Submitted URL: https://pvc7kqsl.r.us-east-1.awstrack.me/L0/https://sendy.fullstack.io/l/d0dblLcbD1Dtea2uK2WW7w/j7wYcyi1iBHorXsBonW8dA/p4URVgdbNxp8bgMsAD...
Effective URL: https://app.gumroad.com/checkout?action=show&controller=links&format=html&id=ngbook-two-full&price=7900&product=ZTpNg&re...
Submission: On December 16 via api from PT — Scanned from US

Summary

This website contacted 13 IPs in 3 countries across 11 domains to perform 44 HTTP transactions. The main IP is 2606:4700::6811:b062, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.gumroad.com. The Cisco Umbrella rank of the primary domain is 171990.
TLS certificate: Issued by E5 on December 14th 2024. Valid for: 3 months.
This is the only time app.gumroad.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 3.210.92.218 14618 (AMAZON-AES)
1 1 104.21.80.1 13335 (CLOUDFLAR...)
1 21 104.17.176.98 13335 (CLOUDFLAR...)
2 3 2606:4700::68... 13335 (CLOUDFLAR...)
4 104.18.243.99 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 142.251.40.228 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
1 151.101.64.176 54113 (FASTLY)
2 31.13.80.12 32934 (FACEBOOK)
6 52.85.61.77 16509 (AMAZON-02)
1 31.13.80.36 32934 (FACEBOOK)
1 2607:f8b0:400... 15169 (GOOGLE)
44 13
Apex Domain
Subdomains
Transfer
28 gumroad.com
gumroad.com — Cisco Umbrella Rank: 76487
app.gumroad.com — Cisco Umbrella Rank: 171990
fullstack.gumroad.com
assets.gumroad.com — Cisco Umbrella Rank: 132957
public-files.gumroad.com — Cisco Umbrella Rank: 157708
2 MB
7 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1073
166 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 3
1001 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 192
75 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
148 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 36
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 120
1 gstatic.com
www.gstatic.com
216 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 617
7 KB
1 fullstack.io
sendy.fullstack.io
549 B
1 awstrack.me
pvc7kqsl.r.us-east-1.awstrack.me
211 B
44 11
Domain Requested by
12 assets.gumroad.com app.gumroad.com
assets.gumroad.com
7 public-files.gumroad.com
7 js.stripe.com assets.gumroad.com
js.stripe.com
7 app.gumroad.com 1 redirects app.gumroad.com
assets.gumroad.com
static.cloudflareinsights.com
3 www.google.com app.gumroad.com
www.gstatic.com
2 connect.facebook.net assets.gumroad.com
connect.facebook.net
2 www.googletagmanager.com assets.gumroad.com
www.googletagmanager.com
1 www.google-analytics.com www.googletagmanager.com
1 www.facebook.com connect.facebook.net
1 www.gstatic.com www.google.com
1 static.cloudflareinsights.com app.gumroad.com
1 fullstack.gumroad.com 1 redirects
1 gumroad.com 1 redirects
1 sendy.fullstack.io 1 redirects
1 pvc7kqsl.r.us-east-1.awstrack.me 1 redirects
44 15

This site contains links to these domains. Also see Links.

Domain
gumroad.com
fullstack.gumroad.com
Subject Issuer Validity Valid
gumroad.com
E5
2024-12-14 -
2025-03-14
3 months crt.sh
cloudflareinsights.com
WE1
2024-11-01 -
2025-01-30
3 months crt.sh
*.google.com
WR2
2024-11-04 -
2025-01-27
3 months crt.sh
*.gstatic.com
WR2
2024-11-04 -
2025-01-27
3 months crt.sh
*.google-analytics.com
WR2
2024-11-04 -
2025-01-27
3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA
2024-12-12 -
2025-04-10
4 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-09-24 -
2024-12-23
3 months crt.sh

This page contains 9 frames:

Primary Page: https://app.gumroad.com/checkout?action=show&controller=links&format=html&id=ngbook-two-full&price=7900&product=ZTpNg&rent=false&utm_campaign=ngb_pitch_20200211&utm_content=l5&utm_medium=email&utm_source=newline&wanted=true
Frame ID: E65E181FD715A675B14753966448080A
Requests: 39 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdEheQUAAAAAINzKrEKlLA9RCYb_17LVAl9LCdy&co=aHR0cHM6Ly9hcHAuZ3Vtcm9hZC5jb206NDQz&hl=en&v=pPK749sccDmVW_9DSeTMVvh2&size=invisible&cb=54jbv32f7fa9
Frame ID: 1BB74551A99A52E09D10601D8E6CA892
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-5276f765afdc5378dd4b3de1c994ccd3.html
Frame ID: 177C1BEB93D87DEB38E9346D3B61C785
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-google-pay-297654697a16ede0041bbaa12fa590c6.html
Frame ID: 4F981955EC04E30B590F7198B67ED208
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-browser-cb1d8c1c01606a7ad1b9e3a8f8e5044e.html
Frame ID: 2A399AB35242C536E471327BF82A4720
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-card-e6bb1d07737ec8f171786f381f4d7846.html
Frame ID: B2BC21B229A8605AB9D50BF26C8C30C2
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/link-modal-inner-aef0d4b64ce6c2758bdb59bb5ce5a4cb.html
Frame ID: 09A02CC3E449BA739C1BAB60625823EF
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=pPK749sccDmVW_9DSeTMVvh2&k=6LdEheQUAAAAAINzKrEKlLA9RCYb_17LVAl9LCdy
Frame ID: 96B44E01AEB6D274B9F044764E1BACD1
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/hcaptcha-invisible-b0b185c2af213531b80be390cd58d159.html
Frame ID: B9B22BD11C727BCA45DB432EEC91CBBF
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Gumroad

Page URL History Show full URLs

  1. https://pvc7kqsl.r.us-east-1.awstrack.me/L0/https://sendy.fullstack.io/l/d0dblLcbD1Dtea2uK2WW7w/j7wYcyi1iBHorXsBonW8d... HTTP 302
    https://sendy.fullstack.io/l/d0dblLcbD1Dtea2uK2WW7w/j7wYcyi1iBHorXsBonW8dA/p4URVgdbNxp8bgMsADihIw HTTP 302
    https://gumroad.com/l/ngbook-two-full?wanted=true&utm_source=newline&utm_medium=email&utm_campai... HTTP 301
    https://app.gumroad.com/l/ngbook-two-full?wanted=true&utm_source=newline&utm_medium=email&utm_campai... HTTP 301
    https://fullstack.gumroad.com/l/ngbook-two-full?wanted=true&utm_source=newline&utm_medium=email&utm_campai... HTTP 302
    https://app.gumroad.com/checkout?action=show&controller=links&format=html&id=ngbook-two-full&price=7... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

44
Requests

98 %
HTTPS

36 %
IPv6

11
Domains

15
Subdomains

13
IPs

3
Countries

2403 kB
Transfer

5375 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://pvc7kqsl.r.us-east-1.awstrack.me/L0/https://sendy.fullstack.io/l/d0dblLcbD1Dtea2uK2WW7w/j7wYcyi1iBHorXsBonW8dA/p4URVgdbNxp8bgMsADihIw/1/01000193caaf4f3a-afbba584-0d34-46f0-b4b8-63b67b6798a1-000000/pHJYwUH1sxJw5ZoAW-JoCQPaX7Y=404 HTTP 302
    https://sendy.fullstack.io/l/d0dblLcbD1Dtea2uK2WW7w/j7wYcyi1iBHorXsBonW8dA/p4URVgdbNxp8bgMsADihIw HTTP 302
    https://gumroad.com/l/ngbook-two-full?wanted=true&utm_source=newline&utm_medium=email&utm_campaign=ngb_pitch_20200211&utm_content=l5 HTTP 301
    https://app.gumroad.com/l/ngbook-two-full?wanted=true&utm_source=newline&utm_medium=email&utm_campaign=ngb_pitch_20200211&utm_content=l5 HTTP 301
    https://fullstack.gumroad.com/l/ngbook-two-full?wanted=true&utm_source=newline&utm_medium=email&utm_campaign=ngb_pitch_20200211&utm_content=l5 HTTP 302
    https://app.gumroad.com/checkout?action=show&controller=links&format=html&id=ngbook-two-full&price=7900&product=ZTpNg&rent=false&utm_campaign=ngb_pitch_20200211&utm_content=l5&utm_medium=email&utm_source=newline&wanted=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request checkout
app.gumroad.com/
Redirect Chain
  • https://pvc7kqsl.r.us-east-1.awstrack.me/L0/https://sendy.fullstack.io/l/d0dblLcbD1Dtea2uK2WW7w/j7wYcyi1iBHorXsBonW8dA/p4URVgdbNxp8bgMsADihIw/1/01000193caaf4f3a-afbba584-0d34-46f0-b4b8-63b67b6798a1...
  • https://sendy.fullstack.io/l/d0dblLcbD1Dtea2uK2WW7w/j7wYcyi1iBHorXsBonW8dA/p4URVgdbNxp8bgMsADihIw
  • https://gumroad.com/l/ngbook-two-full?wanted=true&utm_source=newline&utm_medium=email&utm_campaign=ngb_pitch_20200211&utm_content=l5
  • https://app.gumroad.com/l/ngbook-two-full?wanted=true&utm_source=newline&utm_medium=email&utm_campaign=ngb_pitch_20200211&utm_content=l5
  • https://fullstack.gumroad.com/l/ngbook-two-full?wanted=true&utm_source=newline&utm_medium=email&utm_campaign=ngb_pitch_20200211&utm_content=l5
  • https://app.gumroad.com/checkout?action=show&controller=links&format=html&id=ngbook-two-full&price=7900&product=ZTpNg&rent=false&utm_campaign=ngb_pitch_20200211&utm_content=l5&utm_medium=email&utm_...
13 KB
8 KB
Document
General
Full URL
https://app.gumroad.com/checkout?action=show&controller=links&format=html&id=ngbook-two-full&price=7900&product=ZTpNg&rent=false&utm_campaign=ngb_pitch_20200211&utm_content=l5&utm_medium=email&utm_source=newline&wanted=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b062 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6faaebe24657c56a1bb634619ec985ee276d8b1be178ecd8d9937420f608015c
Security Headers
Name Value
Content-Security-Policy default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly helper.ai app.gumroad.com assets.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com helper.ai unpkg.com/@lottiefiles/lottie-player@latest/ app.gumroad.com assets.gumroad.com 'nonce-MsLxlbWQlqAm/gbivk/q/IAKil/F8orrplKU/DULZUA=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com fonts.googleapis.com assets.gumroad.com; worker-src * data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=0, private, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8f2ac7c38f6ca4e0-MIA
content-encoding
br
content-security-policy
default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly helper.ai app.gumroad.com assets.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com helper.ai unpkg.com/@lottiefiles/lottie-player@latest/ app.gumroad.com assets.gumroad.com 'nonce-MsLxlbWQlqAm/gbivk/q/IAKil/F8orrplKU/DULZUA=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com fonts.googleapis.com assets.gumroad.com; worker-src * data: blob:
content-type
text/html; charset=utf-8
date
Mon, 16 Dec 2024 01:08:06 GMT
link
<https://assets.gumroad.com/packs/css/4977-0be3abc7.css>; rel=preload; as=style; crossorigin=anonymous; nopush,<https://assets.gumroad.com/packs/css/design-a394da1f.css>; rel=preload; as=style; crossorigin=anonymous; nopush,<https://assets.gumroad.com/assets/application-cbf244e9109e70d7b04497041636f00173a1e588f9b879b3a3ef11f8dfb86e5c.js>; rel=preload; as=script; nopush
server
cloudflare
server-timing
cfCacheStatus;desc="DYNAMIC"
strict-transport-security
max-age=31536000
vary
Origin
x-content-type-options
nosniff
x-download-options
noopen
x-gr
PROD
x-permitted-cross-domain-policies
none
x-request-id
bf33add2-7f22-486d-9ae8-9b3029a115af
x-revision
060b7317a15d
x-runtime
0.035188
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8f2ac7c29de7a4e0-MIA
content-security-policy
default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly helper.ai app.gumroad.com assets.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com helper.ai unpkg.com/@lottiefiles/lottie-player@latest/ app.gumroad.com assets.gumroad.com; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com fonts.googleapis.com assets.gumroad.com; worker-src * data: blob:
content-type
text/html; charset=utf-8
date
Mon, 16 Dec 2024 01:08:06 GMT
location
https://app.gumroad.com/checkout?action=show&controller=links&format=html&id=ngbook-two-full&price=7900&product=ZTpNg&rent=false&utm_campaign=ngb_pitch_20200211&utm_content=l5&utm_medium=email&utm_source=newline&wanted=true
server
cloudflare
server-timing
cfCacheStatus;desc="DYNAMIC"
vary
Origin
x-content-type-options
nosniff
x-download-options
noopen
x-gr
PROD
x-permitted-cross-domain-policies
none
x-request-id
066b7d75-6b01-4e79-a3c9-61a29597d790
x-revision
060b7317a15d
x-runtime
0.050465
x-xss-protection
1; mode=block
4977-0be3abc7.css
assets.gumroad.com/packs/css/
39 KB
7 KB
Stylesheet
General
Full URL
https://assets.gumroad.com/packs/css/4977-0be3abc7.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.243.99 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
df6f5f2656da39e29ff5e0a4c21ae98fd3683a860033dda09f1d44d81a01778c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://app.gumroad.com
Referer
https://app.gumroad.com/

Response headers

access-control-max-age
3000
access-control-expose-headers
ETag, Accept-Ranges, Content-Encoding, Content-Length, Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"892f2257a055b78d6fb9e942136b76a9"
age
100655
access-control-allow-methods
GET
expires
Tue, 16 Dec 2025 01:08:06 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
tWIB0hRT0I6mMHRUFd5WyDk84D8FHujg3p2jV5tCpgcATP1OtpoyPA==
date
Mon, 16 Dec 2024 01:08:06 GMT
content-type
text/css
last-modified
Sat, 14 Dec 2024 20:44:53 GMT
vary
Origin, Accept-Encoding
priority
u=0,i=?0
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 00980881c14af16ba44a5b402a52c1fc.cloudfront.net (CloudFront)
cf-ray
8f2ac7c4dfbfda1f-MIA
access-control-allow-origin
*
x-amz-cf-pop
SFO53-P5
server
cloudflare
x-amz-server-side-encryption
AES256
design-a394da1f.css
assets.gumroad.com/packs/css/
262 KB
59 KB
Stylesheet
General
Full URL
https://assets.gumroad.com/packs/css/design-a394da1f.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.243.99 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b6599954ca4fcbf1bf67631d857b5d618df0968b69233a6e3037e03febf441c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://app.gumroad.com
Referer
https://app.gumroad.com/

Response headers

access-control-max-age
3000
access-control-expose-headers
ETag, Accept-Ranges, Content-Encoding, Content-Length, Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"7b8d04b5a0b00c0774a06b9b3a55d2c6"
age
446312
access-control-allow-methods
GET
expires
Tue, 16 Dec 2025 01:08:06 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
pT1VJTCj7eFBzuem0W5Ne9w_ERaINewQ4tFzKXVjzNfz8lXIvRiFmg==
date
Mon, 16 Dec 2024 01:08:06 GMT
content-type
text/css
last-modified
Tue, 10 Dec 2024 20:43:46 GMT
vary
Origin, Accept-Encoding
priority
u=0,i=?0
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 cf27d6b2e9dabf97f8e3a42968a23856.cloudfront.net (CloudFront)
cf-ray
8f2ac7c4dfbeda1f-MIA
access-control-allow-origin
*
x-amz-cf-pop
SFO53-P5
server
cloudflare
x-amz-server-side-encryption
AES256
application-cbf244e9109e70d7b04497041636f00173a1e588f9b879b3a3ef11f8dfb86e5c.js
assets.gumroad.com/assets/
106 KB
38 KB
Script
General
Full URL
https://assets.gumroad.com/assets/application-cbf244e9109e70d7b04497041636f00173a1e588f9b879b3a3ef11f8dfb86e5c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f649f09785ce519f13a7276843df4bb718e27d17d5f8477e5eecdaa9135c1b11

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"3a0bda30ac6db6c82afddd80c7aec986"
age
1099285
expires
Tue, 16 Dec 2025 01:08:06 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
YP0rBe02zOSRVc53S4BOFsv_lzpZsk5QYpRh6iFXVycYuq7ICnfazw==
date
Mon, 16 Dec 2024 01:08:06 GMT
content-type
application/javascript
last-modified
Thu, 31 Oct 2024 21:35:53 GMT
vary
Accept-Encoding
priority
u=1,i=?0
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 773f6821b053a13ecc63d604feb07cb4.cloudfront.net (CloudFront)
cf-ray
8f2ac7c49b485c6f-MIA
x-amz-cf-pop
SFO53-P5
server
cloudflare
x-amz-server-side-encryption
AES256
rocket-loader.min.js
app.gumroad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/
12 KB
4 KB
Script
General
Full URL
https://app.gumroad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: app.gumroad.com
URL: https://app.gumroad.com/checkout?action=show&controller=links&format=html&id=ngbook-two-full&price=7900&product=ZTpNg&rent=false&utm_campaign=ngb_pitch_20200211&utm_content=l5&utm_medium=email&utm_source=newline&wanted=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/checkout?action=show&controller=links&format=html&id=ngbook-two-full&price=7900&product=ZTpNg&rent=false&utm_campaign=ngb_pitch_20200211&utm_content=l5&utm_medium=email&utm_source=newline&wanted=true

Response headers

cache-control
max-age=172800, public
content-encoding
gzip
etag
W/"675318bd-302c"
x-content-type-options
nosniff
cf-ray
8f2ac7c4bc7d2281-MIA
expires
Wed, 18 Dec 2024 01:08:06 GMT
date
Mon, 16 Dec 2024 01:08:06 GMT
content-type
application/javascript
last-modified
Fri, 06 Dec 2024 15:31:09 GMT
vary
Accept-Encoding
server
cloudflare
x-frame-options
DENY
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/
19 KB
7 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: app.gumroad.com
URL: https://app.gumroad.com/checkout?action=show&controller=links&format=html&id=ngbook-two-full&price=7900&product=ZTpNg&rent=false&utm_campaign=ngb_pitch_20200211&utm_content=l5&utm_medium=email&utm_source=newline&wanted=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://app.gumroad.com
Referer
https://app.gumroad.com/

Response headers

cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"2024.6.1"
cross-origin-resource-policy
cross-origin
cf-ray
8f2ac7c52fe07bf9-MIA
access-control-allow-origin
*
date
Mon, 16 Dec 2024 01:08:06 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
vary
Accept-Encoding
server
cloudflare
checkout-ba07e789ad64421c57b8.js
assets.gumroad.com/packs/js/
323 B
668 B
Script
General
Full URL
https://assets.gumroad.com/packs/js/checkout-ba07e789ad64421c57b8.js
Requested by
Host: app.gumroad.com
URL: https://app.gumroad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ee9a64b382c579c9880abbba138c213166acc6f33d239232a35fae4e0ae7c3e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"50aa9890d01dbd586099e7fa6a0a2fd2"
age
3585217
expires
Tue, 16 Dec 2025 01:08:06 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
7zPg2qAYF7tZIDrtJVhG91h2tRDPEqjij1_DfUq8l9vxY0HxCOKR1Q==
date
Mon, 16 Dec 2024 01:08:06 GMT
content-type
application/javascript
last-modified
Tue, 22 Oct 2024 16:10:50 GMT
vary
Accept-Encoding
priority
u=1,i=?0
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 7686ec44f6fa46e832c73ad9c040ca32.cloudfront.net (CloudFront)
cf-ray
8f2ac7c5bce95c6f-MIA
x-amz-cf-pop
SFO53-P5
server
cloudflare
x-amz-server-side-encryption
AES256
8611-0c8bddab761016b4b6fa.js
assets.gumroad.com/packs/js/
61 KB
15 KB
Script
General
Full URL
https://assets.gumroad.com/packs/js/8611-0c8bddab761016b4b6fa.js
Requested by
Host: app.gumroad.com
URL: https://app.gumroad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7fd5e185c7416915164c6fe596c33c46779af90c4691a7897bc9292d5dfce76

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"077b9310f80c97fcc2f8fcfef95bd974"
age
1972
expires
Tue, 16 Dec 2025 01:08:06 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
TMdBAryKLWEto1mXZyuKnwEnIbBvmTn56fpc2u5Jebqhntimpf-a-w==
date
Mon, 16 Dec 2024 01:08:06 GMT
content-type
application/javascript
last-modified
Mon, 16 Dec 2024 00:10:58 GMT
vary
Accept-Encoding
priority
u=1,i=?0
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 7ebf86def0385a427d4375fd043f4f94.cloudfront.net (CloudFront)
cf-ray
8f2ac7c5bcec5c6f-MIA
x-amz-cf-pop
SFO53-P5
server
cloudflare
x-amz-server-side-encryption
AES256
webpack-commons-37b4edea8b7158282bc7.js
assets.gumroad.com/packs/js/
0
0

webpack-runtime-cff610a8f9e7696a32ce.js
assets.gumroad.com/packs/js/
3 KB
2 KB
Script
General
Full URL
https://assets.gumroad.com/packs/js/webpack-runtime-cff610a8f9e7696a32ce.js
Requested by
Host: app.gumroad.com
URL: https://app.gumroad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4005a4a7adc1337dd0a4f7bb1705f7b285f84747cc71206c196b852f85c55f74

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"5c741fc51dca22e29857e458cbbfc53c"
age
446311
expires
Tue, 16 Dec 2025 01:08:06 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
YYC1mdsiGDpUGMFuMPZBs59-0IHG7zHGPqqC7JGtSngf_tBNs8SY6g==
date
Mon, 16 Dec 2024 01:08:06 GMT
content-type
application/javascript
last-modified
Tue, 10 Dec 2024 20:46:42 GMT
vary
Accept-Encoding
priority
u=1,i=?0
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 60e55687f4f0ad988a569a499b543a0e.cloudfront.net (CloudFront)
cf-ray
8f2ac7c5bcf05c6f-MIA
x-amz-cf-pop
SFO53-P5
server
cloudflare
x-amz-server-side-encryption
AES256
enterprise.js
www.google.com/recaptcha/
1 KB
1001 B
Script
General
Full URL
https://www.google.com/recaptcha/enterprise.js?render=explicit
Requested by
Host: app.gumroad.com
URL: https://app.gumroad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.228 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f4.1e100.net
Software
ESF /
Resource Hash
4d1b30595c8b50ec931aea5fbb97918c82604cbd27ef299d58d89eca85b6d423
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Mon, 16 Dec 2024 01:08:06 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date
Mon, 16 Dec 2024 01:08:06 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
pink-icon-c5f5013768a1da41246e70403f02afc8b34ac89c20f3ba2dd0a01f3973027700.png
assets.gumroad.com/assets/
1 KB
2 KB
Other
General
Full URL
https://assets.gumroad.com/assets/pink-icon-c5f5013768a1da41246e70403f02afc8b34ac89c20f3ba2dd0a01f3973027700.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b432856fdc60a4e677ad282e524cb12dc4bdf90db4334e5857073de41c827d98

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

cf-bgj
imgq:85,h2pri
etag
"2c68031a95dd62671f631107705ac884"
age
1459318
cf-cache-status
HIT
expires
Tue, 16 Dec 2025 01:08:06 GMT
cf-polished
origFmt=png, origSize=1491
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
kFfoo6QPUmfQJ7eKdoVUBsJnaxOkf8iRUykRQWZ1yzLx6PppxoRnAA==
date
Mon, 16 Dec 2024 01:08:06 GMT
content-type
image/webp
content-disposition
inline; filename="pink-icon-c5f5013768a1da41246e70403f02afc8b34ac89c20f3ba2dd0a01f3973027700.webp"
vary
Accept
last-modified
Thu, 10 Oct 2024 15:27:55 GMT
priority
u=1,i
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 15db3cca810568aab246ba24fafd371a.cloudfront.net (CloudFront)
cf-ray
8f2ac7c5cd0f5c6f-MIA
accept-ranges
bytes
content-length
1048
x-amz-cf-pop
SFO53-P5
server
cloudflare
x-amz-server-side-encryption
AES256
recaptcha__en.js
www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/
547 KB
216 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
73dd640564004ec8730e7f3433b9dfaa6876ac3a27e6964a17834f07f6d56116
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://app.gumroad.com
Referer
https://app.gumroad.com/

Response headers

content-encoding
gzip
age
105730
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Sun, 14 Dec 2025 19:45:57 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 14 Dec 2024 19:45:57 GMT
last-modified
Mon, 11 Nov 2024 05:00:22 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
220753
x-xss-protection
0
server
sffe
webpack-commons-37b4edea8b7158282bc7.js
assets.gumroad.com/packs/js/
2 MB
566 KB
Script
General
Full URL
https://assets.gumroad.com/packs/js/webpack-commons-37b4edea8b7158282bc7.js
Requested by
Host: app.gumroad.com
URL: https://app.gumroad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4963b11885de84dc80d621f86237fef35e110cfabc8ce96335487c2e16ac047

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"fb7b11457b88226a10e180cf735d5bc9"
age
1982
expires
Tue, 16 Dec 2025 01:08:06 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
MfJVCeDXTHpCvJT-_eduqYnyGBFYMeF6iCMoq2N8MobwzSdvIx0y3A==
date
Mon, 16 Dec 2024 01:08:06 GMT
content-type
application/javascript
last-modified
Mon, 16 Dec 2024 00:13:13 GMT
vary
Accept-Encoding
priority
u=3,i=?0
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 3c65c8de2d2443b1201cd33d859d8db0.cloudfront.net (CloudFront)
cf-ray
8f2ac7c70f0d5c6f-MIA
x-amz-cf-pop
SFO53-P5
server
cloudflare
x-amz-server-side-encryption
AES256
js
www.googletagmanager.com/gtag/
138 KB
53 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js
Requested by
Host: assets.gumroad.com
URL: https://assets.gumroad.com/packs/js/webpack-commons-37b4edea8b7158282bc7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
16669ddda8f925f37c9a6c9a5fed1d06e4e288702c612ad28b074ef20b3ee57a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 16 Dec 2024 01:08:07 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 16 Dec 2024 00:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
53536
x-xss-protection
0
server
Google Tag Manager
v3
js.stripe.com/
692 KB
166 KB
Script
General
Full URL
https://js.stripe.com/v3
Requested by
Host: assets.gumroad.com
URL: https://assets.gumroad.com/packs/js/webpack-commons-37b4edea8b7158282bc7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
bde6d5fb61a996e7934ade68f22c8f9b1d8576f6fef15cc93f625f6b762241b1
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

x-request-id
3713a6d5-ce0e-4bbb-8d7c-f176ce508433
content-encoding
br
etag
"3e9e610d0a0384c7524e78304f48af93"
age
15
x-content-type-options
nosniff
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Mon, 16 Dec 2024 01:08:07 GMT
last-modified
Fri, 13 Dec 2024 21:45:35 GMT
content-type
text/javascript; charset=utf-8
x-served-by
cache-mia-kmia1760030-MIA
x-cache-hits
10
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=60
timing-allow-origin
*
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
168989
server
Fastly
bdd9bd6d88896bf1d116.woff2
assets.gumroad.com/packs/static/
32 KB
32 KB
Font
General
Full URL
https://assets.gumroad.com/packs/static/bdd9bd6d88896bf1d116.woff2
Requested by
Host: assets.gumroad.com
URL: https://assets.gumroad.com/packs/css/design-a394da1f.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.243.99 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bae54329217082cbe6014e951e2ec57403bf7277b4dbd0989af50b9454aba0b9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://app.gumroad.com
Referer
https://assets.gumroad.com/packs/css/design-a394da1f.css

Response headers

access-control-max-age
3000
access-control-expose-headers
ETag, Accept-Ranges, Content-Encoding, Content-Length, Content-Range
cf-cache-status
HIT
etag
"9786cb1547c85dab57191665c33613c3"
age
1535194
access-control-allow-methods
GET
expires
Tue, 16 Dec 2025 01:08:07 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
wHQqLg2HUgaOhpbUVPImhMtkvmCkpync7O2VK-YMdbm06xNE9BqBNg==
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
binary/octet-stream
last-modified
Fri, 15 Nov 2024 05:29:25 GMT
vary
Origin, Accept-Encoding
priority
u=0,i=?0
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 3c07393070825e432329283f07a9d994.cloudfront.net (CloudFront)
cf-ray
8f2ac7c88cf2da1f-MIA
accept-ranges
bytes
access-control-allow-origin
*
content-length
32428
x-amz-cf-pop
SFO53-P5
server
cloudflare
x-amz-server-side-encryption
AES256
sdk.js
connect.facebook.net/en_US/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: assets.gumroad.com
URL: https://assets.gumroad.com/assets/application-cbf244e9109e70d7b04497041636f00173a1e588f9b879b3a3ef11f8dfb86e5c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.80.12 Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-yyz1.fbcdn.net
Software
/
Resource Hash
5206b063a33382ab0b387909b601ef85f9b3f5c4e1efad74fdd47338225c78bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

content-md5
OjCpv9R9KPtl9ew+eqeZFg==
access-control-expose-headers
X-FB-Content-MD5
content-encoding
gzip
etag
"1229b99483e43d0ea71d5d191ee4ccbc"
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Mon, 16 Dec 2024 01:25:15 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5
8ec635c9c5f5ac1fa7f94a58692a752b
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
GOOD; q=0.7, rtt=65, rtx=0, c=23, mss=1232, tbw=4469, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug
4D3vjR8fg/KXlB2KdxHABDdJBj9VCXDL8TYHKSuYGYct7iXjaltdjI88vgByk/uYaeVV+4R+DGsC0cgt7tE+bw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
access-control-allow-origin
*
content-length
1688
origin-agent-cluster
?1
b47cbdb8030bef7eda53.png
assets.gumroad.com/packs/static/
26 KB
26 KB
Image
General
Full URL
https://assets.gumroad.com/packs/static/b47cbdb8030bef7eda53.png
Requested by
Host: assets.gumroad.com
URL: https://assets.gumroad.com/packs/css/design-a394da1f.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ef3ea5bbf01d5f22e0284f19366a8049a81245a49b3d2ea64216a753ee3768b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://assets.gumroad.com/packs/css/design-a394da1f.css

Response headers

cf-bgj
imgq:85,h2pri
etag
"a424b4f4e239c15b206426ec56fe7a32"
age
924363
cf-cache-status
HIT
expires
Tue, 16 Dec 2025 01:08:07 GMT
cf-polished
origFmt=png, origSize=38219
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
lhaGPGLRcf25TT43VjpnzYP3BOG-0L-lvI7UAWYZiZZ9g5qYS1V-LQ==
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
image/webp
content-disposition
inline; filename="b47cbdb8030bef7eda53.webp"
vary
Accept
last-modified
Fri, 01 Nov 2024 18:49:04 GMT
priority
u=3,i
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 8fc19d425c5af8e0ecc9f1d76fca1cf0.cloudfront.net (CloudFront)
cf-ray
8f2ac7c90a125c6f-MIA
accept-ranges
bytes
content-length
26278
x-amz-cf-pop
SFO53-P5
server
cloudflare
x-amz-server-side-encryption
AES256
truncated
/
187 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a794373827e7811c6d590c0a40a08cbf159162001d28f31f228fdafdc7496ee7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://app.gumroad.com
Referer

Response headers

Content-Type
image/svg+xml
6a85036ef2ebb92752d4.woff2
assets.gumroad.com/packs/static/
32 KB
33 KB
Font
General
Full URL
https://assets.gumroad.com/packs/static/6a85036ef2ebb92752d4.woff2
Requested by
Host: assets.gumroad.com
URL: https://assets.gumroad.com/packs/css/design-a394da1f.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.243.99 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1446d22dd1616375b4c16fd6d7743205431331dee65edf9b444b532656ab408

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://app.gumroad.com
Referer
https://assets.gumroad.com/packs/css/design-a394da1f.css

Response headers

access-control-max-age
3000
access-control-expose-headers
ETag, Accept-Ranges, Content-Encoding, Content-Length, Content-Range
cf-cache-status
HIT
etag
"08c77dba84ccfdd0eaed594c1f18f771"
age
1441698
access-control-allow-methods
GET
expires
Tue, 16 Dec 2025 01:08:07 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
InvcKhOHkm_eCZdD28FhHQA7kFlW2W6jgPW7nmqGDfrpSzGyjGjzog==
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
binary/octet-stream
last-modified
Wed, 27 Nov 2024 23:35:47 GMT
vary
Origin, Accept-Encoding
priority
u=0,i=?0
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 773f6821b053a13ecc63d604feb07cb4.cloudfront.net (CloudFront)
cf-ray
8f2ac7c92da8da1f-MIA
accept-ranges
bytes
access-control-allow-origin
*
content-length
33140
x-amz-cf-pop
SFO53-P5
server
cloudflare
x-amz-server-side-encryption
AES256
recommended_products
app.gumroad.com/
5 KB
3 KB
Fetch
General
Full URL
https://app.gumroad.com/recommended_products?cart_product_ids%5B%5D=qalhY6cTc9czV7z_SpOKFA%3D%3D&limit=6
Requested by
Host: assets.gumroad.com
URL: https://assets.gumroad.com/packs/js/webpack-commons-37b4edea8b7158282bc7.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a84375c7ff2ddd137a2c43957f1eeef7e9d0f1e5e45222c2e2a97e812d6b2f48
Security Headers
Name Value
Content-Security-Policy default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly helper.ai app.gumroad.com assets.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com helper.ai unpkg.com/@lottiefiles/lottie-player@latest/ app.gumroad.com assets.gumroad.com; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com fonts.googleapis.com assets.gumroad.com; worker-src * data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

x-csrf-token
mq89fYBid40Zk83ZIXMMJXRA_3MJDgRzu0FMtMkvYJDV7A8MXTwqNm-HvJ_tVh6nmB8LTC1HBeYPReF22lkHDw
Referer
https://app.gumroad.com/checkout?action=show&controller=links&format=html&id=ngbook-two-full&price=7900&product=ZTpNg&rent=false&utm_campaign=ngb_pitch_20200211&utm_content=l5&utm_medium=email&utm_source=newline&wanted=true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
accept
application/json, text/html

Response headers

x-request-id
15e1e744-171c-45fd-9327-4c48a97e2bba
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"a84375c7ff2ddd137a2c43957f1eeef7"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
server-timing
cfCacheStatus;desc="DYNAMIC", cfExtPri
alt-svc
h3=":443"; ma=86400
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
application/json; charset=utf-8
vary
Accept, Origin
x-runtime
0.108480
priority
u=1,i
strict-transport-security
max-age=31536000
content-security-policy
default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly helper.ai app.gumroad.com assets.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com helper.ai unpkg.com/@lottiefiles/lottie-player@latest/ app.gumroad.com assets.gumroad.com; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com fonts.googleapis.com assets.gumroad.com; worker-src * data: blob:
cache-control
max-age=0, private, must-revalidate
x-revision
060b7317a15d
x-download-options
noopen
cf-ray
8f2ac7c919e02281-MIA
x-xss-protection
1; mode=block
x-gr
PROD
server
cloudflare
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e82b848e83a08bc69d4280252c55ab8b2e594ff49ad5d7334c50a2a038c0312f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
rum
app.gumroad.com/cdn-cgi/
0
141 B
XHR
General
Full URL
https://app.gumroad.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
application/json
Referer
https://app.gumroad.com/checkout

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-methods
POST,OPTIONS
x-content-type-options
nosniff
cf-ray
8f2ac7c929ed2281-MIA
access-control-allow-origin
https://app.gumroad.com
date
Mon, 16 Dec 2024 01:08:07 GMT
vary
Origin
server
cloudflare
x-frame-options
DENY
pink-icon-c5f5013768a1da41246e70403f02afc8b34ac89c20f3ba2dd0a01f3973027700.png
assets.gumroad.com/assets/
1 KB
0
Other
General
Full URL
https://assets.gumroad.com/assets/pink-icon-c5f5013768a1da41246e70403f02afc8b34ac89c20f3ba2dd0a01f3973027700.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b432856fdc60a4e677ad282e524cb12dc4bdf90db4334e5857073de41c827d98

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

cf-bgj
imgq:85,h2pri
etag
"2c68031a95dd62671f631107705ac884"
age
1459318
cf-cache-status
HIT
expires
Tue, 16 Dec 2025 01:08:06 GMT
cf-polished
origFmt=png, origSize=1491
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
kFfoo6QPUmfQJ7eKdoVUBsJnaxOkf8iRUykRQWZ1yzLx6PppxoRnAA==
date
Mon, 16 Dec 2024 01:08:06 GMT
content-type
image/webp
content-disposition
inline; filename="pink-icon-c5f5013768a1da41246e70403f02afc8b34ac89c20f3ba2dd0a01f3973027700.webp"
vary
Accept
last-modified
Thu, 10 Oct 2024 15:27:55 GMT
priority
u=1,i
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 15db3cca810568aab246ba24fafd371a.cloudfront.net (CloudFront)
cf-ray
8f2ac7c5cd0f5c6f-MIA
accept-ranges
bytes
content-length
1048
x-amz-cf-pop
SFO53-P5
server
cloudflare
x-amz-server-side-encryption
AES256
sdk.js
connect.facebook.net/en_US/
248 KB
74 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=81a22df3e38f15119ec6ce27916c16d3
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.80.12 Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-yyz1.fbcdn.net
Software
/
Resource Hash
e07d57414f44bfa454335668dec5653eabc795dd4495139026b20d6809d0fca3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://app.gumroad.com
Referer
https://app.gumroad.com/

Response headers

content-md5
snMlM8dn7E57z93lyhRp4A==
access-control-expose-headers
X-FB-Content-MD5
content-encoding
gzip
etag
"ccf08c6a5fcd6f65277698a664a2724d"
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Tue, 16 Dec 2025 00:45:53 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5
cd2e98dc70dfff285581bc2d7827e109
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
UNKNOWN; q=-1, rtt=-1, rtx=0, c=20, mss=1232, tbw=1889, tp=5, tpl=0, uplat=2, ullat=-1
x-fb-debug
ge5Sd1oIsvbsgZDA5lu/t3SK7xincTDWGSa573fkrK35uU85kOTMetg86uy/9SYq/jZwVZE4g4rM2jnlsnu8mg==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
access-control-allow-origin
*
content-length
75154
origin-agent-cluster
?1
anchor
www.google.com/recaptcha/enterprise/ Frame 1BB7
0
0
Document
General
Full URL
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdEheQUAAAAAINzKrEKlLA9RCYb_17LVAl9LCdy&co=aHR0cHM6Ly9hcHAuZ3Vtcm9hZC5jb206NDQz&hl=en&v=pPK749sccDmVW_9DSeTMVvh2&size=invisible&cb=54jbv32f7fa9
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.228 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-gYq4BuZQTucKN238Cvo-gw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://app.gumroad.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-gYq4BuZQTucKN238Cvo-gw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Mon, 16 Dec 2024 01:08:07 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
cart
app.gumroad.com/internal/
0
0
Fetch
General
Full URL
https://app.gumroad.com/internal/cart
Requested by
Host: assets.gumroad.com
URL: https://assets.gumroad.com/packs/js/webpack-commons-37b4edea8b7158282bc7.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly helper.ai app.gumroad.com assets.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com helper.ai unpkg.com/@lottiefiles/lottie-player@latest/ app.gumroad.com assets.gumroad.com; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com fonts.googleapis.com assets.gumroad.com; worker-src * data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

x-csrf-token
mq89fYBid40Zk83ZIXMMJXRA_3MJDgRzu0FMtMkvYJDV7A8MXTwqNm-HvJ_tVh6nmB8LTC1HBeYPReF22lkHDw
Referer
https://app.gumroad.com/checkout
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
accept
application/json, text/html
content-type
application/json

Response headers

x-request-id
7e7735df-c840-4a64-9101-da41497c49fa
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
server-timing
cfCacheStatus;desc="DYNAMIC", cfExtPri
alt-svc
h3=":443"; ma=86400
date
Mon, 16 Dec 2024 01:08:07 GMT
vary
Origin
x-runtime
0.029159
priority
u=1,i
strict-transport-security
max-age=31536000
content-security-policy
default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly helper.ai app.gumroad.com assets.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com helper.ai unpkg.com/@lottiefiles/lottie-player@latest/ app.gumroad.com assets.gumroad.com; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com fonts.googleapis.com assets.gumroad.com; worker-src * data: blob:
cache-control
no-cache
x-revision
060b7317a15d
x-download-options
noopen
cf-ray
8f2ac7c9daab2281-MIA
x-xss-protection
1; mode=block
x-gr
PROD
server
cloudflare
controller-with-preconnect-5276f765afdc5378dd4b3de1c994ccd3.html
js.stripe.com/v3/ Frame 177C
0
0
Document
General
Full URL
https://js.stripe.com/v3/controller-with-preconnect-5276f765afdc5378dd4b3de1c994ccd3.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-77.ewr53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.gumroad.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
8
alt-svc
h3=":443"; ma=86400
cache-control
max-age=60, stale-while-revalidate=900
content-length
651
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 16 Dec 2024 01:08:07 GMT
etag
"5276f765afdc5378dd4b3de1c994ccd3"
last-modified
Fri, 13 Dec 2024 21:02:47 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
x-amz-cf-id
RUgNbqPEVCI16fG-4d8pzFZA912BdtA5Sv6qJrAlS2OdscglVLE5tg==
x-amz-cf-pop
EWR53-P1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
payment-request-inner-google-pay-297654697a16ede0041bbaa12fa590c6.html
js.stripe.com/v3/ Frame 4F98
0
0
Document
General
Full URL
https://js.stripe.com/v3/payment-request-inner-google-pay-297654697a16ede0041bbaa12fa590c6.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-77.ewr53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.gumroad.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
2611
alt-svc
h3=":443"; ma=86400
cache-control
max-age=31536000
content-length
408
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 16 Dec 2024 00:24:36 GMT
etag
"297654697a16ede0041bbaa12fa590c6"
last-modified
Fri, 13 Dec 2024 21:03:01 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
x-amz-cf-id
tfKcW16kokKFtI-rBzVX32jx3F46fLcr3rghwXzjJrdXk1_3KVIzLw==
x-amz-cf-pop
EWR53-P1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
payment-request-inner-browser-cb1d8c1c01606a7ad1b9e3a8f8e5044e.html
js.stripe.com/v3/ Frame 2A39
0
0
Document
General
Full URL
https://js.stripe.com/v3/payment-request-inner-browser-cb1d8c1c01606a7ad1b9e3a8f8e5044e.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-77.ewr53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.gumroad.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
34
alt-svc
h3=":443"; ma=86400
cache-control
max-age=60, stale-while-revalidate=900
content-length
344
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 16 Dec 2024 01:07:36 GMT
etag
"cb1d8c1c01606a7ad1b9e3a8f8e5044e"
last-modified
Fri, 13 Dec 2024 21:03:01 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
x-amz-cf-id
7_HOxnjt0xnoP50JxFJg9HqWCB2nk9R4wsyKJNTbFeD8yW1mpXTAag==
x-amz-cf-pop
EWR53-P1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
elements-inner-card-e6bb1d07737ec8f171786f381f4d7846.html
js.stripe.com/v3/ Frame B2BC
0
0
Document
General
Full URL
https://js.stripe.com/v3/elements-inner-card-e6bb1d07737ec8f171786f381f4d7846.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-77.ewr53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com https://files.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.gumroad.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
376
alt-svc
h3=":443"; ma=86400
cache-control
max-age=31536000
content-encoding
gzip
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com https://files.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 16 Dec 2024 01:01:52 GMT
etag
W/"e6bb1d07737ec8f171786f381f4d7846"
last-modified
Fri, 13 Dec 2024 21:02:47 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
x-amz-cf-id
Ap8VDe_eXbqvbUjVlxVRhcK5VyJ8OkSJc5LtMIoY9HXxpwYaNhQZcQ==
x-amz-cf-pop
EWR53-P1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
vl5yzr510obveszv6wuh2upel3zb
public-files.gumroad.com/
247 KB
248 KB
Image
General
Full URL
https://public-files.gumroad.com/vl5yzr510obveszv6wuh2upel3zb
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c2959f8c0a6c1a1c0a55b58ada0821eacd95c9e171ba4696b22958e1a0dcb169

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

cf-bgj
imgq:85,h2pri
etag
"e2511776c92895d873de904224d2c8ae"
x-amz-version-id
M_2G0ZvgmY6PhkB7mihBUXUJV.XDq2X_
cf-cache-status
HIT
age
16408
x-amz-storage-class
INTELLIGENT_TIERING
expires
Tue, 16 Dec 2025 01:08:07 GMT
cf-polished
qual=85, origFmt=jpeg, origSize=1502858
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
Q88-HE0G1bGoszQfXg_VgLyxE-Si_W93NIVr-OJ4GbufuJDrYUGaGA==
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
image/webp
vary
Accept
last-modified
Fri, 10 Mar 2023 16:53:46 GMT
priority
u=1,i
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 f6aa55cabc0b20caada7bab610edab54.cloudfront.net (CloudFront)
cf-ray
8f2ac7cacce85c6f-MIA
accept-ranges
bytes
content-length
252870
x-amz-cf-pop
SFO53-P4
server
cloudflare
x-amz-server-side-encryption
AES256
f9z3oy8ss7zc3tm2w8hnhwnfo9hk
public-files.gumroad.com/
5 KB
5 KB
Image
General
Full URL
https://public-files.gumroad.com/f9z3oy8ss7zc3tm2w8hnhwnfo9hk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4dc3b0a6d15addd525529bfb5d1aceba7ef47893f4a734e04cc2a5eebda3ee3a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

cf-bgj
imgq:85,h2pri
etag
"b59e8b9942b41beb0f9360a352f9dd13"
x-amz-version-id
nOlQTaDX7kc4oGxQ9CrESjtiOJHLdz.P
cf-cache-status
HIT
age
29343
expires
Tue, 16 Dec 2025 01:08:07 GMT
cf-polished
origFmt=png, origSize=7899
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
L3ciC9YgH_kzeds9TY-b0McndZY_yHOsqfk5lruQUivuKvV2QcGXag==
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
image/webp
vary
Accept
last-modified
Thu, 09 Mar 2023 10:02:12 GMT
priority
u=1,i
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 fdd1eada351372fafa8612323f367f28.cloudfront.net (CloudFront)
cf-ray
8f2ac7cacd005c6f-MIA
accept-ranges
bytes
content-length
4928
x-amz-cf-pop
SFO53-P4
server
cloudflare
x-amz-server-side-encryption
AES256
yjj3j640i0ccq5o2zdc79fmnpgzd
public-files.gumroad.com/
181 KB
182 KB
Image
General
Full URL
https://public-files.gumroad.com/yjj3j640i0ccq5o2zdc79fmnpgzd
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54fdf51176d0c5379939749bc1e5a409dc7656a28955caea9d32532b4d602833

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

cf-bgj
imgq:85,h2pri
etag
"456caceb1203be2782b73093b175d73d"
x-amz-version-id
4QHzKMKJxMnsWwUX.Y0Eoacd3Th4YP30
cf-cache-status
HIT
x-amz-storage-class
INTELLIGENT_TIERING
expires
Tue, 16 Dec 2025 01:08:07 GMT
cf-polished
origFmt=png, origSize=266550
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
qtiJ2XKr8W-aS2K3VEUOlKQSp3WFhNEQiNV9ia2Cf0GmthWnWLlzcw==
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
image/webp
vary
Accept
last-modified
Sat, 11 Mar 2023 21:12:30 GMT
priority
u=1,i
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 358e63d59d1ffece8f5b2a43b8a2a0bc.cloudfront.net (CloudFront)
cf-ray
8f2ac7caccfc5c6f-MIA
accept-ranges
bytes
content-length
185358
x-amz-cf-pop
SFO53-P4
server
cloudflare
x-amz-server-side-encryption
AES256
qve5ztbml8izdv8y8q6a6xv2hpf7
public-files.gumroad.com/
181 KB
182 KB
Image
General
Full URL
https://public-files.gumroad.com/qve5ztbml8izdv8y8q6a6xv2hpf7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54fdf51176d0c5379939749bc1e5a409dc7656a28955caea9d32532b4d602833

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

cf-bgj
imgq:85,h2pri
etag
"1d1fefc83bd49f8d5c7cf05c26d42147"
x-amz-version-id
hEFBNBF3nvOlvuxx8fGgB7N8RLRXWsqI
cf-cache-status
HIT
age
29343
x-amz-storage-class
INTELLIGENT_TIERING
expires
Tue, 16 Dec 2025 01:08:07 GMT
cf-polished
origFmt=png, origSize=266550
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
7lURjvPI0hJPllAnOlco83t-0Zw1uivfmY4J7Sc_AboGdeDr9PvNpg==
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
image/webp
vary
Accept
last-modified
Fri, 10 Mar 2023 07:57:52 GMT
priority
u=1,i
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 16523cce37523eba437c692a0fe3e8b4.cloudfront.net (CloudFront)
cf-ray
8f2ac7caccf05c6f-MIA
accept-ranges
bytes
content-length
185358
x-amz-cf-pop
SFO53-P4
server
cloudflare
x-amz-server-side-encryption
AES256
p3tzgaybt2ytp3cpmu4g2jxlxc6k
public-files.gumroad.com/
211 KB
212 KB
Image
General
Full URL
https://public-files.gumroad.com/p3tzgaybt2ytp3cpmu4g2jxlxc6k
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eba7ecf1ac70b39d87508271b76353baacbe96bedc385c9e286bcdea22d17398

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

cf-bgj
imgq:85,h2pri
etag
"008d04723273c5860efe7d4bf77be24d"
x-amz-version-id
_j8W6mYQTbwvG1UdY_LDrWCDJ2n5TTVa
cf-cache-status
HIT
age
29343
x-amz-storage-class
INTELLIGENT_TIERING
expires
Tue, 16 Dec 2025 01:08:07 GMT
cf-polished
origFmt=png, origSize=320462
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
C5k2GfNJ-S2HL53_ARxo-jdFFpVd9sOqOnmp4K4xsVdQ6oSCCtCAPg==
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
image/webp
vary
Accept
last-modified
Sun, 26 Feb 2023 14:35:11 GMT
priority
u=1,i
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 fcfb767b5ad15bbc6d9e5b12d89c5172.cloudfront.net (CloudFront)
cf-ray
8f2ac7caccf95c6f-MIA
accept-ranges
bytes
content-length
216414
x-amz-cf-pop
SFO53-P4
server
cloudflare
x-amz-server-side-encryption
AES256
288iicq3bm3myswfjno09spufuxw
public-files.gumroad.com/
102 KB
103 KB
Image
General
Full URL
https://public-files.gumroad.com/288iicq3bm3myswfjno09spufuxw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
64809bfee1222bec706fd37f24a752e9f6e1cdd48dd04745ccbbf9e95d018e2f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

cf-bgj
imgq:85,h2pri
etag
"30231492ff4944cb1ae4d3ec12e29982"
x-amz-version-id
ikKJLx_3yD1Xa_g8VdwPcn83wo2x6a8G
cf-cache-status
HIT
age
16408
x-amz-storage-class
INTELLIGENT_TIERING
expires
Tue, 16 Dec 2025 01:08:07 GMT
cf-polished
qual=85, origFmt=jpeg, origSize=937039
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
02RDE2MnJlcyIp6IxGw6I1L2YaImxid2580uV-q5_qZR2Ys_G2-LGg==
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
image/webp
vary
Accept
last-modified
Sun, 26 Feb 2023 14:39:01 GMT
priority
u=1,i
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 09a6126b061d0cdf434b3e3d2aab0c6c.cloudfront.net (CloudFront)
cf-ray
8f2ac7caccee5c6f-MIA
accept-ranges
bytes
content-length
104618
x-amz-cf-pop
SFO53-P4
server
cloudflare
x-amz-server-side-encryption
AES256
5tontopornbb1apjhdrdcpedw5et
public-files.gumroad.com/
61 KB
61 KB
Image
General
Full URL
https://public-files.gumroad.com/5tontopornbb1apjhdrdcpedw5et
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1160a5f7934f7cbf343d7971ead1cc14758479627ec1089491c34fabf3e88c8f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

cf-bgj
imgq:85,h2pri
etag
"163f716202c9ec0b9a85a04804779228"
x-amz-version-id
Ccs1iLlu_BB4OEZMWT6cHg5tQLg2kLD.
cf-cache-status
HIT
age
16409
x-amz-storage-class
INTELLIGENT_TIERING
expires
Tue, 16 Dec 2025 01:08:07 GMT
cf-polished
qual=85, origFmt=jpeg, origSize=165648
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
lRthC9I_T85kSrEfdXljHOrLPj8Kvx-VM1DusOaCF08akEKH3zpuQA==
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
image/webp
vary
Accept
last-modified
Sun, 12 Mar 2023 02:20:49 GMT
priority
u=1,i
server-timing
cfExtPri
cache-control
public, max-age=31536000
via
1.1 23ad473482cbcecf7ea47ad47c955886.cloudfront.net (CloudFront)
cf-ray
8f2ac7caccf35c6f-MIA
accept-ranges
bytes
content-length
62018
x-amz-cf-pop
SFO53-P4
server
cloudflare
x-amz-server-side-encryption
AES256
js
www.googletagmanager.com/gtag/
271 KB
95 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-6LJN6D94N6&l=dataLayer&cx=c&gtm=453e4cc1za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8fecaebbc924762d9c646b6c90cebd859c4adb27517921f064acf0a3eaf5b169
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 16 Dec 2024 01:08:07 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
97234
x-xss-protection
0
server
Google Tag Manager
truncated
/
445 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ffc0e29f8f161874c9063b81d9259888f66a623a6be973441fe7427551c06390

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://app.gumroad.com
Referer

Response headers

Content-Type
image/svg+xml
status
www.facebook.com/x/oauth/
0
0
Fetch
General
Full URL
https://www.facebook.com/x/oauth/status?client_id=149071038533330&input_token&origin=1&redirect_uri=https%3A%2F%2Fapp.gumroad.com%2Fcheckout&sdk=joey&wants_cookie_data=false
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=81a22df3e38f15119ec6ce27916c16d3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.80.36 Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-yyz1.facebook.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

access-control-expose-headers
fb-s
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7448810259853346342"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
text/plain; charset=UTF-8
x-fb-debug
urpIjzrAVcBK0vKPWqPxy9TdEYWqLXU6Aci42OIDbJ6iONg8SWuAu+U/66m11rxOReXlzJJ5IT7vxm+dGjHnug==
priority
u=1,i
strict-transport-security
max-age=15552000; preload
reporting-endpoints
default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7448810259853346342", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
cache-control
private, no-cache, no-store, must-revalidate
x-fb-connection-quality
GOOD; q=0.7, rtt=65, rtx=0, c=23, mss=1232, tbw=4474, tp=9, tpl=0, uplat=68, ullat=0
pragma
no-cache
fb-s
unknown
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
access-control-allow-origin
https://app.gumroad.com
content-length
0
origin-agent-cluster
?1
customer_surcharge
app.gumroad.com/
115 B
2 KB
Fetch
General
Full URL
https://app.gumroad.com/customer_surcharge
Requested by
Host: assets.gumroad.com
URL: https://assets.gumroad.com/packs/js/webpack-commons-37b4edea8b7158282bc7.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.176.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f898ddd01e98d56496c1634019ac067b88ee9c421f80802c2c695f8b58d2b040
Security Headers
Name Value
Content-Security-Policy default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly helper.ai app.gumroad.com assets.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com helper.ai unpkg.com/@lottiefiles/lottie-player@latest/ app.gumroad.com assets.gumroad.com; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com fonts.googleapis.com assets.gumroad.com; worker-src * data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

x-csrf-token
mq89fYBid40Zk83ZIXMMJXRA_3MJDgRzu0FMtMkvYJDV7A8MXTwqNm-HvJ_tVh6nmB8LTC1HBeYPReF22lkHDw
Referer
https://app.gumroad.com/checkout
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
accept
application/json, text/html
content-type
application/json

Response headers

x-request-id
63d089a9-b6e4-4c33-bff1-6cd2b23b94e9
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"f898ddd01e98d56496c1634019ac067b"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
server-timing
cfCacheStatus;desc="DYNAMIC", cfExtPri
alt-svc
h3=":443"; ma=86400
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
application/json; charset=utf-8
vary
Accept, Origin
x-runtime
0.030373
priority
u=1,i
strict-transport-security
max-age=31536000
content-security-policy
default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly helper.ai app.gumroad.com assets.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com helper.ai unpkg.com/@lottiefiles/lottie-player@latest/ app.gumroad.com assets.gumroad.com; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com fonts.googleapis.com assets.gumroad.com; worker-src * data: blob:
cache-control
max-age=0, private, must-revalidate
x-revision
060b7317a15d
x-download-options
noopen
cf-ray
8f2ac7cb3c522281-MIA
x-xss-protection
1; mode=block
x-gr
PROD
server
cloudflare
collect
www.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-6LJN6D94N6&gtm=45je4cc1v883148965za200&_p=1734311287101&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1873190819.1734311288&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1734311287&sct=1&seg=0&dl=https%3A%2F%2Fapp.gumroad.com%2Fcheckout&dt=Gumroad&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.dimension1=Not%20logged%20in&tfd=2398
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6LJN6D94N6&l=dataLayer&cx=c&gtm=453e4cc1za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://app.gumroad.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://app.gumroad.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 01:08:07 GMT
content-type
text/plain
server
Golfe2
link-modal-inner-aef0d4b64ce6c2758bdb59bb5ce5a4cb.html
js.stripe.com/v3/ Frame 09A0
0
0
Document
General
Full URL
https://js.stripe.com/v3/link-modal-inner-aef0d4b64ce6c2758bdb59bb5ce5a4cb.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
52.85.61.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-77.ewr53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com https://errors.stripe.com https://api.stripe.com https://merchant-ui-api.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com https://checkout.link.com; img-src 'self' https://js.stripe.com https://q.stripe.com https://b.stripecdn.com; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.gumroad.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
54
alt-svc
h3=":443"; ma=86400
cache-control
max-age=60, stale-while-revalidate=900
content-length
807
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com https://errors.stripe.com https://api.stripe.com https://merchant-ui-api.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com https://checkout.link.com; img-src 'self' https://js.stripe.com https://q.stripe.com https://b.stripecdn.com; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com https://errors.stripe.com https://api.stripe.com https://merchant-ui-api.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com https://checkout.link.com; img-src 'self' https://js.stripe.com https://q.stripe.com https://b.stripecdn.com; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 16 Dec 2024 01:07:16 GMT
etag
"aef0d4b64ce6c2758bdb59bb5ce5a4cb"
last-modified
Fri, 13 Dec 2024 21:03:01 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 960b27f23df49cd65e51133bf80b9878.cloudfront.net (CloudFront)
x-amz-cf-id
11-V1_28-PEuLsCJLTrexARVSPP6bDr3oJNrfuuT4gpuIcElXqjeOw==
x-amz-cf-pop
EWR53-P1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
bframe
www.google.com/recaptcha/enterprise/ Frame 96B4
0
0
Document
General
Full URL
https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=pPK749sccDmVW_9DSeTMVvh2&k=6LdEheQUAAAAAINzKrEKlLA9RCYb_17LVAl9LCdy
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.228 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-8cBHAQOYURDnMhcwykaBSQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://app.gumroad.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-8cBHAQOYURDnMhcwykaBSQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Mon, 16 Dec 2024 01:08:08 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
hcaptcha-invisible-b0b185c2af213531b80be390cd58d159.html
js.stripe.com/v3/ Frame B9B2
0
0
Document
General
Full URL
https://js.stripe.com/v3/hcaptcha-invisible-b0b185c2af213531b80be390cd58d159.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
52.85.61.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-77.ewr53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://errors.stripe.com https://r.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com; img-src 'self' https://q.stripe.com; object-src 'none'; script-src 'self' 'sha256-NQQKURm72l/q14xkzM9HQGbNApBMhnderujQyRvIPt0='; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
2846
alt-svc
h3=":443"; ma=86400
cache-control
max-age=31536000
content-encoding
gzip
content-security-policy
base-uri 'none'; connect-src 'self' https://errors.stripe.com https://r.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com; img-src 'self' https://q.stripe.com; object-src 'none'; script-src 'self' 'sha256-NQQKURm72l/q14xkzM9HQGbNApBMhnderujQyRvIPt0='; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 16 Dec 2024 00:20:46 GMT
etag
W/"3c17c88bb6893d6968f09554ccef6c65"
last-modified
Fri, 13 Dec 2024 21:03:00 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 960b27f23df49cd65e51133bf80b9878.cloudfront.net (CloudFront)
x-amz-cf-id
kyjw0o8vsn1LvvchGfOS5jNBnLeCYWQ5_YXaNnlM3qaxNoPBx8ZIFQ==
x-amz-cf-pop
EWR53-P1
x-cache
Hit from cloudfront
x-content-type-options
nosniff

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
assets.gumroad.com
URL
https://assets.gumroad.com/packs/js/webpack-commons-37b4edea8b7158282bc7.js

Verdicts & Comments Add Verdict or Comment

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| __cfQR object| __cfBeacon function| $ function| jQuery object| jQuery183039021285734552125 object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client boolean| __cfRLUnblockHandlers object| webpackChunk object| ReactOnRails boolean| __REACT_ON_RAILS_EVENT_HANDLERS_RAN_ONCE__ string| __reactRouterVersion string| GoogleTagObject function| async object| dataLayer function| gtag object| roots function| fbAsyncInit object| FB object| recaptcha object| closure_lm_79612 object| webpackChunkStripeJSouter function| noop function| Stripe object| google_tag_manager object| google_tag_data object| __buffer object| gaGlobal

8 Cookies

Domain/Path Name / Value
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09AJNbFneNvt7EujcVzFwue2GNszEpKINIVKDTIOZmvLKKAEfL2iy2gKSN5lu534VGFesVqGf0xFGFnQCqu3tbBSA
.gumroad.com/ Name: _gumroad_guid
Value: 0fd61407-9e20-4cce-9924-9a653e6e9152
fullstack.gumroad.com/ Name: _mkra_stck
Value: mysql%3A1734311291.2775211
app.gumroad.com/ Name: _mkra_stck
Value: mysql%3A1734311292.4089704
.gumroad.com/ Name: _gumroad_app_session
Value: JN%2B3aJD8TLHb9FmPOFB388kXkOqcamLHmdvU%2FIM95GlRAQd2Tf5IePqpTUugYXN0fbXUqoietEUlzxfo5rj5t8imivUTPjfuEyfdngx%2BpkfFV8kYGKIlZw4lOv%2BjG31agdqP7ne4FRAcyL%2BYo9SaZRxyPAMZdEquf49i00PXvrqXxrMJqGa6oHzY0q2uthv%2BNPTqDYLzwYnW%2BHmul%2FYswK71jfK8xRizpZpW%2B79CeAtA9cTjrqKtdPhujGrPlhYasmiSEO5XpGgO6dGcmObGQ8%2BlMxlmRj4WlxJDHnmqoGxrjZf%2FDEjAS5nIBzxoyRDztl2Bo6%2FYHDpDL%2F1HFN0XdHhy3x7%2BRT2EMbkc%2FBx8dPCHQ0emCDyuVl2tHTUJeg%3D%3D--io1P40c6sEk677Mb--u4KurMDaGmAYMGJKAk0%2BXQ%3D%3D
.gumroad.com/ Name: _ga_6LJN6D94N6
Value: GS1.1.1734311287.1.0.1734311287.0.0.0
.gumroad.com/ Name: _ga
Value: GA1.1.1873190819.1734311288
api2.hcaptcha.com/ Name: __cflb
Value: 0H28vk2VKwPbLoawFincekpozDKK5F2cXY6aXr85vXX

4 Console Messages

Source Level URL
Text
other warning URL: https://app.gumroad.com/checkout
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other warning URL: https://app.gumroad.com/checkout
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".
other warning URL: https://app.gumroad.com/checkout
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other warning URL: https://app.gumroad.com/checkout
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly helper.ai app.gumroad.com assets.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com helper.ai unpkg.com/@lottiefiles/lottie-player@latest/ app.gumroad.com assets.gumroad.com 'nonce-MsLxlbWQlqAm/gbivk/q/IAKil/F8orrplKU/DULZUA=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com fonts.googleapis.com assets.gumroad.com; worker-src * data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.gumroad.com
assets.gumroad.com
connect.facebook.net
fullstack.gumroad.com
gumroad.com
js.stripe.com
public-files.gumroad.com
pvc7kqsl.r.us-east-1.awstrack.me
sendy.fullstack.io
static.cloudflareinsights.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
assets.gumroad.com
104.17.176.98
104.18.243.99
104.21.80.1
142.251.40.228
151.101.64.176
2606:4700::6810:4f49
2606:4700::6811:b062
2607:f8b0:4006:809::2003
2607:f8b0:4006:81e::2008
2607:f8b0:4006:821::200e
3.210.92.218
31.13.80.12
31.13.80.36
52.85.61.77
1160a5f7934f7cbf343d7971ead1cc14758479627ec1089491c34fabf3e88c8f
16669ddda8f925f37c9a6c9a5fed1d06e4e288702c612ad28b074ef20b3ee57a
2b6599954ca4fcbf1bf67631d857b5d618df0968b69233a6e3037e03febf441c
3ee9a64b382c579c9880abbba138c213166acc6f33d239232a35fae4e0ae7c3e
4005a4a7adc1337dd0a4f7bb1705f7b285f84747cc71206c196b852f85c55f74
4d1b30595c8b50ec931aea5fbb97918c82604cbd27ef299d58d89eca85b6d423
4dc3b0a6d15addd525529bfb5d1aceba7ef47893f4a734e04cc2a5eebda3ee3a
5206b063a33382ab0b387909b601ef85f9b3f5c4e1efad74fdd47338225c78bc
54fdf51176d0c5379939749bc1e5a409dc7656a28955caea9d32532b4d602833
64809bfee1222bec706fd37f24a752e9f6e1cdd48dd04745ccbbf9e95d018e2f
6ef3ea5bbf01d5f22e0284f19366a8049a81245a49b3d2ea64216a753ee3768b
6faaebe24657c56a1bb634619ec985ee276d8b1be178ecd8d9937420f608015c
73dd640564004ec8730e7f3433b9dfaa6876ac3a27e6964a17834f07f6d56116
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8fecaebbc924762d9c646b6c90cebd859c4adb27517921f064acf0a3eaf5b169
a794373827e7811c6d590c0a40a08cbf159162001d28f31f228fdafdc7496ee7
a84375c7ff2ddd137a2c43957f1eeef7e9d0f1e5e45222c2e2a97e812d6b2f48
b432856fdc60a4e677ad282e524cb12dc4bdf90db4334e5857073de41c827d98
bae54329217082cbe6014e951e2ec57403bf7277b4dbd0989af50b9454aba0b9
bde6d5fb61a996e7934ade68f22c8f9b1d8576f6fef15cc93f625f6b762241b1
c2959f8c0a6c1a1c0a55b58ada0821eacd95c9e171ba4696b22958e1a0dcb169
c4963b11885de84dc80d621f86237fef35e110cfabc8ce96335487c2e16ac047
c7fd5e185c7416915164c6fe596c33c46779af90c4691a7897bc9292d5dfce76
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
df6f5f2656da39e29ff5e0a4c21ae98fd3683a860033dda09f1d44d81a01778c
e07d57414f44bfa454335668dec5653eabc795dd4495139026b20d6809d0fca3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e82b848e83a08bc69d4280252c55ab8b2e594ff49ad5d7334c50a2a038c0312f
eba7ecf1ac70b39d87508271b76353baacbe96bedc385c9e286bcdea22d17398
f1446d22dd1616375b4c16fd6d7743205431331dee65edf9b444b532656ab408
f649f09785ce519f13a7276843df4bb718e27d17d5f8477e5eecdaa9135c1b11
f898ddd01e98d56496c1634019ac067b88ee9c421f80802c2c695f8b58d2b040
ffc0e29f8f161874c9063b81d9259888f66a623a6be973441fe7427551c06390