urlscan.io logo urlscan.io
SecurityTrails logo

portal.igbv-online.de Open in urlscan Pro
151.101.1.195  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://portal.igbv-online.de/
Effective URL: https://portal.igbv-online.de/
Submission: On October 12 via api from GB — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 15 HTTP transactions. The main IP is 151.101.1.195, located in United States and belongs to FASTLY, US. The main domain is portal.igbv-online.de.
TLS certificate: Issued by GTS CA 1D4 on October 12th 2023. Valid for: 3 months.
This is the only time portal.igbv-online.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 151.101.1.195 54113 (FASTLY)
1 3.124.81.28 16509 (AMAZON-02)
2 34.120.195.249 396982 (GOOGLE-CL...)
2 108.138.17.25 16509 (AMAZON-02)
1 18.66.97.53 16509 (AMAZON-02)
1 13.32.27.54 16509 (AMAZON-02)
1 18.66.112.79 16509 (AMAZON-02)
15 7
8    151.101.1.195 (United States)

ASN54113 (FASTLY, US)
portal.igbv-online.de
1    3.124.81.28 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-81-28.eu-central-1.compute.amazonaws.com
payments-js.element.in
2    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o151972.ingest.sentry.io
2    108.138.17.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-25.fra56.r.cloudfront.net
customer-portal-api.element.in
1    18.66.97.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-53.fra56.r.cloudfront.net
static.hotjar.com
1    13.32.27.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-54.fra56.r.cloudfront.net
script.hotjar.com
1    18.66.112.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-79.fra56.r.cloudfront.net
vc.hotjar.io
Apex Domain
Subdomains		 Transfer
8 igbv-online.de
portal.igbv-online.de
499 KB
3 element.in
payments-js.element.in
customer-portal-api.element.in
26 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 901
script.hotjar.com — Cisco Umbrella Rank: 1101
60 KB
2 sentry.io
o151972.ingest.sentry.io
345 B
1 hotjar.io
vc.hotjar.io — Cisco Umbrella Rank: 2992
258 B
15 5
Domain Requested by
8 portal.igbv-online.de 1 redirects portal.igbv-online.de
2 customer-portal-api.element.in portal.igbv-online.de
2 o151972.ingest.sentry.io portal.igbv-online.de
1 vc.hotjar.io portal.igbv-online.de
1 script.hotjar.com static.hotjar.com
1 static.hotjar.com portal.igbv-online.de
1 payments-js.element.in portal.igbv-online.de
15 7

This site contains links to these domains. Also see Links.

Domain
www.igbv-info.de
Subject Issuer Validity Valid
fahrsicher.ihr-versicherungsschutz.at
GTS CA 1D4		 2023-10-12 -
2024-01-10		 3 months crt.sh
*.element.in
Amazon RSA 2048 M02		 2023-02-14 -
2024-02-05		 a year crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-25 -
2024-08-24		 a year crt.sh
element.in
Amazon RSA 2048 M03		 2023-08-30 -
2024-09-27		 a year crt.sh
*.hotjar.com
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
*.hotjar.io
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh

This page contains 2 frames:

Primary Page: https://portal.igbv-online.de/
Frame ID: 02B20E91A860D7842BEBD18389701E8F
Requests: 14 HTTP requests in this frame

Frame: https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786
Frame ID: 123914BFB02EB24C67E61FA411B6EAEF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

IGBV

Page URL History Show full URLs

  1. http://portal.igbv-online.de/ HTTP 301
    https://portal.igbv-online.de/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+data-react
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

7
IPs

2
Countries

584 kB
Transfer

2300 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://portal.igbv-online.de/ HTTP 301
    https://portal.igbv-online.de/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
portal.igbv-online.de/
Redirect Chain
  • http://portal.igbv-online.de/
  • https://portal.igbv-online.de/
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://portal.igbv-online.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2633301cad77d2bc4c42856c96d8e06d46dd7a51dfcc5ea27a26cb78ff086cf4
Security Headers
Name Value
Content-Security-Policy object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
Strict-Transport-Security max-age=31556926
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1;mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=3600
content-encoding
br
content-length
393
content-security-policy
object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
content-type
text/html; charset=utf-8
date
Thu, 12 Oct 2023 02:00:57 GMT
etag
"1e9fb9bbdef46a9a29e1e43f4e887b61ff1a077f36401e121c19d6b925e7adb7-br"
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; vr 'none'
last-modified
Wed, 11 Oct 2023 09:10:11 GMT
referrer-policy
no-referrer
strict-transport-security
max-age=31556926
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
x-cache-hits
0
x-content-type-options
nosniff
x-frame-options
DENY
x-served-by
cache-fra-etou8220077-FRA
x-timer
S1697076057.119820,VS0,VE67
x-xss-protection
1;mode=block

Redirect headers

Accept-Ranges
bytes
Connection
close
Content-Length
0
Date
Thu, 12 Oct 2023 02:00:56 GMT
Location
https://portal.igbv-online.de/
Retry-After
0
Server
Varnish
X-Cache
HIT
X-Cache-Hits
0
X-Served-By
cache-fra-etou8220078-FRA
X-Timer
S1697076057.996122,VS0,VE0
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
index-ce609af6.js
portal.igbv-online.de/assets/ 		2 MB
427 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.igbv-online.de/assets/index-ce609af6.js
Requested by
Host: portal.igbv-online.de
URL: https://portal.igbv-online.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2c8ed8c81be7d7c540d538a2951f55d6a9d89841be0b71d15e95148495d15c7a
Security Headers
Name Value
Content-Security-Policy object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
Strict-Transport-Security max-age=31556926
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1;mode=block

Request headers

Referer
Origin
https://portal.igbv-online.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy
object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31556926
date
Thu, 12 Oct 2023 02:00:57 GMT
x-cache
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
436896
x-xss-protection
1;mode=block
x-served-by
cache-fra-etou8220077-FRA
referrer-policy
no-referrer
last-modified
Wed, 11 Oct 2023 09:10:11 GMT
x-timer
S1697076057.231600,VS0,VE103
etag
"dd4f34d0b8f5ceaf4cb958f13fb0b0f66b4fdd34f786dc3e7faa387ec5ca03c5-br"
x-frame-options
DENY
vary
x-fh-requested-host, accept-encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; vr 'none'
accept-ranges
bytes
x-cache-hits
0
index-013b8e7d.css
portal.igbv-online.de/assets/ 		148 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.igbv-online.de/assets/index-013b8e7d.css
Requested by
Host: portal.igbv-online.de
URL: https://portal.igbv-online.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
013b8e7d4b0afdb818a2c27a5d8db06f3c8c2dd0c9efde1982d9e6520cbbfda7
Security Headers
Name Value
Content-Security-Policy object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
Strict-Transport-Security max-age=31556926
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy
object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31556926
date
Thu, 12 Oct 2023 02:00:57 GMT
x-cache
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
18034
x-xss-protection
1;mode=block
x-served-by
cache-fra-etou8220077-FRA
referrer-policy
no-referrer
last-modified
Wed, 11 Oct 2023 09:10:11 GMT
x-timer
S1697076057.231738,VS0,VE60
etag
"1db277eca5181749ce2038c7f099a0e7f838755c75c77a68b17f83a8b91bb9ee-br"
x-frame-options
DENY
vary
x-fh-requested-host, accept-encoding
content-type
text/css; charset=utf-8
cache-control
max-age=3600
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; vr 'none'
accept-ranges
bytes
x-cache-hits
0
v1
payments-js.element.in/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments-js.element.in/v1
Requested by
Host: portal.igbv-online.de
URL: https://portal.igbv-online.de/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.124.81.28 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-81-28.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0a3b087681d40a242afa7b7358171237f7a619a00b0684c68dd4e73b94699d62
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://sentry.io; frame-src 'self'; script-src 'self'; img-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; style-src 'self'; report-uri https://sentry.io/api/1395065/security/?sentry_key=965f89a263d743a9a46be4d08d5ce75b
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date
Thu, 12 Oct 2023 02:00:57 GMT
content-security-policy
default-src 'self'; connect-src 'self' https://sentry.io; frame-src 'self'; script-src 'self'; img-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; style-src 'self'; report-uri https://sentry.io/api/1395065/security/?sentry_key=965f89a263d743a9a46be4d08d5ce75b
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
last-modified
Thu, 05 Oct 2023 12:37:17 GMT
content-encoding
gzip
etag
W/"edf-18affd7a448"
x-download-options
noopen
x-dns-prefetch-control
off
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
accept-ranges
bytes
x-xss-protection
1; mode=block
/
o151972.ingest.sentry.io/api/1217654/security/ 		0
300 B 		Other
General
Check archive.org
Download Go to
Full URL
https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786
Requested by
Host: portal.igbv-online.de
URL: https://portal.igbv-online.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
Content-Type
application/csp-report

Response headers

date
Thu, 12 Oct 2023 02:00:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
portal.igbv-online.de
customer-portal-api.element.in/config/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://customer-portal-api.element.in/config/portal.igbv-online.de
Requested by
Host: portal.igbv-online.de
URL: https://portal.igbv-online.de/assets/index-ce609af6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-25.fra56.r.cloudfront.net
Software
/
Resource Hash
2f3a5597c72700cd00846347e14bed41c36ad9b7e0cd6baa4386c3420d761cd2

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date
Thu, 12 Oct 2023 02:00:57 GMT
content-encoding
gzip
via
1.1 099a327961f82798658bf21aa210d4a0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P7
etag
W/"75a-wbgTVweuqLLSAwZntlopLAupGWg"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
https://portal.igbv-online.de
content-length
1005
apigw-requestid
Mqn2FidYFiAEPeg=
x-amz-cf-id
vT-pn5kyIVsi-hbgaF0thXRzZE1FNbpx1Z73b77QGChWVEpavvLcWw==
logo_header
customer-portal-api.element.in/portal.igbv-online.de/assets/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customer-portal-api.element.in/portal.igbv-online.de/assets/logo_header
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-25.fra56.r.cloudfront.net
Software
/
Resource Hash
8cee66dc770a008697fa2145169f1456c98a8e97914b24c15aed9c3d8e4945ac

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date
Thu, 12 Oct 2023 02:00:58 GMT
via
1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P7
x-cache
Miss from cloudfront
content-type
image/jpeg
x-amz-cf-id
tXUQ-iKsvSXKvFnxr6OEc5OvU4idRnPEnXs17RCt5DLtzn5FfgVC-A==
content-length
22508
apigw-requestid
Mqn2Hgx1FiAEPxA=
webfont.css
portal.igbv-online.de/css/ 		8 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.igbv-online.de/css/webfont.css
Requested by
Host: portal.igbv-online.de
URL: https://portal.igbv-online.de/assets/index-ce609af6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1e6a70ca19df10ee659a7665492a0ad0e554cbe29e1f59fa8bb5f21ad3e04a33
Security Headers
Name Value
Content-Security-Policy object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
Strict-Transport-Security max-age=31556926
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy
object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31556926
date
Thu, 12 Oct 2023 02:00:58 GMT
x-cache
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
776
x-xss-protection
1;mode=block
x-served-by
cache-fra-etou8220030-FRA
referrer-policy
no-referrer
last-modified
Wed, 11 Oct 2023 09:10:11 GMT
x-timer
S1697076058.975348,VS0,VE68
etag
"5ddd01363c3250e6c11f3a47e59494419933acb243f7b9e63d33533590cefa6d-br"
x-frame-options
DENY
vary
x-fh-requested-host, accept-encoding
content-type
text/css; charset=utf-8
cache-control
max-age=3600
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; vr 'none'
accept-ranges
bytes
x-cache-hits
0
hotjar-3337530.js
static.hotjar.com/c/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-3337530.js?sv=6
Requested by
Host: portal.igbv-online.de
URL: https://portal.igbv-online.de/assets/index-ce609af6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-53.fra56.r.cloudfront.net
Software
/
Resource Hash
002ca493b9d51ad3769dffe35d31a31714f392a6ce48077f5861d1d7932aa4cb
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Thu, 12 Oct 2023 02:00:58 GMT
via
1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/c171435e32e4b2cbd20f1e24d8f96403
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
x-amz-cf-id
0X921y1utOfCpQedhsoNEvbgYwk1wiQguNGceo20Jiys5Bex8zOApw==
open-sans-v18-latin-300.woff2
portal.igbv-online.de/fonts/open-sans-v18-latin/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://portal.igbv-online.de/fonts/open-sans-v18-latin/open-sans-v18-latin-300.woff2
Requested by
Host: portal.igbv-online.de
URL: https://portal.igbv-online.de/css/webfont.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f677ee2d82dfb11f08175f673cf3f065b0d5e491b4485e01259a492715c746e2
Security Headers
Name Value
Content-Security-Policy object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
Strict-Transport-Security max-age=31556926
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1;mode=block

Request headers

Referer
Origin
https://portal.igbv-online.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy
object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
strict-transport-security
max-age=31556926
x-content-type-options
nosniff
date
Thu, 12 Oct 2023 02:00:58 GMT
x-cache
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
14932
x-xss-protection
1;mode=block
x-served-by
cache-fra-etou8220030-FRA
referrer-policy
no-referrer
last-modified
Wed, 11 Oct 2023 09:10:11 GMT
x-timer
S1697076058.089490,VS0,VE49
etag
"4a9d463dd3b544e9a6584cf1f164ceb5af30f76e06844d141abe6b0c718f7bc6"
x-frame-options
DENY
vary
x-fh-requested-host, accept-encoding
content-type
font/woff2
cache-control
max-age=3600
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; vr 'none'
accept-ranges
bytes
x-cache-hits
0
open-sans-v18-latin-regular.woff2
portal.igbv-online.de/fonts/open-sans-v18-latin/ 		14 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://portal.igbv-online.de/fonts/open-sans-v18-latin/open-sans-v18-latin-regular.woff2
Requested by
Host: portal.igbv-online.de
URL: https://portal.igbv-online.de/css/webfont.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
Security Headers
Name Value
Content-Security-Policy object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
Strict-Transport-Security max-age=31556926
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1;mode=block

Request headers

Referer
Origin
https://portal.igbv-online.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy
object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
strict-transport-security
max-age=31556926
x-content-type-options
nosniff
date
Thu, 12 Oct 2023 02:00:58 GMT
x-cache
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
14380
x-xss-protection
1;mode=block
x-served-by
cache-fra-etou8220030-FRA
referrer-policy
no-referrer
last-modified
Wed, 11 Oct 2023 09:10:11 GMT
x-timer
S1697076058.090948,VS0,VE61
etag
"6594c0a45953ecfbd169ca6c2d053fbd1f5bf0005fc4a3ea71b4478a354a416b"
x-frame-options
DENY
vary
x-fh-requested-host, accept-encoding
content-type
font/woff2
cache-control
max-age=3600
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; vr 'none'
accept-ranges
bytes
x-cache-hits
0
open-sans-v18-latin-700.woff2
portal.igbv-online.de/fonts/open-sans-v18-latin/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://portal.igbv-online.de/fonts/open-sans-v18-latin/open-sans-v18-latin-700.woff2
Requested by
Host: portal.igbv-online.de
URL: https://portal.igbv-online.de/css/webfont.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
Security Headers
Name Value
Content-Security-Policy object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
Strict-Transport-Security max-age=31556926
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1;mode=block

Request headers

Referer
Origin
https://portal.igbv-online.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

content-security-policy
object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
strict-transport-security
max-age=31556926
x-content-type-options
nosniff
date
Thu, 12 Oct 2023 02:00:58 GMT
x-cache
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
15056
x-xss-protection
1;mode=block
x-served-by
cache-fra-etou8220030-FRA
referrer-policy
no-referrer
last-modified
Wed, 11 Oct 2023 09:10:11 GMT
x-timer
S1697076058.096687,VS0,VE60
etag
"6b19185c10eb80063de50bcaedaa43390e850eb66be5fed9e70e0659f0a3460d"
x-frame-options
DENY
vary
x-fh-requested-host, accept-encoding
content-type
font/woff2
cache-control
max-age=3600
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; vr 'none'
accept-ranges
bytes
x-cache-hits
0
modules.201a312ebf7d4ba5a863.js
script.hotjar.com/ 		226 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.201a312ebf7d4ba5a863.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3337530.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-54.fra56.r.cloudfront.net
Software
/
Resource Hash
6dcb6952adc008e2c353e3200024bd27be736121acccece91802d63850129e6e
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date
Wed, 11 Oct 2023 11:53:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
50872
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56196
last-modified
Wed, 11 Oct 2023 11:53:03 GMT
etag
"2f69fe4aaadab2b83a71e22913f5c92a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
ErZq82xWRLct11rAw4lhnHeVZFVF5-GYDtF8dqu5WIiyt82GJ4UJog==
/
o151972.ingest.sentry.io/api/1217654/security/ Frame 1239 		0
45 B 		Other
General
Check archive.org
Download Go to
Full URL
https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786
Requested by
Host: portal.igbv-online.de
URL: https://portal.igbv-online.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
Content-Type
application/csp-report

Response headers

date
Thu, 12 Oct 2023 02:00:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
3337530
vc.hotjar.io/sessions/ 		0
258 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vc.hotjar.io/sessions/3337530?s=0.25&r=0.036652466672938644
Requested by
Host: portal.igbv-online.de
URL: https://portal.igbv-online.de/assets/index-ce609af6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-79.fra56.r.cloudfront.net
Software
Python/3.8 aiohttp/3.8.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date
Thu, 12 Oct 2023 02:00:58 GMT
via
1.1 da9380f22ff2303fc2fd4652bf7ec7ba.cloudfront.net (CloudFront)
server
Python/3.8 aiohttp/3.8.4
x-amz-cf-pop
FRA56-P5
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-id
DSdkkceeDmhQ3XOnRFspsOQJNca3-7LUHPNNmLftSImrOQdGAZP3zA==

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| ElementInsurance function| parcelRequire function| clearImmediate function| setImmediate object| regeneratorRuntime object| __global__ object| __SENTRY__ function| hj object| _hjSettings string| _scriptPath object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules

5 Cookies

Domain/Path Name / Value
.igbv-online.de/ Name: _hjFirstSeen
Value: 1
.igbv-online.de/ Name: _hjIncludedInSessionSample_3337530
Value: 1
.igbv-online.de/ Name: _hjSession_3337530
Value: eyJpZCI6IjhhMTIzYTUxLTNjMWYtNDY5My1hZmE5LWU4YjM5OGY2YWQ2OSIsImNyZWF0ZWQiOjE2OTcwNzYwNTgzNDUsImluU2FtcGxlIjp0cnVlLCJzZXNzaW9uaXplckJldGFFbmFibGVkIjp0cnVlfQ==
.igbv-online.de/ Name: _hjSessionUser_3337530
Value: eyJpZCI6IjgyMjdiMzZmLTJhZmMtNWVlYi04N2Q0LTAyOTUxNjFhY2U4OCIsImNyZWF0ZWQiOjE2OTcwNzYwNTgzNDQsImV4aXN0aW5nIjp0cnVlfQ==
.igbv-online.de/ Name: _hjAbsoluteSessionInProgress
Value: 1

3 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'vr'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy object-src 'self' blob:; default-src 'self' https://customer-portal-api.element.in https://api.element.in; script-src 'self' https://payments-js.element.in https://region1.google-analytics.com https://ajax.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; connect-src 'self' https://translate.google.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://sandbox-api.element.in https://customer-authentication.element.in https://o151972.ingest.sentry.io https://translate.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://astrea.ihr-versicherungsschutz.de https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net data: https://www.google-analytics.com https://customer-portal-api.element.in https://api.element.in https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://*.hotjar.com; font-src 'self' font https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://astrea.ihr-versicherungsschutz.de https://*.hotjar.com; frame-src https://payments-ui.element.in https://sandbox-payments-ui.element.in https://*.hotjar.com; report-uri https://o151972.ingest.sentry.io/api/1217654/security/?sentry_key=f66fe07aa5ce471f94ef413b86146786;
Strict-Transport-Security max-age=31556926
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1;mode=block