metabase-customer-sandbox.joincandidhealth.com Open in urlscan Pro
34.160.100.137 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://metabase-customer-sandbox.joincandidhealth.com/
Submission: On August 24 via automatic, source certstream-suspicious (August 24th 2024, 5:59:59 pm UTC) — Scanned from CA

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 15 HTTP transactions. The main IP is 34.160.100.137, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is metabase-customer-sandbox.joincandidhealth.com.
TLS certificate: Issued by WR3 on August 24th 2024. Valid for: 3 months.

This is the only time metabase-customer-sandbox.joincandidhealth.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
15	34.160.100.137 34.160.100.137		396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
15	1

15 34.160.100.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.100.160.34.bc.googleusercontent.com

metabase-customer-sandbox.joincandidhealth.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	joincandidhealth.com metabase-customer-sandbox.joincandidhealth.com	3 MB
15	1

	Domain	Requested by
15	metabase-customer-sandbox.joincandidhealth.com	metabase-customer-sandbox.joincandidhealth.com
15	1

This site contains no links.

Subject Issuer	Validity	Valid
metabase-customer-sandbox.joincandidhealth.com WR3	`2024-08-24` - `2024-11-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://metabase-customer-sandbox.joincandidhealth.com/
Frame ID: F6DBAA206C6331A6D32ED04D75289B58
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login · Metabase

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

2710 kB
Transfer

11797 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
metabase-customer-sandbox.joincandidhealth.com/ 86 KB
12 KB 414ms
65ms Document
text/html 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

783dab27139e2bfc2a74ddb9bd89df04d57d4dfa5999a2ba76eefe1cccc37367

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
content-encoding: gzip
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
content-type: text/html;charset=utf-8
date: Sat, 24 Aug 2024 17:59:51 GMT
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 24 Aug 2024 17:59:51 GMT
server: Jetty(11.0.14)
strict-transport-security: max-age=31536000
via: 1.1 google
x-content-type-options: nosniff
x-frame-options: DENY
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

GET
H2 200 styles.css
metabase-customer-sandbox.joincandidhealth.com/app/dist/ 98 KB
21 KB 83ms
80ms Stylesheet
text/css 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/app/dist/styles.css?10cd540a50370a0ca610

Requested by

Host: metabase-customer-sandbox.joincandidhealth.com
URL: https://metabase-customer-sandbox.joincandidhealth.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

67ad2217e1c710d66c82460d1fe9c0436a505144b23f65cc43f3a1b3b54d86bc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metabase-customer-sandbox.joincandidhealth.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
date: Sat, 24 Aug 2024 17:59:51 GMT
last-modified: Tue, 08 Aug 2023 19:43:56 GMT
x-permitted-cross-domain-policies: none
server: Jetty(11.0.14)
content-encoding: gzip
x-frame-options: DENY
content-type: text/css
via: 1.1 google
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 app-main.css
metabase-customer-sandbox.joincandidhealth.com/app/dist/ 112 KB
23 KB 88ms
87ms Stylesheet
text/css 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/app/dist/app-main.css?6d6a3bfd4b906309c4b7

Requested by

Host: metabase-customer-sandbox.joincandidhealth.com
URL: https://metabase-customer-sandbox.joincandidhealth.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

dab9bca6d79ca0738482cc0e1c8cc198f404b4bc6a84a8b006b146deac52de56

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metabase-customer-sandbox.joincandidhealth.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
date: Sat, 24 Aug 2024 17:59:51 GMT
last-modified: Tue, 08 Aug 2023 19:43:56 GMT
x-permitted-cross-domain-policies: none
server: Jetty(11.0.14)
content-encoding: gzip
x-frame-options: DENY
content-type: text/css
via: 1.1 google
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 runtime.bundle.js Show response
metabase-customer-sandbox.joincandidhealth.com/app/dist/ 3 KB
2 KB 78ms
77ms Script
text/javascript 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/app/dist/runtime.bundle.js?3e216fd498c696c37e92

Requested by

Host: metabase-customer-sandbox.joincandidhealth.com
URL: https://metabase-customer-sandbox.joincandidhealth.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

592b0a511dd2374eeceae7e4d67bb30be7030c0a09205b5c0ff684ad031866bd

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metabase-customer-sandbox.joincandidhealth.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
date: Sat, 24 Aug 2024 17:59:51 GMT
last-modified: Tue, 08 Aug 2023 19:43:56 GMT
x-permitted-cross-domain-policies: none
server: Jetty(11.0.14)
content-encoding: gzip
x-frame-options: DENY
content-type: text/javascript
via: 1.1 google
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 styles.bundle.js Show response
metabase-customer-sandbox.joincandidhealth.com/app/dist/ 260 B
336 B 77ms
76ms Script
text/javascript 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/app/dist/styles.bundle.js?18863dc168329c0e885e

Requested by

Host: metabase-customer-sandbox.joincandidhealth.com
URL: https://metabase-customer-sandbox.joincandidhealth.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

e76418a42f873e5d4c386e612ee595ed103c2443bf26cc488b5f2289fea65b5a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metabase-customer-sandbox.joincandidhealth.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
date: Sat, 24 Aug 2024 17:59:51 GMT
last-modified: Tue, 08 Aug 2023 19:43:56 GMT
x-permitted-cross-domain-policies: none
server: Jetty(11.0.14)
content-encoding: gzip
x-frame-options: DENY
content-type: text/javascript
via: 1.1 google
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 vendor.bundle.js Show response
metabase-customer-sandbox.joincandidhealth.com/app/dist/ 5 MB
1 MB 79ms
78ms Script
text/javascript 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/app/dist/vendor.bundle.js?848e9dcca901d8a224e3

Requested by

Host: metabase-customer-sandbox.joincandidhealth.com
URL: https://metabase-customer-sandbox.joincandidhealth.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

173ca5ec3e8056220313cd02e07973423decbed90423fa27214cc3c599b910d0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metabase-customer-sandbox.joincandidhealth.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
date: Sat, 24 Aug 2024 17:59:51 GMT
last-modified: Tue, 08 Aug 2023 19:43:56 GMT
x-permitted-cross-domain-policies: none
server: Jetty(11.0.14)
content-encoding: gzip
x-frame-options: DENY
content-type: text/javascript
via: 1.1 google
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 app-main.bundle.js Show response
metabase-customer-sandbox.joincandidhealth.com/app/dist/ 6 MB
1 MB 92ms
91ms Script
text/javascript 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/app/dist/app-main.bundle.js?2c471f3388e93c7d8bde

Requested by

Host: metabase-customer-sandbox.joincandidhealth.com
URL: https://metabase-customer-sandbox.joincandidhealth.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

3dacc4eadb4069158ffc3b9ef331dfc10240cf5fb42afd1868ae5ae2e41bf358

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metabase-customer-sandbox.joincandidhealth.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
date: Sat, 24 Aug 2024 17:59:51 GMT
last-modified: Tue, 08 Aug 2023 19:43:56 GMT
x-permitted-cross-domain-policies: none
server: Jetty(11.0.14)
content-encoding: gzip
x-frame-options: DENY
content-type: text/javascript
via: 1.1 google
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H3 401 current Show response
metabase-customer-sandbox.joincandidhealth.com/api/user/ 15 B
37 B 53ms
53ms XHR
text/plain 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/api/user/current

Requested by

Host: metabase-customer-sandbox.joincandidhealth.com
URL: https://metabase-customer-sandbox.joincandidhealth.com/app/dist/app-main.bundle.js?2c471f3388e93c7d8bde

Protocol

Security

QUIC, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

76f4e015467e2ad3550fc408bcf4f7d2a391d363e9993df7b0d95e4859ed5c53

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json
Referer: https://metabase-customer-sandbox.joincandidhealth.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
date: Sat, 24 Aug 2024 17:59:53 GMT
last-modified: Sat, 24 Aug 2024 17:59:53 GMT
x-permitted-cross-domain-policies: none
server: Jetty(11.0.14)
via: 1.1 google
x-frame-options: DENY
content-type: text/plain
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
x-xss-protection: 1; mode=block
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H3 200 properties Show response
metabase-customer-sandbox.joincandidhealth.com/api/session/ 83 KB
10 KB 72ms
71ms XHR
application/json 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/api/session/properties

Requested by

Host: metabase-customer-sandbox.joincandidhealth.com
URL: https://metabase-customer-sandbox.joincandidhealth.com/app/dist/app-main.bundle.js?2c471f3388e93c7d8bde

Protocol

Security

QUIC, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

e458ea2ae3a3a0fc21b6f9596f8b4a3e5b00d6c744df98e53740f93e3f5963ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json
Referer: https://metabase-customer-sandbox.joincandidhealth.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
date: Sat, 24 Aug 2024 17:59:53 GMT
last-modified: Sat, 24 Aug 2024 17:59:53 GMT
x-permitted-cross-domain-policies: none
server: Jetty(11.0.14)
content-encoding: gzip
x-frame-options: DENY
content-type: application/json;charset=utf-8
via: 1.1 google
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H3 200 favicon.ico
metabase-customer-sandbox.joincandidhealth.com/app/assets/img/ 7 KB
3 KB 49ms
48ms Other
image/x-icon 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/app/assets/img/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

15dc0bb1ec62374a03d19d5864c8ba84f59929aba93ad3b05927fead9d262173

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metabase-customer-sandbox.joincandidhealth.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
date: Sat, 24 Aug 2024 17:59:53 GMT
last-modified: Sat, 24 Aug 2024 17:59:53 GMT
x-permitted-cross-domain-policies: none
server: Jetty(11.0.14)
content-encoding: gzip
x-frame-options: DENY
content-type: image/x-icon
via: 1.1 google
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H3 200 logo.svg Show response
metabase-customer-sandbox.joincandidhealth.com/app/assets/img/ 6 KB
1 KB 51ms
51ms XHR
image/svg+xml 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/app/assets/img/logo.svg

Requested by

Host: metabase-customer-sandbox.joincandidhealth.com
URL: https://metabase-customer-sandbox.joincandidhealth.com/app/dist/app-main.bundle.js?2c471f3388e93c7d8bde

Protocol

Security

QUIC, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

9e926ba3e779eccc1c0b95b28817771d1cf8a22e833dc896f9474b5b3ac814d9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metabase-customer-sandbox.joincandidhealth.com/auth/login?redirect=%2F
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
date: Sat, 24 Aug 2024 17:59:53 GMT
last-modified: Sat, 24 Aug 2024 17:59:53 GMT
x-permitted-cross-domain-policies: none
server: Jetty(11.0.14)
content-encoding: gzip
x-frame-options: DENY
content-type: image/svg+xml
via: 1.1 google
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H3 200 bridge.svg
metabase-customer-sandbox.joincandidhealth.com/app/img/ 76 KB
5 KB 49ms
49ms Image
image/svg+xml 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/app/img/bridge.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

ab1015574cd05f56b991db47e0a8f655b9bd6afed5c88329ba74e43386f9baaa

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metabase-customer-sandbox.joincandidhealth.com/auth/login?redirect=%2F
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
date: Sat, 24 Aug 2024 17:59:53 GMT
last-modified: Sat, 24 Aug 2024 17:59:53 GMT
x-permitted-cross-domain-policies: none
server: Jetty(11.0.14)
content-encoding: gzip
x-frame-options: DENY
content-type: image/svg+xml
via: 1.1 google
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H3 200 f1405bd8a987c2ea8a67.woff2
metabase-customer-sandbox.joincandidhealth.com/app/dist/ 22 KB
22 KB 51ms
50ms Font
font/woff2 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/app/dist/f1405bd8a987c2ea8a67.woff2

Requested by

Host: metabase-customer-sandbox.joincandidhealth.com
URL: https://metabase-customer-sandbox.joincandidhealth.com/app/dist/styles.css?10cd540a50370a0ca610

Protocol

Security

QUIC, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metabase-customer-sandbox.joincandidhealth.com/app/dist/styles.css?10cd540a50370a0ca610
Origin: https://metabase-customer-sandbox.joincandidhealth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
date: Sat, 24 Aug 2024 17:59:53 GMT
last-modified: Tue, 08 Aug 2023 19:43:56 GMT
x-permitted-cross-domain-policies: none
server: Jetty(11.0.14)
content-encoding: gzip
x-frame-options: DENY
content-type: font/woff2
via: 1.1 google
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H3 200 favicon.ico
metabase-customer-sandbox.joincandidhealth.com/app/assets/img/ 7 KB
3 KB 49ms
48ms Other
image/x-icon 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/app/assets/img/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

15dc0bb1ec62374a03d19d5864c8ba84f59929aba93ad3b05927fead9d262173

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metabase-customer-sandbox.joincandidhealth.com/auth/login?redirect=%2F
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
date: Sat, 24 Aug 2024 17:59:53 GMT
last-modified: Sat, 24 Aug 2024 17:59:53 GMT
x-permitted-cross-domain-policies: none
server: Jetty(11.0.14)
content-encoding: gzip
x-frame-options: DENY
content-type: image/x-icon
via: 1.1 google
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H3 200 65e877e527022735c1a1.woff2
metabase-customer-sandbox.joincandidhealth.com/app/dist/ 23 KB
23 KB 73ms
73ms Font
font/woff2 34.160.100.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://metabase-customer-sandbox.joincandidhealth.com/app/dist/65e877e527022735c1a1.woff2

Requested by

Host: metabase-customer-sandbox.joincandidhealth.com
URL: https://metabase-customer-sandbox.joincandidhealth.com/app/dist/styles.css?10cd540a50370a0ca610

Protocol

Security

QUIC, , AES_128_GCM

Server

34.160.100.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.100.160.34.bc.googleusercontent.com

Software

Jetty(11.0.14) /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metabase-customer-sandbox.joincandidhealth.com/app/dist/styles.css?10cd540a50370a0ca610
Origin: https://metabase-customer-sandbox.joincandidhealth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
x-content-type-options: nosniff
date: Sat, 24 Aug 2024 17:59:53 GMT
last-modified: Tue, 08 Aug 2023 19:43:56 GMT
x-permitted-cross-domain-policies: none
server: Jetty(11.0.14)
content-encoding: gzip
x-frame-options: DENY
content-type: font/woff2
via: 1.1 google
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			metabase-customer-sandbox.joincandidhealth.com/	1970-01-21 08:38:02	Name: metabase.DEVICE Value: 27e40688-85e1-4167-954a-b02ebddb9ba6

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://metabase-customer-sandbox.joincandidhealth.com/api/user/current Message: Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://accounts.google.com 'sha256-K2AkR/jTLsGV8PyzWha7/ey1iaD9c5jWRYwa++ZlMZc=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src ; img-src 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

metabase-customer-sandbox.joincandidhealth.com
34.160.100.137
15dc0bb1ec62374a03d19d5864c8ba84f59929aba93ad3b05927fead9d262173
173ca5ec3e8056220313cd02e07973423decbed90423fa27214cc3c599b910d0
3dacc4eadb4069158ffc3b9ef331dfc10240cf5fb42afd1868ae5ae2e41bf358
592b0a511dd2374eeceae7e4d67bb30be7030c0a09205b5c0ff684ad031866bd
67ad2217e1c710d66c82460d1fe9c0436a505144b23f65cc43f3a1b3b54d86bc
76f4e015467e2ad3550fc408bcf4f7d2a391d363e9993df7b0d95e4859ed5c53
783dab27139e2bfc2a74ddb9bd89df04d57d4dfa5999a2ba76eefe1cccc37367
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
9e926ba3e779eccc1c0b95b28817771d1cf8a22e833dc896f9474b5b3ac814d9
ab1015574cd05f56b991db47e0a8f655b9bd6afed5c88329ba74e43386f9baaa
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
dab9bca6d79ca0738482cc0e1c8cc198f404b4bc6a84a8b006b146deac52de56
e458ea2ae3a3a0fc21b6f9596f8b4a3e5b00d6c744df98e53740f93e3f5963ab
e76418a42f873e5d4c386e612ee595ed103c2443bf26cc488b5f2289fea65b5a

metabase-customer-sandbox.joincandidhealth.com Open in urlscan Pro 34.160.100.137 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

2710 kBTransfer

11797 kBSize

1 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

metabase-customer-sandbox.joincandidhealth.com Open in urlscan Pro
34.160.100.137 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

2710 kB
Transfer

11797 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions