 GMT
server
CloudFront
etag
W/"c6f6d0fdf65cbdf68a88735c0f275dea"
vary
Accept-Encoding, Origin
content-type
text/css
x-amz-cf-id
jV5YZ6RsSuJNLG4tk8tDIgS40ndIfGzVp-e48s9pVf6gQ-lpQDuYUA==
0819307f-c5ad-4f29-9b93-e2fb93a0b97d
ekr.zdassets.com/compose/
887 B
1 KB
Fetch
General
Full URL
https://ekr.zdassets.com/compose/0819307f-c5ad-4f29-9b93-e2fb93a0b97d
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0819307f-c5ad-4f29-9b93-e2fb93a0b97d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ce229f2268811166f1f9d4fdabcd59a19746fa4bb5d25ea3017c07d555bc680
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:21 GMT
strict-transport-security
max-age=0
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
content-encoding
br
status
200 OK
cdn-cache-control
max-age=60
x-xss-protection
1; mode=block
x-request-id
7f7e3d488dd1fa9e-SEA, 7f7e3d488dd1fa9e-SEA
x-runtime
0.005859
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"4ce229f2268811166f1f9d4fdabcd59a"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G5TkFGoi82RAghccSsDseqMYlPvNPvQCUfDBwVpXYgZN7clA4qZPTSa%2Fi9hCagyUDcuAvUdrpkwgPnVyQL87pfQqB%2Bwn5qxJmDKBadEUfz3tCVbRWcoMSaiFsLERd3jgnOU%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary
Accept, Origin, Accept-Encoding
cache-control
max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type
application/json; charset=utf-8
x-zendesk-zorg
yes
cf-ray
7f8bada0b9a03688-FRA
one-sign-in
auth.merch.co/ Frame EE0C
3 KB
2 KB
Document
General
Full URL
https://auth.merch.co/one-sign-in?origin=https://tesla.merch.co/wit
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/main.8f2a3edab222034c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2249:5600:15:b275:8c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
16ace237dbd5d48d7d074779f7d51f2a6af3c400da6135e141c8f1245669b587
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
57913
content-encoding
br
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
content-type
text/html
date
Fri, 18 Aug 2023 00:49:09 GMT
etag
W/"a97ec8c3382802638705ec5bc743ffe0"
last-modified
Wed, 16 Aug 2023 13:57:27 GMT
referrer-policy
no-referrer
server
CloudFront
strict-transport-security
max-age=31536000
vary
Accept-Encoding Origin
via
1.1 0e5b4e70ed9a0ae5ed4d6c1eae368c7c.cloudfront.net (CloudFront)
x-amz-cf-id
q_-pPvsdTBdWEwetcuYYTy1g1soca28jZfxwyfRPBwgCv-13LLvZcQ==
x-amz-cf-pop
MXP63-P4
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block
web-widget-main-1a67289.js
static.zdassets.com/web_widget/classic/latest/ Frame 65A9
921 KB
265 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1a67289.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0819307f-c5ad-4f29-9b93-e2fb93a0b97d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b83b65c2f0c60454dca3a7038c109799a8e8ccffc04c27e7586f9ecc023bcb4
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:21 GMT
x-amz-version-id
2qyVBauxoU8.RPLzvflLKppTqPP3N.6y
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
ARRPFEW30QPE2H9E
age
141216
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
r9mVseaofMEfcpXBYl4Had/tDTgF4qXax5OSPkgaCAsm+7xQcTOsKRV2RTDP/q1wMOzKIHPAYOo=
last-modified
Wed, 16 Aug 2023 07:34:04 GMT
server
cloudflare
etag
W/"9096c0a59eb5794727d5670e19568def"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZzP%2FVvdpzOQlZVFozhJKG9seSgBVeS0QDapievSk%2BHMI7ADLxLx%2Fe8Ua3GVE0hH7HvIbvuiTh7oHlt2HBfe0CJCbPbT4rGAnWr%2BDcfCLEmMDZi3S3l7tl0R8lynRIPlIS8H%2Fvz0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7f8bada24bd218d9-FRA
expires
Thu, 15 Aug 2024 07:34:03 GMT
en-us-json-1a67289.js
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 65A9
25 KB
6 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-1a67289.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1a67289.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53b63be2f9ab7f75dd4702ae1f07e7bb82dbdcfb8e6df77c9f173b213c1af912
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:21 GMT
x-amz-version-id
V7mjEL3JWbS1eyGOwoLwxSYMB379kGQG
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
ARRTZ8FRKM0VB587
age
141216
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
LwgFFChxrwnR+ZxGIcgzvdcVI+wRMGlGSKnro9Zu9iQBvwJtXaroai7Lwym570kKqRhHq3g3+1c=
last-modified
Wed, 16 Aug 2023 07:34:06 GMT
server
cloudflare
etag
W/"fd692493810d22ae0ff5aca283a7a202"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n7iPjF4xZMHJfkPegDeUnGFEy9jaCxd5OTlEJy8VKPZRaSLdGF4fjifnkSyzBMNHeSdo8pjXUOGIdQCJfepr1tPLW3aKbUQTGmigwZwKWlyb1U%2Fys9tUZegGsXXFPvmBY57dGT0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7f8bada36d7e18d9-FRA
expires
Thu, 15 Aug 2024 07:34:05 GMT
config
merchhelp.zendesk.com/embeddable/ Frame 65A9
514 B
1 KB
Fetch
General
Full URL
https://merchhelp.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1a67289.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3423120195dbb698dc4ae0c5d21deee9a509072359dbd517ed6a44e67d097d44

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:22 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server
embeddable-app-server-7d6857c958-6cxpq
x-cached
MISS
x-request-id
7f8bada3dc1f1907-FRA
x-runtime
0.002538
last-modified
Tue, 15 Aug 2023 18:29:58 GMT
server
cloudflare
access-control-max-age
7200
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iY90oYcksSwEUaTJLaMKtsOAgbWWtU%2BHiqykYFkgPSZ%2BeXWr9nU%2B8z9kLCZuOhBatvx2Mxb6B1adMhL7FVWNJ2KknyjzaR0u6yBwpFcC2rHpzt2BP5MI1szbmT%2BTA7DF4%2Bkzlv6Dhw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary
Origin, Accept-Encoding
cf-ray
7f8bada3dc1f1907-FRA
twemoji.min.js
assets.merch.co/ Frame EE0C
17 KB
4 KB
Script
General
Full URL
https://assets.merch.co/twemoji.min.js
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/one-sign-in?origin=https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:3c00:6:4931:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a740dbcdaf3c5a7a5594d21684202c222c5a077f67e0c6cb89b76115431d0a3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:21 GMT
content-encoding
br
via
1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
last-modified
Mon, 09 Jan 2023 16:27:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
58143
x-amz-server-side-encryption
AES256
etag
W/"e528d769d37461a1a2460653b825c742"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
pHfRrwVZUYUSoJPpjRqi8YQUMs-Riez8OxTj6HxvcqXASp_FPtF62w==
snippet.js
static.zdassets.com/ekr/ Frame EE0C
10 KB
4 KB
Script
General
Full URL
https://static.zdassets.com/ekr/snippet.js?key=0819307f-c5ad-4f29-9b93-e2fb93a0b97d
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/one-sign-in?origin=https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f22f6e9d4852f8be0706b62fbd0eba20f6cb56171def5e387b2d95fcd07df01
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:22 GMT
x-amz-version-id
hKEbdq289Xo7bHrM.yPFOdJ37r5nFwfe
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
TDMX7FKV107EPGGF
age
56
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-amz-id-2
mEfdnHG+4ET9FRTmDfKIS9KIphFr6cE7h0qgEQh3SSJ2Xe72azrgYiHC2WUZuGsOGb8murwKyAaI/5BNPwNdrQ==
last-modified
Wed, 09 Aug 2023 01:01:02 GMT
server
cloudflare
etag
W/"42d94c325a0b012e41f9c3907853625a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IpUxYVwohvZx066VaWbmaSeE6C3Vh0Ff%2B6pKx5FA1wHc%2BPESnOPTUtcuEK7FDZmvL%2F6nfLg2%2F6QyqsK3Ik3zQ3qlvfR1cDe2bYppdwJqQeqW5J8ZxWMpda%2FgO5PmBO2zqpmuVpg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=3600, s-maxage=60
cf-ray
7f8bada51fd018d9-FRA
runtime.1a3b6c2ede099875.js
auth.merch.co/ Frame EE0C
1 KB
2 KB
Script
General
Full URL
https://auth.merch.co/runtime.1a3b6c2ede099875.js
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/one-sign-in?origin=https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2249:5600:15:b275:8c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
a676cd234453abe83941cd9fed7812d49fbabbfa718b8c3bd949fd9b11835989
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://auth.merch.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 00:45:22 GMT
content-encoding
br
via
1.1 0e5b4e70ed9a0ae5ed4d6c1eae368c7c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
MXP63-P4
age
58141
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:27 GMT
server
CloudFront
etag
W/"3dfd2f97b69ab0db2ec1bcc5cd893de3"
vary
Accept-Encoding, Origin
content-type
text/javascript
access-control-allow-origin
https://auth.merch.co
x-amz-cf-id
uk9YtkrlywrKK42B3tE72yViBP33fdgYOIZ1bg1uqNuQJx-7NjQ_gw==
polyfills.ada06988a220539d.js
auth.merch.co/ Frame EE0C
33 KB
13 KB
Script
General
Full URL
https://auth.merch.co/polyfills.ada06988a220539d.js
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/one-sign-in?origin=https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2249:5600:15:b275:8c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
25143af45e1dba17c73009cd4796a7f2a1e54bd97012ab82ba084c7228aa3130
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://auth.merch.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 00:45:22 GMT
content-encoding
br
via
1.1 0e5b4e70ed9a0ae5ed4d6c1eae368c7c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
MXP63-P4
age
58141
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:27 GMT
server
CloudFront
etag
W/"0b24754a83b0cd75027ffe79b0f51c21"
vary
Accept-Encoding, Origin
content-type
text/javascript
access-control-allow-origin
https://auth.merch.co
x-amz-cf-id
YruxHtXnmdh-EaHM-rLNbqexM5yExsMqEWaJISrznqbBwpfokJ5hLQ==
main.d10009e0a443a1f8.js
auth.merch.co/ Frame EE0C
1 MB
307 KB
Script
General
Full URL
https://auth.merch.co/main.d10009e0a443a1f8.js
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/one-sign-in?origin=https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2249:5600:15:b275:8c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
6cb38387ffe6682f3ac7f29b50ec1dd5b9e29b6d2c4d796f17ac7621b73c6e7d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://auth.merch.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 00:45:22 GMT
content-encoding
br
via
1.1 0e5b4e70ed9a0ae5ed4d6c1eae368c7c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
MXP63-P4
age
58141
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:27 GMT
server
CloudFront
etag
W/"dbd370885b9dbbe1e58f4bf0b9909837"
vary
Accept-Encoding, Origin
content-type
text/javascript
access-control-allow-origin
https://auth.merch.co
x-amz-cf-id
WiglSOlp41GtkNoU57_dKwlSTJAzrDY40XYR3Cu1XJTG9HjmxBdAqw==
inter.css
auth.merch.co/assets/fonts/inter/ Frame EE0C
435 B
1 KB
Stylesheet
General
Full URL
https://auth.merch.co/assets/fonts/inter/inter.css
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/one-sign-in?origin=https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2249:5600:15:b275:8c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
9406b1a2f54860b463354533a32c95b3f64a5c4aac6033891af1619325932943
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 00:45:22 GMT
via
1.1 0e5b4e70ed9a0ae5ed4d6c1eae368c7c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
strict-transport-security
max-age=31536000
x-amz-cf-pop
MXP63-P4
age
58141
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
435
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:27 GMT
server
CloudFront
etag
"00a7a48a0d09943edb1374ceed84d72b"
vary
Accept-Encoding, Origin
content-type
text/css
accept-ranges
bytes
x-amz-cf-id
P5Q-FlDS9Nk_QZ66BZ1lcF7bv_l5CI5qCcYycL2UMLzK3l1kYEejDA==
styles.b9191ed777abd6e2.css
auth.merch.co/ Frame EE0C
138 KB
17 KB
Stylesheet
General
Full URL
https://auth.merch.co/styles.b9191ed777abd6e2.css
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/one-sign-in?origin=https://tesla.merch.co/wit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2249:5600:15:b275:8c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
161423c96de78a43f810cb89e43dddb414faaf7d8460d41c230e33cbb3528376
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 00:45:22 GMT
content-encoding
br
via
1.1 0e5b4e70ed9a0ae5ed4d6c1eae368c7c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
MXP63-P4
age
58141
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:27 GMT
server
CloudFront
etag
W/"3f821ad0369113b840377bbb62867e13"
vary
Accept-Encoding, Origin
content-type
text/css
x-amz-cf-id
D8e_GQjNCMJQSeayhZu8CsFF4p7RZ1DHZfFAUOtcIKS9BiC1AJoOGA==
0819307f-c5ad-4f29-9b93-e2fb93a0b97d
ekr.zdassets.com/compose/ Frame EE0C
887 B
825 B
Fetch
General
Full URL
https://ekr.zdassets.com/compose/0819307f-c5ad-4f29-9b93-e2fb93a0b97d
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0819307f-c5ad-4f29-9b93-e2fb93a0b97d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ce229f2268811166f1f9d4fdabcd59a19746fa4bb5d25ea3017c07d555bc680
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:22 GMT
strict-transport-security
max-age=0
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
content-encoding
br
status
200 OK
cdn-cache-control
max-age=60
x-xss-protection
1; mode=block
x-request-id
7f7e3d4cee17fa9e-SEA, 7f7e3d4cee17fa9e-SEA
x-runtime
0.004180
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"4ce229f2268811166f1f9d4fdabcd59a"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0T06ViikRGKxUPfKkFkU%2BmKQPh1Olt%2B1zCwmMH%2Fr1jTQobwljAQKA9kWoIxFegJf%2B6mX3NrjsAXhcH1x9TeJNooDagdZnrqoygMZ%2FoZgL8L%2F85L1JbfvhAZd95izco0S3ZY%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary
Accept, Origin, Accept-Encoding
cache-control
max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type
application/json; charset=utf-8
x-zendesk-zorg
yes
cf-ray
7f8bada558113688-FRA
hotjar-2885937.js
static.hotjar.com/c/ Frame EE0C
9 KB
4 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-2885937.js?sv=6
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/main.d10009e0a443a1f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-53.fra56.r.cloudfront.net
Software
/
Resource Hash
1ecac465777aecfe109328420a94a704a60ea9102264776d1bdbe9e9c0bcf343
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:22 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/c5219782ee04267b15b14eeb3a77ef54
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
GPF38GG11PyX8PjK5Ev5qQdohVxr_z6RffZxPnCDQ5INKU59at4X7w==
hotjar-2881196.js
static.hotjar.com/c/
9 KB
4 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-2881196.js?sv=6
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/main.8f2a3edab222034c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-53.fra56.r.cloudfront.net
Software
/
Resource Hash
3a9a04bb0c1ef156e3f3734d72c0112392e63bda240008b05105c83237ea0ac5
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:22 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/f3819b0a7151a0308d13691715874b35
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
2NhciTsSszt2vyRkdHojCAUYTWTcjNzdKKg2geDthT3gNhvdWSQ5sg==
layout
api.merch.co/commerce/companies/
333 B
680 B
XHR
General
Full URL
https://api.merch.co/commerce/companies/layout
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/polyfills.90a120e0ee3fd1da.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.202.173.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-202-173-66.compute-1.amazonaws.com
Software
envoy / Express
Resource Hash
60094d0e5af01612c542bd5cae09aa9e9e3397490faf7c1e0b5cf770bfb7ae48

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:23 GMT
server
envoy
etag
W/"14d-mvfE0eHg8MuJi1pB1ruiwJqHx5w"
x-powered-by
Express
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://tesla.merch.co
access-control-allow-credentials
true
x-envoy-upstream-service-time
11
content-length
333
web-widget-main-1a67289.js
static.zdassets.com/web_widget/classic/latest/ Frame 0445
921 KB
265 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1a67289.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0819307f-c5ad-4f29-9b93-e2fb93a0b97d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b83b65c2f0c60454dca3a7038c109799a8e8ccffc04c27e7586f9ecc023bcb4
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:22 GMT
x-amz-version-id
2qyVBauxoU8.RPLzvflLKppTqPP3N.6y
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
ARRPFEW30QPE2H9E
age
141217
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
r9mVseaofMEfcpXBYl4Had/tDTgF4qXax5OSPkgaCAsm+7xQcTOsKRV2RTDP/q1wMOzKIHPAYOo=
last-modified
Wed, 16 Aug 2023 07:34:04 GMT
server
cloudflare
etag
W/"9096c0a59eb5794727d5670e19568def"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fcnW65F3TIPKvy7opeSh%2BGTbMjmuJn5ITiYtjWJHDHbfmlBfXdeujtWjqpje3zjUNxjh4cEY0Gh8AofxvFXW4eCowkdJUjv1W0k3o4zKWB3qQxZaF%2BmX04klIT87mDh9hjdUutA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7f8bada6ea5918d9-FRA
expires
Thu, 15 Aug 2024 07:34:03 GMT
modules.be28aa100b6c5e9c734a.js
script.hotjar.com/
223 KB
55 KB
Script
General
Full URL
https://script.hotjar.com/modules.be28aa100b6c5e9c734a.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2881196.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-122.fra56.r.cloudfront.net
Software
/
Resource Hash
b76eb0fb853247a10ef2d06dd156815be1d8ae1d5e6fc23db338968e133006ef
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 09:10:36 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P4
age
27826
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
55605
last-modified
Fri, 18 Aug 2023 09:05:29 GMT
etag
"452f7cb7245126a3677ef01e073b98fc"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
NUGETrGRxfofwu3YYwYfHfIeUcoGCxlowh4WoqIsw0WBhqhF5eGhxg==
modules.be28aa100b6c5e9c734a.js
script.hotjar.com/ Frame EE0C
223 KB
55 KB
Script
General
Full URL
https://script.hotjar.com/modules.be28aa100b6c5e9c734a.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2885937.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-122.fra56.r.cloudfront.net
Software
/
Resource Hash
b76eb0fb853247a10ef2d06dd156815be1d8ae1d5e6fc23db338968e133006ef
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 09:10:36 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P4
age
27826
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
55605
last-modified
Fri, 18 Aug 2023 09:05:29 GMT
etag
"452f7cb7245126a3677ef01e073b98fc"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
QTsVAHuwFL_Xf4p2ht-Npvs8HJqJP1Ox0AQeF1cnZA9ljXvrGftgDg==
en-us-json-1a67289.js
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 0445
25 KB
6 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-1a67289.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1a67289.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53b63be2f9ab7f75dd4702ae1f07e7bb82dbdcfb8e6df77c9f173b213c1af912
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:22 GMT
x-amz-version-id
V7mjEL3JWbS1eyGOwoLwxSYMB379kGQG
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
ARRTZ8FRKM0VB587
age
141217
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
LwgFFChxrwnR+ZxGIcgzvdcVI+wRMGlGSKnro9Zu9iQBvwJtXaroai7Lwym570kKqRhHq3g3+1c=
last-modified
Wed, 16 Aug 2023 07:34:06 GMT
server
cloudflare
etag
W/"fd692493810d22ae0ff5aca283a7a202"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WuhSHQbI0Ys4dDNPNOw2jr6L4V%2Fro3t9dqbhPNnCSJ4h2C1MASy81kmngRFh0z6bhjOJPl%2FYCKQOAGi4p3sWLvQhaLAWEOryRqYJ5OWNNi9zfjydfvxQkX2ZG6xQlmLELd%2FXEZU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7f8bada7ab3118d9-FRA
expires
Thu, 15 Aug 2024 07:34:05 GMT
config
merchhelp.zendesk.com/embeddable/ Frame 0445
514 B
600 B
Fetch
General
Full URL
https://merchhelp.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1a67289.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3423120195dbb698dc4ae0c5d21deee9a509072359dbd517ed6a44e67d097d44

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:22 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
0
x-zendesk-origin-server
embeddable-app-server-7d6857c958-6cxpq
x-cached
MISS
x-request-id
7f8bada3dc1f1907-FRA
x-runtime
0.002538
last-modified
Fri, 18 Aug 2023 16:54:22 GMT
server
cloudflare
access-control-max-age
7200
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VrGDrjw%2FY6O3tt0XXfI5t%2BdrIathlG95%2Fe9FGHw6Wt9fHbWmYhSgwouHwfYpHN010BOkE3MTa3wEI%2FQgFs%2BOtJ3azko4rcetRXBc1z1rpWcLrRPLKFcQAIMIolmc2HxKo9ozyrZmNw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary
Origin, Accept-Encoding
cf-ray
7f8bada7a9ba1907-FRA
2881196
vc.hotjar.io/sessions/
0
259 B
XHR
General
Full URL
https://vc.hotjar.io/sessions/2881196?s=0.25&r=0.2220363109564083
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/polyfills.90a120e0ee3fd1da.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-19.fra56.r.cloudfront.net
Software
Python/3.8 aiohttp/3.8.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:22 GMT
via
1.1 ffdf2668ac264ec6d8784ccc7453073c.cloudfront.net (CloudFront)
server
Python/3.8 aiohttp/3.8.4
x-amz-cf-pop
FRA56-P5
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-id
lXReRDZlSN-HQIsCzHP4zx4D_O9224qupqbQT7jQFE-48nwqcnOXHQ==
storefronts
api.merch.co/commerce/
2 B
345 B
XHR
General
Full URL
https://api.merch.co/commerce/storefronts
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/polyfills.90a120e0ee3fd1da.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.202.173.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-202-173-66.compute-1.amazonaws.com
Software
envoy / Express
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:23 GMT
server
envoy
etag
W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-powered-by
Express
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://tesla.merch.co
access-control-allow-credentials
true
x-envoy-upstream-service-time
13
content-length
2
sign-out
auth.merch.co/
0
0

layout
api.merch.co/commerce/companies/
333 B
679 B
XHR
General
Full URL
https://api.merch.co/commerce/companies/layout
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/polyfills.90a120e0ee3fd1da.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.202.173.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-202-173-66.compute-1.amazonaws.com
Software
envoy / Express
Resource Hash
60094d0e5af01612c542bd5cae09aa9e9e3397490faf7c1e0b5cf770bfb7ae48

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:23 GMT
server
envoy
etag
W/"14d-mvfE0eHg8MuJi1pB1ruiwJqHx5w"
x-powered-by
Express
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://tesla.merch.co
access-control-allow-credentials
true
x-envoy-upstream-service-time
7
content-length
333
/
o1067284.ingest.sentry.io/api/6289204/envelope/ Frame EE0C
41 B
373 B
Fetch
General
Full URL
https://o1067284.ingest.sentry.io/api/6289204/envelope/?sentry_key=acade202e7fe4a9188e91ae061e56d7e&sentry_version=7&sentry_client=sentry.javascript.angular%2F7.50.0
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/polyfills.ada06988a220539d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
9fe9794fd4d835e2281ade68170e17ae12a1da4413fcf721091e066574028f36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://auth.merch.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 18 Aug 2023 16:54:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
storefronts
api.merch.co/commerce/
2 B
345 B
XHR
General
Full URL
https://api.merch.co/commerce/storefronts
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/polyfills.90a120e0ee3fd1da.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.202.173.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-202-173-66.compute-1.amazonaws.com
Software
envoy / Express
Resource Hash

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:23 GMT
server
envoy
etag
W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-powered-by
Express
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://tesla.merch.co
access-control-allow-credentials
true
x-envoy-upstream-service-time
13
content-length
2
Primary Request /
auth.merch.co/
3 KB
2 KB
Document
General
Full URL
https://auth.merch.co/?redirectURL=https%3A%2F%2Ftesla.merch.co%2F
Requested by
Host: tesla.merch.co
URL: https://tesla.merch.co/main.8f2a3edab222034c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2249:5600:15:b275:8c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
16ace237dbd5d48d7d074779f7d51f2a6af3c400da6135e141c8f1245669b587
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
57914
content-encoding
br
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
content-type
text/html
date
Fri, 18 Aug 2023 00:49:09 GMT
etag
W/"a97ec8c3382802638705ec5bc743ffe0"
last-modified
Wed, 16 Aug 2023 13:57:27 GMT
referrer-policy
no-referrer
server
CloudFront
strict-transport-security
max-age=31536000
vary
Accept-Encoding Origin
via
1.1 0e5b4e70ed9a0ae5ed4d6c1eae368c7c.cloudfront.net (CloudFront)
x-amz-cf-id
OwIsaxCxCDy337hIJ3BsZdJVms6YrzTpefFfjRHobK7YhPi_wGjMVg==
x-amz-cf-pop
MXP63-P4
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block
/
o1067284.ingest.sentry.io/api/6289204/envelope/
0
0

twemoji.min.js
assets.merch.co/
17 KB
4 KB
Script
General
Full URL
https://assets.merch.co/twemoji.min.js
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/?redirectURL=https%3A%2F%2Ftesla.merch.co%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:3c00:6:4931:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a740dbcdaf3c5a7a5594d21684202c222c5a077f67e0c6cb89b76115431d0a3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:21 GMT
content-encoding
br
via
1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
last-modified
Mon, 09 Jan 2023 16:27:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
58144
x-amz-server-side-encryption
AES256
etag
W/"e528d769d37461a1a2460653b825c742"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
bhSndAwazUOJnu7fOIXMZkOANbprYjoZcYPvrxezUrFEA2EIYwdTew==
snippet.js
static.zdassets.com/ekr/
10 KB
5 KB
Script
General
Full URL
https://static.zdassets.com/ekr/snippet.js?key=0819307f-c5ad-4f29-9b93-e2fb93a0b97d
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/?redirectURL=https%3A%2F%2Ftesla.merch.co%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f22f6e9d4852f8be0706b62fbd0eba20f6cb56171def5e387b2d95fcd07df01
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:23 GMT
x-amz-version-id
hKEbdq289Xo7bHrM.yPFOdJ37r5nFwfe
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
TDMX7FKV107EPGGF
age
57
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-amz-id-2
mEfdnHG+4ET9FRTmDfKIS9KIphFr6cE7h0qgEQh3SSJ2Xe72azrgYiHC2WUZuGsOGb8murwKyAaI/5BNPwNdrQ==
last-modified
Wed, 09 Aug 2023 01:01:02 GMT
server
cloudflare
etag
W/"42d94c325a0b012e41f9c3907853625a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2BJ%2Bsw8CNus%2FuW55kqBX0Gwb21UrrF3qmGtI%2FAGZfSKuHlapo0Rt0V1GawVFk04vojfStZJ0EPrksCC0Iwm6JFPjix3eL4SwCVBDM%2BMCQkPjw8Apt8AD6ZYJMflDOXEBySx6RyM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=3600, s-maxage=60
cf-ray
7f8badaebd6418d9-FRA
runtime.1a3b6c2ede099875.js
auth.merch.co/
1 KB
2 KB
Script
General
Full URL
https://auth.merch.co/runtime.1a3b6c2ede099875.js
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/?redirectURL=https%3A%2F%2Ftesla.merch.co%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2249:5600:15:b275:8c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
a676cd234453abe83941cd9fed7812d49fbabbfa718b8c3bd949fd9b11835989
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://auth.merch.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 00:45:22 GMT
content-encoding
br
via
1.1 0e5b4e70ed9a0ae5ed4d6c1eae368c7c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
MXP63-P4
age
58142
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:27 GMT
server
CloudFront
etag
W/"3dfd2f97b69ab0db2ec1bcc5cd893de3"
vary
Accept-Encoding, Origin
content-type
text/javascript
access-control-allow-origin
https://auth.merch.co
x-amz-cf-id
GTiOi46aGH4p5IYO0kMj9a4Gn0GpcBGIbqBxmnp14J3S8_LnH5AiCQ==
polyfills.ada06988a220539d.js
auth.merch.co/
33 KB
13 KB
Script
General
Full URL
https://auth.merch.co/polyfills.ada06988a220539d.js
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/?redirectURL=https%3A%2F%2Ftesla.merch.co%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2249:5600:15:b275:8c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
25143af45e1dba17c73009cd4796a7f2a1e54bd97012ab82ba084c7228aa3130
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://auth.merch.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 00:45:22 GMT
content-encoding
br
via
1.1 0e5b4e70ed9a0ae5ed4d6c1eae368c7c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
MXP63-P4
age
58142
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:27 GMT
server
CloudFront
etag
W/"0b24754a83b0cd75027ffe79b0f51c21"
vary
Accept-Encoding, Origin
content-type
text/javascript
access-control-allow-origin
https://auth.merch.co
x-amz-cf-id
xRboqcuNhllhc28MQWk4w_kxHuY4c61AMJ2tF7T2XCorIaxkX6eF8g==
main.d10009e0a443a1f8.js
auth.merch.co/
1 MB
307 KB
Script
General
Full URL
https://auth.merch.co/main.d10009e0a443a1f8.js
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/?redirectURL=https%3A%2F%2Ftesla.merch.co%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2249:5600:15:b275:8c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
6cb38387ffe6682f3ac7f29b50ec1dd5b9e29b6d2c4d796f17ac7621b73c6e7d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://auth.merch.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 00:45:22 GMT
content-encoding
br
via
1.1 0e5b4e70ed9a0ae5ed4d6c1eae368c7c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
MXP63-P4
age
58142
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:27 GMT
server
CloudFront
etag
W/"dbd370885b9dbbe1e58f4bf0b9909837"
vary
Accept-Encoding, Origin
content-type
text/javascript
access-control-allow-origin
https://auth.merch.co
x-amz-cf-id
pAvqpNM97VJreMbElTLaiYViXO_aYj3fPE8ih2kg6zw2Q0JrKgkZ9A==
inter.css
auth.merch.co/assets/fonts/inter/
435 B
1 KB
Stylesheet
General
Full URL
https://auth.merch.co/assets/fonts/inter/inter.css
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/?redirectURL=https%3A%2F%2Ftesla.merch.co%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2249:5600:15:b275:8c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
9406b1a2f54860b463354533a32c95b3f64a5c4aac6033891af1619325932943
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 00:45:22 GMT
via
1.1 0e5b4e70ed9a0ae5ed4d6c1eae368c7c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
strict-transport-security
max-age=31536000
x-amz-cf-pop
MXP63-P4
age
58142
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
435
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:27 GMT
server
CloudFront
etag
"00a7a48a0d09943edb1374ceed84d72b"
vary
Accept-Encoding, Origin
content-type
text/css
accept-ranges
bytes
x-amz-cf-id
HMWBAD1Mc-Oo1dNJqCQW6MqOpLqQMVFEx_cSKV2Zdb4bJ54nH5V-FQ==
styles.b9191ed777abd6e2.css
auth.merch.co/
138 KB
17 KB
Stylesheet
General
Full URL
https://auth.merch.co/styles.b9191ed777abd6e2.css
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/?redirectURL=https%3A%2F%2Ftesla.merch.co%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2249:5600:15:b275:8c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
161423c96de78a43f810cb89e43dddb414faaf7d8460d41c230e33cbb3528376
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 00:45:22 GMT
content-encoding
br
via
1.1 0e5b4e70ed9a0ae5ed4d6c1eae368c7c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
MXP63-P4
age
58142
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:27 GMT
server
CloudFront
etag
W/"3f821ad0369113b840377bbb62867e13"
vary
Accept-Encoding, Origin
content-type
text/css
x-amz-cf-id
xfHkNJjozvTuIo5QgUnIyUR12PL_Omz6PiPXTBYS5XtCyRIUCi1YOw==
0819307f-c5ad-4f29-9b93-e2fb93a0b97d
ekr.zdassets.com/compose/
887 B
811 B
Fetch
General
Full URL
https://ekr.zdassets.com/compose/0819307f-c5ad-4f29-9b93-e2fb93a0b97d
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0819307f-c5ad-4f29-9b93-e2fb93a0b97d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ce229f2268811166f1f9d4fdabcd59a19746fa4bb5d25ea3017c07d555bc680
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:23 GMT
strict-transport-security
max-age=0
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
age
1
content-encoding
br
status
200 OK
cdn-cache-control
max-age=60
x-xss-protection
1; mode=block
x-request-id
7f7e3d4cee17fa9e-SEA, 7f7e3d4cee17fa9e-SEA
x-runtime
0.004180
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"4ce229f2268811166f1f9d4fdabcd59a"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FyYkT00rcRshU1VGoQnhUXVJ%2BoKRp%2BxSYzDHrOqjmUdsIM4u3r1v47KGMNKSYNJmq3GjwXPLQFsY4UiHKkB3H%2FExAHj%2FRYy2XQ%2FVnJBdBFNXaqDpqMUQ1XDxDXUKXU8CuDA%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary
Accept, Origin, Accept-Encoding
cache-control
max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type
application/json; charset=utf-8
x-zendesk-zorg
yes
cf-ray
7f8badaefc4d3688-FRA
Inter-roman.var.woff2
auth.merch.co/assets/fonts/inter/
222 KB
224 KB
Font
General
Full URL
https://auth.merch.co/assets/fonts/inter/Inter-roman.var.woff2?v=3.18
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/assets/fonts/inter/inter.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2249:5600:15:b275:8c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
d2d2d11234d0d74c0ed3e9727ef07ac8422cbd5b356296b0f87f679c9f74ce83
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://auth.merch.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 00:45:23 GMT
via
1.1 0e5b4e70ed9a0ae5ed4d6c1eae368c7c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
strict-transport-security
max-age=31536000
x-amz-cf-pop
MXP63-P4
age
58141
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
227688
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:27 GMT
server
CloudFront
etag
"6718c2681ffa562474407218ac0b08ae"
vary
Accept-Encoding, Origin
content-type
font/woff2
access-control-allow-origin
https://auth.merch.co
accept-ranges
bytes
x-amz-cf-id
CeyG0NxBZ1_mePbc7Mj6pBxfmQstUlkRrIFA-4KMz2r6p6rias5Pgg==
web-widget-main-1a67289.js
static.zdassets.com/web_widget/classic/latest/ Frame 65B5
921 KB
265 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1a67289.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0819307f-c5ad-4f29-9b93-e2fb93a0b97d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b83b65c2f0c60454dca3a7038c109799a8e8ccffc04c27e7586f9ecc023bcb4
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:23 GMT
x-amz-version-id
2qyVBauxoU8.RPLzvflLKppTqPP3N.6y
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
ARRPFEW30QPE2H9E
age
141218
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
r9mVseaofMEfcpXBYl4Had/tDTgF4qXax5OSPkgaCAsm+7xQcTOsKRV2RTDP/q1wMOzKIHPAYOo=
last-modified
Wed, 16 Aug 2023 07:34:04 GMT
server
cloudflare
etag
W/"9096c0a59eb5794727d5670e19568def"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZVWvVRZFsnXu2R4gwkbsQY5jUkBKNPJr1jWuHCWZy3gRuIfxAOFUbr7aMMNiGG5PyMFzSmFqhe9N7U7Xzj1Bqdou2dRWnGV26djt7gvL4w1kErm%2BN0WR85gVZGnFbnugwPCfiNw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7f8badaf2e0e18d9-FRA
expires
Thu, 15 Aug 2024 07:34:03 GMT
hotjar-2885937.js
static.hotjar.com/c/
9 KB
4 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-2885937.js?sv=6
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/main.d10009e0a443a1f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-53.fra56.r.cloudfront.net
Software
/
Resource Hash
1ecac465777aecfe109328420a94a704a60ea9102264776d1bdbe9e9c0bcf343
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:22 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
1
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
etag
W/c5219782ee04267b15b14eeb3a77ef54
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
x-amz-cf-id
6dDSPTPLvrG1dfEQ1g216ZvZtueXejbmkhxl3dPfLQ5SASaQ1RY4ZQ==
layout
api.merch.co/auth/
194 B
538 B
XHR
General
Full URL
https://api.merch.co/auth/layout?url=https://tesla.merch.co/
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/polyfills.ada06988a220539d.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.202.173.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-202-173-66.compute-1.amazonaws.com
Software
envoy / Express
Resource Hash
b653b5324b96a9f420b1707a19fe2c22a48c0b7882e64e19ac2fe4ab1180f099

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:23 GMT
server
envoy
etag
W/"c2-HEkYbAv9tFiuOV0iS3/bqsPtrno"
x-powered-by
Express
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://auth.merch.co
access-control-allow-credentials
true
x-envoy-upstream-service-time
5
content-length
194
modules.be28aa100b6c5e9c734a.js
script.hotjar.com/
223 KB
55 KB
Script
General
Full URL
https://script.hotjar.com/modules.be28aa100b6c5e9c734a.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2885937.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-122.fra56.r.cloudfront.net
Software
/
Resource Hash
b76eb0fb853247a10ef2d06dd156815be1d8ae1d5e6fc23db338968e133006ef
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 09:10:36 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P4
age
27827
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
55605
last-modified
Fri, 18 Aug 2023 09:05:29 GMT
etag
"452f7cb7245126a3677ef01e073b98fc"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
riAwhTIPEC91AAhjfuokuYxWc_Wa0ZucBfiUnPUyeg59kY1vyCimNw==
en-us-json-1a67289.js
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 65B5
25 KB
6 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-1a67289.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1a67289.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53b63be2f9ab7f75dd4702ae1f07e7bb82dbdcfb8e6df77c9f173b213c1af912
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:24 GMT
x-amz-version-id
V7mjEL3JWbS1eyGOwoLwxSYMB379kGQG
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
ARRTZ8FRKM0VB587
age
141219
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
LwgFFChxrwnR+ZxGIcgzvdcVI+wRMGlGSKnro9Zu9iQBvwJtXaroai7Lwym570kKqRhHq3g3+1c=
last-modified
Wed, 16 Aug 2023 07:34:06 GMT
server
cloudflare
etag
W/"fd692493810d22ae0ff5aca283a7a202"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OVR8RsxDpaj%2FsL%2FMKXbL4tjIGy44N5Zp8NrGIkhMelsLk49wT%2BAk1wv6v5WZLWqfHijvAau5pWv0Em3xGJJCET8JU8FwF3JPSukNMexobQvPlTj2jgbAtAoWnzyaMUPdkWybIRs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7f8badafff0118d9-FRA
expires
Thu, 15 Aug 2024 07:34:05 GMT
config
merchhelp.zendesk.com/embeddable/ Frame 65B5
514 B
695 B
Fetch
General
Full URL
https://merchhelp.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1a67289.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3423120195dbb698dc4ae0c5d21deee9a509072359dbd517ed6a44e67d097d44

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:24 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2
x-zendesk-origin-server
embeddable-app-server-7d6857c958-6cxpq
x-cached
MISS
x-request-id
7f8bada3dc1f1907-FRA
x-runtime
0.002538
last-modified
Fri, 18 Aug 2023 16:54:22 GMT
server
cloudflare
access-control-max-age
7200
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c1GNsN256lpG7r0Bq8S24b1O08FpUqG%2Fkslw9nSk5WRxy4%2BRonefYaDzbgiXjV2KWUYEYJiZSN%2B1%2B6RZJxU1GZ4lxbLLy7n%2FvZVrpfXVqI7R0z2o%2BZsIEjAPKtp4up2U6RzvX8qf9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary
Origin, Accept-Encoding
cf-ray
7f8badaffda11907-FRA
heroicons-outline.svg
auth.merch.co/assets/icons/
0
0

heroicons-outline.svg
auth.merch.co/assets/icons/
143 KB
26 KB
XHR
General
Full URL
https://auth.merch.co/assets/icons/heroicons-outline.svg
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/polyfills.ada06988a220539d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2249:5600:15:b275:8c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
8d5ace53592d08c15301f96f66ae151a9fac9b01333a7a372b9ca6027c1804fd
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 00:45:26 GMT
content-encoding
br
via
1.1 0e5b4e70ed9a0ae5ed4d6c1eae368c7c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
MXP63-P4
age
58139
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 16 Aug 2023 13:57:27 GMT
server
CloudFront
etag
W/"cf90ee7b0eb83144cbca4dc0bc3c9a65"
vary
Accept-Encoding, Origin
content-type
image/svg+xml
x-amz-cf-id
_1GQaZp6P5JcWvD3rqJ8bY2Ym0v3W177Q-YVNh8Cb5qNnxQrmjTIvQ==
f2df465c-0029-493e-9db7-e3faaea343b1.png
assets.merch.co/
47 KB
48 KB
Image
General
Full URL
https://assets.merch.co/f2df465c-0029-493e-9db7-e3faaea343b1.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:3c00:6:4931:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c9beb4f1eface6362671e13373060e5c9e766e8cc15939aaed3d78b30421c853

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 16:54:24 GMT
content-encoding
base64
via
1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
last-modified
Tue, 12 Jul 2022 14:00:30 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
58139
etag
"5685416d205acbf6ec7d3d840b9538fb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
48298
x-amz-cf-id
SsO4EKwUrZ2mwhPkeyDEm6ugP8eiGuNFN4wBwuxOqzFndxP-Dgcc-A==
/
o1067284.ingest.sentry.io/api/6289204/envelope/
41 B
60 B
Fetch
General
Full URL
https://o1067284.ingest.sentry.io/api/6289204/envelope/?sentry_key=acade202e7fe4a9188e91ae061e56d7e&sentry_version=7&sentry_client=sentry.javascript.angular%2F7.50.0
Requested by
Host: auth.merch.co
URL: https://auth.merch.co/polyfills.ada06988a220539d.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
b02003316de2614cae460f2eccceda7ac896d8ab9216f9815f898386a4b36428
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://auth.merch.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 18 Aug 2023 16:54:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
auth.merch.co
URL
https://auth.merch.co/sign-out?redirectURL=https%3A%2F%2Ftesla.merch.co%2Fwit&forceLogin=true
Domain
o1067284.ingest.sentry.io
URL
https://o1067284.ingest.sentry.io/api/6289204/envelope/?sentry_key=acade202e7fe4a9188e91ae061e56d7e&sentry_version=7&sentry_client=sentry.javascript.angular%2F7.50.0
Domain
auth.merch.co
URL
https://auth.merch.co/assets/icons/heroicons-outline.svg

Verdicts & Comments Add Verdict or Comment

178 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| documentPictureInPicture object| twemoji object| zEWebpackACJsonp function| zE function| zEmbed object| webpackChunkauthentication function| Zone function| __zone_symbol__Promise function| __zone_symbol__fetch function| __zone_symbol__queueMicrotask function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforexrselectpatched boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextlostpatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__ononcontextrestoredpatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__ononformdatapatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononsecuritypolicyviolationpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononslotchangepatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointerrawupdatepatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononmessageerrorpatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononbeforematchpatched boolean| __zone_symbol__ononbeforetogglepatched boolean| __zone_symbol__ononcontentvisibilityautostatechangepatched boolean| __zone_symbol__ononscrollendpatched boolean| zEACLoaded object| __SENTRY__ function| __zone_symbol__ON_PROPERTYerror object| __zone_symbol__errorfalse function| __zone_symbol__ON_PROPERTYunhandledrejection object| __zone_symbol__unhandledrejectionfalse object| __zone_symbol__visibilitychangetrue object| __zone_symbol__pagehidetrue object| __zone_symbol__keydowntrue object| __zone_symbol__clicktrue function| __zone_symbol__ON_PROPERTYpopstate object| __zone_symbol__popstatefalse object| __zone_symbol__resizefalse object| __zone_symbol__orientationchangefalse object| __zone_symbol__hashchangefalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| __zone_symbol__pagehidefalse object| __zone_symbol__beforeunloadfalse function| $zopim object| __zone_symbol__focusfalse function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

8 Cookies

Domain/Path Name / Value
.merch.co/ Name: _hjSessionUser_2881196
Value: eyJpZCI6IjU2YzVlZWMwLTM4YjgtNTZkNC04NWM3LWI5ZWNkNTg1YTJjZCIsImNyZWF0ZWQiOjE2OTIzNzc2NjI3MTgsImV4aXN0aW5nIjpmYWxzZX0=
.merch.co/ Name: _hjFirstSeen
Value: 1
.merch.co/ Name: _hjIncludedInSessionSample_2881196
Value: 0
.merch.co/ Name: _hjSession_2881196
Value: eyJpZCI6IjFjMDBmYWIwLTg4ZjAtNDUzYS1hODI3LTMzMWE4MjVmMzc5OSIsImNyZWF0ZWQiOjE2OTIzNzc2NjI3MjcsImluU2FtcGxlIjpmYWxzZX0=
.merch.co/ Name: _hjAbsoluteSessionInProgress
Value: 1
.merch.co/ Name: _hjIncludedInSessionSample_2885937
Value: 0
.merch.co/ Name: _hjSession_2885937
Value: eyJpZCI6ImQ2N2JiMjc2LTBlYTYtNDAzNC1hZDE5LThjNzllYzJkOTk5NSIsImNyZWF0ZWQiOjE2OTIzNzc2NjI3NDAsImluU2FtcGxlIjpmYWxzZX0=
.merch.co/ Name: _hjSessionUser_2885937
Value: eyJpZCI6IjQ5OGEwNDFjLWYwZmItNTk4MS04MmRkLTAwYzRiYzA3M2VhOSIsImNyZWF0ZWQiOjE2OTIzNzc2NjI3MzgsImV4aXN0aW5nIjp0cnVlfQ==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net; style-src 'self' *.merch.co twemoji.maxcdn.com *.stripe.com *.zdassets.com *.zendesk.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.hotjar.com fonts.gstatic.com *.zdassets.com *.stripe.com *.zendesk.com; img-src 'self' blob: data: https: *.zdassets.com *.zendesk.com *.stripe.com; frame-ancestors *.printful.com *.merch.co; worker-src 'self' 'unsafe-inline' *.printful.com; script-src 'self' 'self' 'unsafe-inline' ws: *.hotjar.io *.hotjar.com *.printful.com *.sentry.io *.stripe.com *.merch.co *.zdassets.com *.zendesk.com twemoji.maxcdn.com blob: *.algolianet.com *.algolia.net;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.merch.co
assets.merch.co
auth.merch.co
ekr.zdassets.com
merchhelp.zendesk.com
o1067284.ingest.sentry.io
script.hotjar.com
static.hotjar.com
static.zdassets.com
tesla.merch.co
vc.hotjar.io
auth.merch.co
o1067284.ingest.sentry.io
104.16.53.111
104.18.70.113
18.66.112.19
18.66.97.53
2600:9000:2249:5600:15:b275:8c40:93a1
2600:9000:225e:9600:1c:a56d:61c0:93a1
2600:9000:236e:3c00:6:4931:c780:93a1
34.120.195.249
52.202.173.66
52.222.236.122
0b2eaee5d588e65783286cefff81feef0a2db2fda1cdcb11dfe2cd852857fcc6
161423c96de78a43f810cb89e43dddb414faaf7d8460d41c230e33cbb3528376
16ace237dbd5d48d7d074779f7d51f2a6af3c400da6135e141c8f1245669b587
1ecac465777aecfe109328420a94a704a60ea9102264776d1bdbe9e9c0bcf343
25143af45e1dba17c73009cd4796a7f2a1e54bd97012ab82ba084c7228aa3130
3423120195dbb698dc4ae0c5d21deee9a509072359dbd517ed6a44e67d097d44
3a9a04bb0c1ef156e3f3734d72c0112392e63bda240008b05105c83237ea0ac5
4054c224e5090b864df5132d71d3268f4d493489ceb420cf1513b77bdfc2f2ca
4ce229f2268811166f1f9d4fdabcd59a19746fa4bb5d25ea3017c07d555bc680
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
53b63be2f9ab7f75dd4702ae1f07e7bb82dbdcfb8e6df77c9f173b213c1af912
5e4d7873d7b4fefd85dd1f8960c389721a7a4d69744ea4f4769cc57e44efd2b8
5ed8ed5a767dcf3f2a8d69b7830bee5e4ce75b0bb391d244f8103119c516fa72
60094d0e5af01612c542bd5cae09aa9e9e3397490faf7c1e0b5cf770bfb7ae48
6b83b65c2f0c60454dca3a7038c109799a8e8ccffc04c27e7586f9ecc023bcb4
6cb38387ffe6682f3ac7f29b50ec1dd5b9e29b6d2c4d796f17ac7621b73c6e7d
8502c227a4d3367b712c1e8e2a2c2e99cf0775d6f2e9be43abec270ea893b9e1
8d5ace53592d08c15301f96f66ae151a9fac9b01333a7a372b9ca6027c1804fd
9406b1a2f54860b463354533a32c95b3f64a5c4aac6033891af1619325932943
9f22f6e9d4852f8be0706b62fbd0eba20f6cb56171def5e387b2d95fcd07df01
9fe9794fd4d835e2281ade68170e17ae12a1da4413fcf721091e066574028f36
a676cd234453abe83941cd9fed7812d49fbabbfa718b8c3bd949fd9b11835989
a740dbcdaf3c5a7a5594d21684202c222c5a077f67e0c6cb89b76115431d0a3f
b010bc750ef65967355f000d34be188c5faf80a8a6a81d6f061488ebbf61fa7b
b02003316de2614cae460f2eccceda7ac896d8ab9216f9815f898386a4b36428
b1f9a11385153eccb8a93ada228b62bcb97277e7cc8aacc8dfc981536e91ebd5
b653b5324b96a9f420b1707a19fe2c22a48c0b7882e64e19ac2fe4ab1180f099
b76eb0fb853247a10ef2d06dd156815be1d8ae1d5e6fc23db338968e133006ef
c9beb4f1eface6362671e13373060e5c9e766e8cc15939aaed3d78b30421c853
d2d2d11234d0d74c0ed3e9727ef07ac8422cbd5b356296b0f87f679c9f74ce83
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855