buteco.superbexperience.com Open in urlscan Pro
3.65.155.121 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.restaurangcarbon.se/so/7aOqX8WWN/c?w=nvvlXOiaqb-ZdP3lwMvlV-zff8wPNolRSVuUzK9xNMo.eyJ1IjoiaHR0cHM6Ly9idXRlY28uc3VwZXJ...
Effective URL:
https://buteco.superbexperience.com/reserve/experience
Submission: On January 26 via api (January 26th 2024, 7:54:01 am UTC) from BE — Scanned from SE

Summary HTTP 53 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 6 domains to perform 53 HTTP transactions. The main IP is 3.65.155.121, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is buteco.superbexperience.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on December 30th 2023. Valid for: a year.

This is the only time buteco.superbexperience.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.149.87.45 34.149.87.45	15169 (GOOGLE) (GOOGLE)
1	3.65.155.121 3.65.155.121	16509 (AMAZON-02) (AMAZON-02)
7	2600:9000:236... 2600:9000:236e:8c00:1a:15c6:ac80:93a1	16509 (AMAZON-02) (AMAZON-02)
5	99.86.4.76 99.86.4.76	16509 (AMAZON-02) (AMAZON-02)
24	35.156.138.213 35.156.138.213	16509 (AMAZON-02) (AMAZON-02)
6	54.186.23.98 54.186.23.98	16509 (AMAZON-02) (AMAZON-02)
4	151.101.192.176 151.101.192.176	54113 (FASTLY) (FASTLY)
2	44.239.50.116 44.239.50.116	16509 (AMAZON-02) (AMAZON-02)
3	193.67.130.68 193.67.130.68	200596 (ADYEN) (ADYEN)
1	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
53	9

1 34.149.87.45 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 45.87.149.34.bc.googleusercontent.com

www.restaurangcarbon.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.65.155.121 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-65-155-121.eu-central-1.compute.amazonaws.com

buteco.superbexperience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:236e:8c00:1a:15c6:ac80:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.superbexperience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 99.86.4.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-76.fra6.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 35.156.138.213 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

api-gx.superbexperience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.186.23.98 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-186-23-98.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.192.176 (United States)

ASN54113 (FASTLY, US)

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.239.50.116 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-239-50-116.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 193.67.130.68 (Netherlands)

ASN200596 (ADYEN, NL)

checkoutshopper-live.adyen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	superbexperience.com buteco.superbexperience.com s.superbexperience.com api-gx.superbexperience.com — Cisco Umbrella Rank: 782245	1 MB
13	stripe.com js.stripe.com — Cisco Umbrella Rank: 1227 q.stripe.com — Cisco Umbrella Rank: 7010 m.stripe.com — Cisco Umbrella Rank: 1188	154 KB
4	stripe.network m.stripe.network — Cisco Umbrella Rank: 1315	32 KB
3	adyen.com checkoutshopper-live.adyen.com — Cisco Umbrella Rank: 16623	112 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	50 KB
1	restaurangcarbon.se 1 redirects www.restaurangcarbon.se	536 B
53	6

	Domain	Requested by
24	api-gx.superbexperience.com	s.superbexperience.com
7	s.superbexperience.com	buteco.superbexperience.com s.superbexperience.com
6	q.stripe.com	buteco.superbexperience.com
5	js.stripe.com	buteco.superbexperience.com js.stripe.com
4	m.stripe.network	js.stripe.com m.stripe.network
3	checkoutshopper-live.adyen.com	s.superbexperience.com
2	m.stripe.com	m.stripe.network
1	www.googletagmanager.com	buteco.superbexperience.com
1	buteco.superbexperience.com
1	www.restaurangcarbon.se	1 redirects
53	10

This site contains no links.

Subject Issuer	Validity	Valid
*.superbexperience.com Amazon RSA 2048 M02	`2023-12-30` - `2025-01-27`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-01-02` - `2024-04-04`	3 months	crt.sh
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-12-20` - `2024-03-21`	3 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-22` - `2024-03-21`	3 months	crt.sh
*.adyen.com GeoTrust TLS RSA CA G1	`2024-01-11` - `2025-02-08`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://buteco.superbexperience.com/reserve/experience
Frame ID: 3DAF5F6C0090FA1C65DA8446D1B2096F
Requests: 25 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: E58B5051C6CC91F0EE97EB14FEE9A04F
Requests: 4 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: C8B9E2D3BBF380ABCC90EF9E64C00EA7
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 8B551CEC040CF4847026CEB236F3D8FC
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 15A5CF55B75E637F589004C6C53A0214
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Buteco

Page URL History Show full URLs

https://www.restaurangcarbon.se/so/7aOqX8WWN/c?w=nvvlXOiaqb-ZdP3lwMvlV-zff8wPNolRSVuUzK9xNMo.eyJ1IjoiaHR0cHM... HTTP 302
https://buteco.superbexperience.com/reserve/experience Page URL

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js

Page Statistics

53
Requests

100 %
HTTPS

20 %
IPv6

6
Domains

10
Subdomains

9
IPs

3
Countries

1655 kB
Transfer

5032 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.restaurangcarbon.se/so/7aOqX8WWN/c?w=nvvlXOiaqb-ZdP3lwMvlV-zff8wPNolRSVuUzK9xNMo.eyJ1IjoiaHR0cHM6Ly9idXRlY28uc3VwZXJiZXhwZXJpZW5jZS5jb20vcmVzZXJ2ZS9leHBlcmllbmNlIiwiciI6IjFlYjRiOGE4LTVlMzYtNGQ1OS1hMWYxLTI2YTRhN2M4MDhkYSIsIm0iOiJtYWlsIiwiYyI6IjQxMzA2YzEwLWUxYzAtNGM1OC1iZDI4LWQyZDhlM2MwZTkxZiJ9 HTTP 302
https://buteco.superbexperience.com/reserve/experience Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

53 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request experience Show response
buteco.superbexperience.com/reserve/
Redirect Chain

https://www.restaurangcarbon.se/so/7aOqX8WWN/c?w=nvvlXOiaqb-ZdP3lwMvlV-zff8wPNolRSVuUzK9xNMo.eyJ1IjoiaHR0cHM6Ly9idXRlY28uc3VwZXJiZXhwZXJpZW5jZS5jb20vcmVzZXJ2ZS9leHBlcmllbmNlIiwiciI6IjFlYjRiOGE4LTVl...
https://buteco.superbexperience.com/reserve/experience

4 KB
2 KB

319ms
74ms

Document
text/html

3.65.155.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://buteco.superbexperience.com/reserve/experience
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.65.155.121 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-65-155-121.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: fdacd504cc78f308c4dc30fcf8b54aa78c6930c1bb37107d645e563929c52e2b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: se-SE,se;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 26 Jan 2024 07:53:56 GMT
ETag: W/"65a58011-10a8"
Last-Modified: Mon, 15 Jan 2024 18:57:21 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 26 Jan 2024 07:53:55 GMT
location: https://buteco.superbexperience.com/reserve/experience
server: Pepyaka/1.21.6
strict-transport-security: max-age=300
via: 1.1 google
x-cache: MISS
x-content-type-options: nosniff
x-seen-by: yvSunuo/8ld62ehjr5B7kA==,GilIRCy+Ky2nI9KZaDKzWLxkNjrXdwdgtu6E0yACibU=,m0j2EEknGIVUW/liY8BLLlE5ByQns6DUljTJazv+2SeLmllC79dLg9RqGdr3j4eT,jdDt270t0fniy2BugWKBrU3OE61EDQZeR1plBlOOXk+MjR0PX5S3B0ZSqRcMKgN+eUUncWBa28DjQf5U4+f4eA==,CQVH3DMyEuJG8Mm3rwj60PQsuDEMMsaf//NyJKmz4NQ=,+cKRfFlcw7JiIZkZkOORPl1+M48IUdJHiWp8d5dYGfs=
x-served-by: cache-lcy-eglc8600045-LCY
x-wix-request-id: 1706255635.4544953189616113853

GET
H2 200 2.b8523d03.chunk.css
s.superbexperience.com/static/css/ 150 KB
63 KB 258ms
77ms Stylesheet
text/css 2600:9000:236e:8c00:1a:15c6:ac80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.superbexperience.com/static/css/2.b8523d03.chunk.css
Requested by: Host: buteco.superbexperience.com
URL: https://buteco.superbexperience.com/reserve/experience
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:8c00:1a:15c6:ac80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 79f3798d9b4236dadadef59a0b21152664b861b049ded8daaeeef0db9fcc0808

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://buteco.superbexperience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 07:27:34 GMT
content-encoding: gzip
via: 1.1 fd4a8fa7c304171992e7f22fc8894904.cloudfront.net (CloudFront)
last-modified: Mon, 15 Jan 2024 18:57:18 GMT
x-amz-cf-pop: FRA60-P1
age: 1589
etag: W/"65a5800e-25839"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3600, public, max-age: 3600
access-control-allow-credentials: true
x-amz-cf-id: ZKbGagv1z1EEvMrBtthmGGdOimbBx8iy9v7FpJkqfmzBrE8s_RuY6w==
expires: Fri, 26 Jan 2024 08:27:27 GMT

GET
H2 200 main.5ffe81c7.chunk.css
s.superbexperience.com/static/css/ 140 KB
31 KB 270ms
88ms Stylesheet
text/css 2600:9000:236e:8c00:1a:15c6:ac80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.superbexperience.com/static/css/main.5ffe81c7.chunk.css
Requested by: Host: buteco.superbexperience.com
URL: https://buteco.superbexperience.com/reserve/experience
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:8c00:1a:15c6:ac80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: c12e614a266663a2b447731e32ebc0de6f577619c359586e12a63ef511ca32c1

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://buteco.superbexperience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 07:30:38 GMT
content-encoding: gzip
via: 1.1 fd4a8fa7c304171992e7f22fc8894904.cloudfront.net (CloudFront)
last-modified: Mon, 15 Jan 2024 18:57:18 GMT
x-amz-cf-pop: FRA60-P1
age: 1424
etag: W/"65a5800e-22e4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3600, public, max-age: 3600
access-control-allow-credentials: true
x-amz-cf-id: t27-at_sPf0Ud7LPp8oyOef8D-xsrKG0RDZh5O4Yu_8Fodrv2UVUxw==
expires: Fri, 26 Jan 2024 08:30:12 GMT

GET
H2 200 2.a855d7de.chunk.js Show response
s.superbexperience.com/static/js/ 2 MB
617 KB 318ms
136ms Script
application/javascript 2600:9000:236e:8c00:1a:15c6:ac80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js
Requested by: Host: buteco.superbexperience.com
URL: https://buteco.superbexperience.com/reserve/experience
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:8c00:1a:15c6:ac80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8b69f61fa0038c48555fdf3d2e7dcc84018e17bd720bf50a17fdaf3e190c9442

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://buteco.superbexperience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 07:00:39 GMT
content-encoding: gzip
via: 1.1 fd4a8fa7c304171992e7f22fc8894904.cloudfront.net (CloudFront)
last-modified: Mon, 15 Jan 2024 18:57:18 GMT
x-amz-cf-pop: FRA60-P1
age: 3210
etag: W/"65a5800e-1f57dc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600, public, max-age: 3600
access-control-allow-credentials: true
x-amz-cf-id: GgOLT2KyL9ltCcc-4hjq1ha7bT-pduC4JMtEAMATx0sTuyk8h6ga4w==
expires: Fri, 26 Jan 2024 08:00:26 GMT

GET
H2 200 main.8fd0d6f2.chunk.js Show response
s.superbexperience.com/static/js/ 1 MB
460 KB 394ms
213ms Script
application/javascript 2600:9000:236e:8c00:1a:15c6:ac80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.superbexperience.com/static/js/main.8fd0d6f2.chunk.js
Requested by: Host: buteco.superbexperience.com
URL: https://buteco.superbexperience.com/reserve/experience
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:8c00:1a:15c6:ac80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f0663ce474ec95ed66d605acae8e26e3ca161095c9d4a363bb7bc39df83d5d5b

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://buteco.superbexperience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 07:39:28 GMT
content-encoding: gzip
via: 1.1 fd4a8fa7c304171992e7f22fc8894904.cloudfront.net (CloudFront)
last-modified: Mon, 15 Jan 2024 18:57:18 GMT
x-amz-cf-pop: FRA60-P1
age: 891
etag: W/"65a5800e-13a8bf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600, public, max-age: 3600
access-control-allow-credentials: true
x-amz-cf-id: DgWHQAuQp7Dqi0BoirzdPTcBtQql9vSk6WNjk33T48APnKpykaPpAg==
expires: Fri, 26 Jan 2024 08:39:05 GMT

GET
H2 200 / Show response
js.stripe.com/v3/ 587 KB
145 KB 261ms
84ms Script
text/javascript 99.86.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: buteco.superbexperience.com
URL: https://buteco.superbexperience.com/reserve/experience

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-76.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

2612d016805ef4e96d3bea84c18e7f331fff68410e1bda833b1dfc2dcc980945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://buteco.superbexperience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 07:53:00 GMT
content-encoding: br
via: 1.1 2f0580a0593ad9d3fb82aee9226d8178.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 57
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
last-modified: Thu, 25 Jan 2024 21:44:20 GMT
server: Cloudfront
etag: W/"2fc7302b4db78c940f622b1b563e28b8"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
timing-allow-origin: *
x-amz-cf-id: eO3Ni0tMh6CVL_dq3Wq38y_pbLdBRBL-Ovr0JVKVf0L9BOam27YfWw==

OPTIONS
H2 204 buteco
api-gx.superbexperience.com/restaurant/ Frame 0
0 295ms
107ms Preflight 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/restaurant/buteco

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: client-identifier,utc
Access-Control-Request-Method: GET
Origin: https://buteco.superbexperience.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: client-identifier,utc
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin: https://buteco.superbexperience.com
access-control-allow-private-network: true
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Fri, 26 Jan 2024 07:53:57 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

OPTIONS
H2 204 payment-settings
api-gx.superbexperience.com/restaurant/buteco/ Frame 0
0 294ms
107ms Preflight 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/restaurant/buteco/payment-settings

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: client-identifier,utc
Access-Control-Request-Method: GET
Origin: https://buteco.superbexperience.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: client-identifier,utc
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin: https://buteco.superbexperience.com
access-control-allow-private-network: true
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Fri, 26 Jan 2024 07:53:57 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H2 200 buteco Show response
api-gx.superbexperience.com/restaurant/ 4 KB
4 KB 215ms
76ms XHR
application/json 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/restaurant/buteco

Requested by

Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

85af3a5f1bfa9240c6c0694237a69775992174c402dc55180f7335c8e167eed4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
client-identifier: web-gx
Referer: https://buteco.superbexperience.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
utc: true

Response headers

date: Fri, 26 Jan 2024 07:53:57 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
access-control-allow-private-network: true
x-dns-prefetch-control: off
content-length: 3937
x-xss-protection: 0
x-served-by: superb
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json
access-control-allow-origin: https://buteco.superbexperience.com
x-download-options: noopen
access-control-allow-credentials: true

GET
H2 200 payment-settings Show response
api-gx.superbexperience.com/restaurant/buteco/ 908 B
2 KB 219ms
79ms XHR
application/json 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/restaurant/buteco/payment-settings

Requested by

Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

bff68575494d6a71fa69fb3894d84e9b8cda5bc9484667f2ba357aa76486dd6c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
client-identifier: web-gx
Referer: https://buteco.superbexperience.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
utc: true

Response headers

date: Fri, 26 Jan 2024 07:53:57 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
access-control-allow-private-network: true
x-dns-prefetch-control: off
content-length: 908
x-xss-protection: 0
x-served-by: superb
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json
access-control-allow-origin: https://buteco.superbexperience.com
x-download-options: noopen
access-control-allow-credentials: true

GET
H2 200 CircularStd-Book.ed76eb21.woff
s.superbexperience.com/static/media/ 34 KB
34 KB 215ms
79ms Font
font/woff 2600:9000:236e:8c00:1a:15c6:ac80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.superbexperience.com/static/media/CircularStd-Book.ed76eb21.woff
Requested by: Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/css/main.5ffe81c7.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:8c00:1a:15c6:ac80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: c5d6ace53f93eacfce87c48f1d49c03d2961fa69b7c19af3cdecef70fe52e777

Request headers

Referer: https://s.superbexperience.com/static/css/main.5ffe81c7.chunk.css
Origin: https://buteco.superbexperience.com
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 07:53:57 GMT
via: 1.1 fd4a8fa7c304171992e7f22fc8894904.cloudfront.net (CloudFront)
last-modified: Mon, 15 Jan 2024 18:57:18 GMT
x-amz-cf-pop: FRA60-P1
age: 1905
etag: "65a5800e-87b4"
x-cache: Hit from cloudfront
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=3600, public, max-age: 3600
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 34740
x-amz-cf-id: otxAyzQyUe9z_mQmx8TNf3BQvayExA94XfCQkVJFo6-Owg3H_bQPvA==
expires: Fri, 26 Jan 2024 08:22:12 GMT

GET
H2 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html Show response
js.stripe.com/v3/ Frame E58B 200 B
1 KB 73ms
73ms Document
text/html 99.86.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: buteco.superbexperience.com
URL: https://buteco.superbexperience.com/reserve/experience

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-76.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://buteco.superbexperience.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: se-SE,se;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 896
cache-control: max-age=31536000
content-length: 200
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Fri, 26 Jan 2024 07:39:02 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Fri, 19 Jan 2024 21:19:51 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 2f0580a0593ad9d3fb82aee9226d8178.cloudfront.net (CloudFront)
x-amz-cf-id: 5Jvb_TAohi1n0xDztAqYyMnaMlaed1L1faPuoNbX8X6dyxK5TE9Crw==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html Show response
js.stripe.com/v3/ Frame C8B9 200 B
1 KB 73ms
73ms Document
text/html 99.86.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-76.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://buteco.superbexperience.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: se-SE,se;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 896
cache-control: max-age=31536000
content-length: 200
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Fri, 26 Jan 2024 07:39:02 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Fri, 19 Jan 2024 21:19:51 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 2f0580a0593ad9d3fb82aee9226d8178.cloudfront.net (CloudFront)
x-amz-cf-id: a0Y1Cq-_f8n5ukuS20CQIx3RiLjqdeDDriEBrh6YrLDTn6eC6Kg4oA==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame E58B 526 B
1 KB 73ms
73ms Script
text/javascript 99.86.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-76.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 07:39:02 GMT
via: 1.1 2f0580a0593ad9d3fb82aee9226d8178.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 895
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
content-length: 526
last-modified: Wed, 24 Jan 2024 21:59:18 GMT
server: Cloudfront
etag: "d96c709017743c0759cf3853d1806ba5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: AULc5ySZ0kIRG6lPuETR8f6epchV2ncfyNeaBrZV5_vAlv32HH6mBA==

POST
H2 200 csp-report
q.stripe.com/ Frame E58B 0
718 B 1683ms
834ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: buteco.superbexperience.com
URL: https://buteco.superbexperience.com/reserve/experience

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Fri, 26 Jan 2024 07:53:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1706255638571605
x-envoy-upstream-service-time: 1
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 0
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1706255638571161
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame E58B 0
717 B 2527ms
1678ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: buteco.superbexperience.com
URL: https://buteco.superbexperience.com/reserve/experience

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Fri, 26 Jan 2024 07:53:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1706255639414367
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 0
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1706255639413635
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame C8B9 526 B
1 KB 74ms
74ms Script
text/javascript 99.86.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-76.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 07:39:02 GMT
via: 1.1 2f0580a0593ad9d3fb82aee9226d8178.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 895
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
content-length: 526
last-modified: Wed, 24 Jan 2024 21:59:18 GMT
server: Cloudfront
etag: "d96c709017743c0759cf3853d1806ba5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: mAUpoUl5CfL6NXElVVqCWOVVJ7bSLyoY4QAEwo8GyYnIQVSayC5Y2w==

POST
H2 200 csp-report
q.stripe.com/ Frame C8B9 0
717 B 2524ms
1686ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: buteco.superbexperience.com
URL: https://buteco.superbexperience.com/reserve/experience

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Fri, 26 Jan 2024 07:53:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1706255639413982
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 1
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1706255639413630
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame C8B9 0
717 B 2517ms
1679ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: buteco.superbexperience.com
URL: https://buteco.superbexperience.com/reserve/experience

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Fri, 26 Jan 2024 07:53:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1706255639413943
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 1
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1706255639413649
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 8B55 930 B
636 B 123ms
36ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: se-SE,se;q=0.9

Response headers

accept-ranges: bytes
age: 252
cache-control: max-age=300, public
content-encoding: br
content-length: 540
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Fri, 26 Jan 2024 07:53:57 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 130
x-content-type-options: nosniff
x-request-id: b51a6912-17e4-4bbe-8929-99cd0ea7a176
x-served-by: cache-bma1632-BMA
x-timer: S1706255637.233423,VS0,VE0

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 15A5 930 B
1 KB 109ms
35ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: se-SE,se;q=0.9

Response headers

accept-ranges: bytes
age: 252
cache-control: max-age=300, public
content-encoding: br
content-length: 540
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Fri, 26 Jan 2024 07:53:57 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 129
x-content-type-options: nosniff
x-request-id: 9f21ba32-861a-4d31-8097-87e6cec26bbe
x-served-by: cache-bma1632-BMA
x-timer: S1706255637.233196,VS0,VE0

POST
H2 200 csp-report
q.stripe.com/ Frame 15A5 0
491 B 2344ms
1693ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: buteco.superbexperience.com
URL: https://buteco.superbexperience.com/reserve/experience

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Fri, 26 Jan 2024 07:53:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1706255639414590
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
x-stripe-server-envoy-upstream-service-time-ms: 1
x-stripe-client-envoy-start-time-us: 1706255639413654
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
expires: 0

GET
H2 200 out-4.5.43.js Show response
m.stripe.network/ Frame 15A5 87 KB
15 KB 35ms
35ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.43.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Fri, 26 Jan 2024 07:53:57 GMT
x-content-type-options: nosniff
content-encoding: br
via: 1.1 varnish
age: 291
x-cache: HIT
content-length: 15509
x-request-id: ebca3eff-fcbc-4cf6-9f4b-1dbc8a6fbd2f
x-served-by: cache-bma1632-BMA
server: Fastly
x-timer: S1706255637.271636,VS0,VE0
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
accept-ranges: bytes
x-cache-hits: 147

POST
H2 200 csp-report
q.stripe.com/ Frame 8B55 0
491 B 2343ms
1694ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: buteco.superbexperience.com
URL: https://buteco.superbexperience.com/reserve/experience

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Fri, 26 Jan 2024 07:53:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1706255639414261
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
x-stripe-server-envoy-upstream-service-time-ms: 1
x-stripe-client-envoy-start-time-us: 1706255639413641
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
expires: 0

GET
H2 200 out-4.5.43.js Show response
m.stripe.network/ Frame 8B55 87 KB
15 KB 40ms
40ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.43.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Fri, 26 Jan 2024 07:53:57 GMT
x-content-type-options: nosniff
content-encoding: br
via: 1.1 varnish
age: 291
x-cache: HIT
content-length: 15509
x-request-id: 20af5190-cb6a-4bd4-b14c-6851d024226f
x-served-by: cache-bma1632-BMA
server: Fastly
x-timer: S1706255637.273668,VS0,VE0
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
accept-ranges: bytes
x-cache-hits: 148

POST
H2 200 6 Show response
m.stripe.com/ Frame 15A5 156 B
669 B 1717ms
881ms XHR
application/json 44.239.50.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.239.50.116 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-239-50-116.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

b27c26c90a1f33a898347ddbf10f949523ed9077a44e09c72c5e599ba15cd316

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Fri, 26 Jan 2024 07:53:58 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1706255638885473
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 2
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1706255638885296
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

POST
H2 200 6 Show response
m.stripe.com/ Frame 8B55 156 B
670 B 1659ms
835ms XHR
application/json 44.239.50.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.239.50.116 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-239-50-116.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

932e5c2f55748b99147bc8cc74f20d3ef449353b3af8c72b9afa5479137b812c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Fri, 26 Jan 2024 07:53:58 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1706255638839495
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 1
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1706255638838864
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

GET
H2 200 features Show response
api-gx.superbexperience.com/ 2 KB
2 KB 72ms
72ms XHR
application/json 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/features?restaurantId=6347c9b161ec1b001397d372

Requested by

Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

c9754140ecbb8bc6326be10ae2d7f62197654f9737c7c5dfe37460c906573d95

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
client-identifier: web-gx
Referer: https://buteco.superbexperience.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
utc: true

Response headers

date: Fri, 26 Jan 2024 07:53:57 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
access-control-allow-private-network: true
x-dns-prefetch-control: off
content-length: 1818
x-xss-protection: 0
x-served-by: superb
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json
access-control-allow-origin: https://buteco.superbexperience.com
x-download-options: noopen
access-control-allow-credentials: true

OPTIONS
H2 204 features
api-gx.superbexperience.com/ Frame 0
0 74ms
74ms Preflight 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/features?restaurantId=6347c9b161ec1b001397d372

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: client-identifier,utc
Access-Control-Request-Method: GET
Origin: https://buteco.superbexperience.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: client-identifier,utc
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin: https://buteco.superbexperience.com
access-control-allow-private-network: true
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Fri, 26 Jan 2024 07:53:57 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H/1.1 200 adyen.css
checkoutshopper-live.adyen.com/checkoutshopper/sdk/3.8.0/ 48 KB
9 KB 206ms
67ms Stylesheet
text/css 193.67.130.68
ADYEN

General

Check archive.org

Show headers Download Go to

Full URL: https://checkoutshopper-live.adyen.com/checkoutshopper/sdk/3.8.0/adyen.css
Requested by: Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 193.67.130.68 , Netherlands, ASN200596 (ADYEN, NL),
Reverse DNS
Software: /
Resource Hash: f388ff77afb92793c031a2cdc920dad272234bd513929d6f442f53aae16bda9a

Request headers

Referer: https://buteco.superbexperience.com/
Origin: https://buteco.superbexperience.com
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Fri, 26 Jan 2024 07:53:57 GMT
content-encoding: gzip
traceparent: 00-b7f1361db0bf2a9b866842ed67b91742-8d9388eb5561452a-01
Transfer-Encoding: chunked
Content-Type: text/css;charset=UTF8
access-control-allow-origin: *
Cache-Control: max-age=600
cross-origin-resource-policy: cross-origin

GET
H/1.1 200 checkoutSecuredFields.1.3.0.min.js Show response
checkoutshopper-live.adyen.com/checkoutshopper/assets/js/sdk/ 15 KB
6 KB 219ms
72ms Script
text/javascript 193.67.130.68
ADYEN

General

Check archive.org

Show headers Download Go to

Full URL: https://checkoutshopper-live.adyen.com/checkoutshopper/assets/js/sdk/checkoutSecuredFields.1.3.0.min.js
Requested by: Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 193.67.130.68 , Netherlands, ASN200596 (ADYEN, NL),
Reverse DNS
Software: /
Resource Hash: db4e7bc52a8f421e6937bd8bcf3c9d867bc7fdf0bf1da018007928978eb108f4

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://buteco.superbexperience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Fri, 26 Jan 2024 07:53:56 GMT
Cache-Control: max-age=600
content-encoding: gzip
cross-origin-resource-policy: cross-origin
traceparent: 00-ecd0b4df5ab0c79d7ff7a414ebf964e9-81e8440ca1d95fcf-01
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=UTF8

GET
H/1.1 200 adyen.js Show response
checkoutshopper-live.adyen.com/checkoutshopper/sdk/3.8.0/ 393 KB
98 KB 294ms
148ms Script
text/javascript 193.67.130.68
ADYEN

General

Check archive.org

Show headers Download Go to

Full URL: https://checkoutshopper-live.adyen.com/checkoutshopper/sdk/3.8.0/adyen.js
Requested by: Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 193.67.130.68 , Netherlands, ASN200596 (ADYEN, NL),
Reverse DNS
Software: /
Resource Hash: 0d6e8bced7dcdb5838dc874c944ac9a1a25d1fd44f1d4083d2b4808bcf73c12b

Request headers

Referer: https://buteco.superbexperience.com/
Origin: https://buteco.superbexperience.com
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Fri, 26 Jan 2024 07:53:56 GMT
content-encoding: gzip
traceparent: 00-23e7af29cd257632bbecc206254a7b2e-e4e0be3837702a78-01
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=UTF8
access-control-allow-origin: *
Cache-Control: max-age=600
cross-origin-resource-policy: cross-origin

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 130 KB
50 KB 221ms
80ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W8V8TSZW&l=BookingInfo&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Requested by

Host: buteco.superbexperience.com
URL: https://buteco.superbexperience.com/reserve/experience

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3f354f6f20e60290dc17885131dd921b23ed765f297410aab06f271e184a5c79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://buteco.superbexperience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 07:53:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50850
x-xss-protection: 0
last-modified: Fri, 26 Jan 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 26 Jan 2024 07:53:57 GMT

OPTIONS
H2 204 meal
api-gx.superbexperience.com/ Frame 0
0 74ms
74ms Preflight 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/meal?restaurant=6347c9b161ec1b001397d372&sort=order

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: client-identifier,utc
Access-Control-Request-Method: GET
Origin: https://buteco.superbexperience.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: client-identifier,utc
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin: https://buteco.superbexperience.com
access-control-allow-private-network: true
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Fri, 26 Jan 2024 07:53:58 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

OPTIONS
H2 204 content
api-gx.superbexperience.com/ Frame 0
0 74ms
74ms Preflight 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/content?type=booking_flow&restaurant=6347c9b161ec1b001397d372

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: client-identifier,utc
Access-Control-Request-Method: GET
Origin: https://buteco.superbexperience.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: client-identifier,utc
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin: https://buteco.superbexperience.com
access-control-allow-private-network: true
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Fri, 26 Jan 2024 07:53:58 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

OPTIONS
H2 204 experience
api-gx.superbexperience.com/ Frame 0
0 75ms
75ms Preflight 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/experience?restaurant=6347c9b161ec1b001397d372&q=%7B%22active%22:true,%22deleted%22:false,%22private%22:true%7D&sort=order+_id

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: client-identifier,utc
Access-Control-Request-Method: GET
Origin: https://buteco.superbexperience.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: client-identifier,utc
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin: https://buteco.superbexperience.com
access-control-allow-private-network: true
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Fri, 26 Jan 2024 07:53:58 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

OPTIONS
H2 204 check-login
api-gx.superbexperience.com/ Frame 0
0 742ms
742ms Preflight 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/check-login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: client-identifier,utc
Access-Control-Request-Method: GET
Origin: https://buteco.superbexperience.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: client-identifier,utc
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin: https://buteco.superbexperience.com
access-control-allow-private-network: true
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Fri, 26 Jan 2024 07:53:59 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

OPTIONS
H2 204 guests
api-gx.superbexperience.com/availability/ Frame 0
0 259ms
259ms Preflight 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/availability/guests?restaurant=6347c9b161ec1b001397d372

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: client-identifier,utc
Access-Control-Request-Method: GET
Origin: https://buteco.superbexperience.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: client-identifier,utc
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin: https://buteco.superbexperience.com
access-control-allow-private-network: true
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Fri, 26 Jan 2024 07:53:58 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

OPTIONS
H2 204 dish
api-gx.superbexperience.com/ Frame 0
0 74ms
74ms Preflight 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/dish?restaurant=6347c9b161ec1b001397d372&q=%7B%22active%22:true,%22deleted%22:false,%22$or%22:[%7B%22experiences%22:[]%7D]%7D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: client-identifier,utc
Access-Control-Request-Method: GET
Origin: https://buteco.superbexperience.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: client-identifier,utc
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin: https://buteco.superbexperience.com
access-control-allow-private-network: true
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Fri, 26 Jan 2024 07:53:58 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H2 200 meal Show response
api-gx.superbexperience.com/ 230 B
870 B 77ms
75ms XHR
application/json 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/meal?restaurant=6347c9b161ec1b001397d372&sort=order

Requested by

Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

539eab260c7aed2b00d3c20f01d9878d49117bd717eb88de01b6082d5ecfe18d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
client-identifier: web-gx
Referer: https://buteco.superbexperience.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
utc: true

Response headers

date: Fri, 26 Jan 2024 07:53:58 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
access-control-allow-private-network: true
x-dns-prefetch-control: off
content-length: 230
x-xss-protection: 0
x-served-by: superb
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json
access-control-allow-origin: https://buteco.superbexperience.com
x-download-options: noopen
access-control-allow-credentials: true

GET
H2 200 content Show response
api-gx.superbexperience.com/ 766 B
1 KB 80ms
79ms XHR
application/json 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/content?type=booking_flow&restaurant=6347c9b161ec1b001397d372

Requested by

Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

44a5c3e53fcbeae22e4be24b4537fae1b64066510ba5d46f86ade5ab1f968448

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
client-identifier: web-gx
Referer: https://buteco.superbexperience.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
utc: true

Response headers

date: Fri, 26 Jan 2024 07:53:58 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
access-control-allow-private-network: true
x-dns-prefetch-control: off
content-length: 766
x-xss-protection: 0
x-served-by: superb
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json
access-control-allow-origin: https://buteco.superbexperience.com
x-download-options: noopen
access-control-allow-credentials: true

GET
H2 200 experience Show response
api-gx.superbexperience.com/ 1 KB
2 KB 80ms
80ms XHR
application/json 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/experience?restaurant=6347c9b161ec1b001397d372&q=%7B%22active%22:true,%22deleted%22:false,%22private%22:true%7D&sort=order+_id

Requested by

Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

641a08f44670322e0b6a78e38b461006c9b3e093e1bf7e3e91477186aa6a1082

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
client-identifier: web-gx
Referer: https://buteco.superbexperience.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
utc: true

Response headers

date: Fri, 26 Jan 2024 07:53:58 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
access-control-allow-private-network: true
x-dns-prefetch-control: off
content-length: 1385
x-xss-protection: 0
x-served-by: superb
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json
access-control-allow-origin: https://buteco.superbexperience.com
x-download-options: noopen
access-control-allow-credentials: true

GET
H2 401 check-login Show response
api-gx.superbexperience.com/ 66 B
720 B 72ms
72ms XHR
application/json 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/check-login

Requested by

Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

44040ff8e4eae235dfa45407956e41da1d0841c3765b779217de64c69cdcd3d5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
client-identifier: web-gx
Referer: https://buteco.superbexperience.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
utc: true

Response headers

date: Fri, 26 Jan 2024 07:53:59 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
access-control-allow-private-network: true
x-dns-prefetch-control: off
content-length: 66
x-xss-protection: 0
x-served-by: superb
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://buteco.superbexperience.com
x-download-options: noopen
access-control-allow-credentials: true

GET
H2 200 guests Show response
api-gx.superbexperience.com/availability/ 41 B
680 B 88ms
88ms XHR
application/json 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/availability/guests?restaurant=6347c9b161ec1b001397d372

Requested by

Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

4d7850a4e5c940b19e7e01e130895d429f2653081374103344f3d848b3f00b94

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
client-identifier: web-gx
Referer: https://buteco.superbexperience.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
utc: true

Response headers

date: Fri, 26 Jan 2024 07:53:58 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
access-control-allow-private-network: true
x-dns-prefetch-control: off
content-length: 41
x-xss-protection: 0
x-served-by: superb
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json
access-control-allow-origin: https://buteco.superbexperience.com
x-download-options: noopen
access-control-allow-credentials: true

GET
H2 200 dish Show response
api-gx.superbexperience.com/ 26 B
665 B 78ms
77ms XHR
application/json 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/dish?restaurant=6347c9b161ec1b001397d372&q=%7B%22active%22:true,%22deleted%22:false,%22$or%22:[%7B%22experiences%22:[]%7D]%7D

Requested by

Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

b35b9264b97e135fed319953849ce5e95241f2e836f10e9a73bb7c9689113dba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
client-identifier: web-gx
Referer: https://buteco.superbexperience.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
utc: true

Response headers

date: Fri, 26 Jan 2024 07:53:58 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
access-control-allow-private-network: true
x-dns-prefetch-control: off
content-length: 26
x-xss-protection: 0
x-served-by: superb
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json
access-control-allow-origin: https://buteco.superbexperience.com
x-download-options: noopen
access-control-allow-credentials: true

GET
H2 200 CircularStd-Medium.bb9a359a.woff
s.superbexperience.com/static/media/ 41 KB
41 KB 79ms
79ms Font
font/woff 2600:9000:236e:8c00:1a:15c6:ac80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.superbexperience.com/static/media/CircularStd-Medium.bb9a359a.woff
Requested by: Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/css/main.5ffe81c7.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:8c00:1a:15c6:ac80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 6e284f7fc745830773d503970185e9f1e62b8554744b7d7488f683a09188d2b3

Request headers

Referer: https://s.superbexperience.com/static/css/main.5ffe81c7.chunk.css
Origin: https://buteco.superbexperience.com
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 07:53:58 GMT
via: 1.1 fd4a8fa7c304171992e7f22fc8894904.cloudfront.net (CloudFront)
last-modified: Mon, 15 Jan 2024 18:57:18 GMT
x-amz-cf-pop: FRA60-P1
age: 1906
etag: "65a5800e-a360"
x-cache: Hit from cloudfront
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=3600, public, max-age: 3600
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 41824
x-amz-cf-id: ec5O8vx7k4IsXnSH_Dy0btAXAhmCkxVJXD5gjNLVAQjv_auLwaC4qQ==
expires: Fri, 26 Jan 2024 08:22:12 GMT

GET
H2 200 CircularStd-Bold.1ced22ee.woff
s.superbexperience.com/static/media/ 41 KB
42 KB 106ms
106ms Font
font/woff 2600:9000:236e:8c00:1a:15c6:ac80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.superbexperience.com/static/media/CircularStd-Bold.1ced22ee.woff
Requested by: Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/css/main.5ffe81c7.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:8c00:1a:15c6:ac80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8c5ad68e3f7b8e03f786831956c442002e87015ec38103ec855981c23e6d685c

Request headers

Referer: https://s.superbexperience.com/static/css/main.5ffe81c7.chunk.css
Origin: https://buteco.superbexperience.com
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 07:53:58 GMT
via: 1.1 fd4a8fa7c304171992e7f22fc8894904.cloudfront.net (CloudFront)
last-modified: Mon, 15 Jan 2024 18:57:18 GMT
x-amz-cf-pop: FRA60-P1
age: 1904
etag: "65a5800e-a59c"
x-cache: Hit from cloudfront
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=3600, public, max-age: 3600
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 42396
x-amz-cf-id: hnAIFlYBkoOdqsezLPYYNtEIadfnCJkENZF7059QH9sVOVeVR9hcWQ==
expires: Fri, 26 Jan 2024 08:22:14 GMT

OPTIONS
H2 204 guests
api-gx.superbexperience.com/availability/ Frame 0
0 74ms
74ms Preflight 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/availability/guests?restaurant=6347c9b161ec1b001397d372&experience=6347d6ccfcaa5a00134d13dc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: client-identifier,utc
Access-Control-Request-Method: GET
Origin: https://buteco.superbexperience.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: client-identifier,utc
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin: https://buteco.superbexperience.com
access-control-allow-private-network: true
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Fri, 26 Jan 2024 07:53:58 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

OPTIONS
H2 204 guests
api-gx.superbexperience.com/availability/ Frame 0
0 74ms
74ms Preflight 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/availability/guests?restaurant=6347c9b161ec1b001397d372&experience=6347d6ea72d1220014919254

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: client-identifier,utc
Access-Control-Request-Method: GET
Origin: https://buteco.superbexperience.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: client-identifier,utc
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin: https://buteco.superbexperience.com
access-control-allow-private-network: true
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Fri, 26 Jan 2024 07:53:58 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H2 200 guests Show response
api-gx.superbexperience.com/availability/ 41 B
680 B 868ms
867ms XHR
application/json 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/availability/guests?restaurant=6347c9b161ec1b001397d372&experience=6347d6ccfcaa5a00134d13dc

Requested by

Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

4d35ee62244c04b958f4e0bab32affee775a2212cdc92a7eff705b19ce195606

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
client-identifier: web-gx
Referer: https://buteco.superbexperience.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
utc: true

Response headers

date: Fri, 26 Jan 2024 07:53:59 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
access-control-allow-private-network: true
x-dns-prefetch-control: off
content-length: 41
x-xss-protection: 0
x-served-by: superb
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json
access-control-allow-origin: https://buteco.superbexperience.com
x-download-options: noopen
access-control-allow-credentials: true

OPTIONS
H2 204 guests
api-gx.superbexperience.com/availability/ Frame 0
0 75ms
75ms Preflight 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/availability/guests?restaurant=6347c9b161ec1b001397d372&experience=65b0ec56b4b3dc001caa145c

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: client-identifier,utc
Access-Control-Request-Method: GET
Origin: https://buteco.superbexperience.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: client-identifier,utc
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin: https://buteco.superbexperience.com
access-control-allow-private-network: true
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Fri, 26 Jan 2024 07:53:58 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H2 200 guests Show response
api-gx.superbexperience.com/availability/ 41 B
680 B 97ms
96ms XHR
application/json 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/availability/guests?restaurant=6347c9b161ec1b001397d372&experience=6347d6ea72d1220014919254

Requested by

Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

4d35ee62244c04b958f4e0bab32affee775a2212cdc92a7eff705b19ce195606

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
client-identifier: web-gx
Referer: https://buteco.superbexperience.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
utc: true

Response headers

date: Fri, 26 Jan 2024 07:53:58 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
access-control-allow-private-network: true
x-dns-prefetch-control: off
content-length: 41
x-xss-protection: 0
x-served-by: superb
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json
access-control-allow-origin: https://buteco.superbexperience.com
x-download-options: noopen
access-control-allow-credentials: true

GET
H2 200 guests Show response
api-gx.superbexperience.com/availability/ 41 B
680 B 1094ms
1094ms XHR
application/json 35.156.138.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-gx.superbexperience.com/availability/guests?restaurant=6347c9b161ec1b001397d372&experience=65b0ec56b4b3dc001caa145c

Requested by

Host: s.superbexperience.com
URL: https://s.superbexperience.com/static/js/2.a855d7de.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.138.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-156-138-213.eu-central-1.compute.amazonaws.com

Software

Resource Hash

ae85bd7c6fbf0b944f93ed70cdf62e97ce4c2775a5733b422af9cd02da1bd0b3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
client-identifier: web-gx
Referer: https://buteco.superbexperience.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
utc: true

Response headers

date: Fri, 26 Jan 2024 07:53:59 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
access-control-allow-private-network: true
x-dns-prefetch-control: off
content-length: 41
x-xss-protection: 0
x-served-by: superb
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json
access-control-allow-origin: https://buteco.superbexperience.com
x-download-options: noopen
access-control-allow-credentials: true

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.buteco.superbexperience.com/	1970-01-21 02:43:11	Name: __stripe_mid Value: ca653996-b3a5-48cb-8703-dabe9d4400e09ff9bb
.buteco.superbexperience.com/	1970-01-20 17:57:37	Name: __stripe_sid Value: e71cfeb0-3e4e-46b6-98e8-a698d849fba06a58d3
m.stripe.com/	1970-01-21 03:33:35	Name: m Value: 1daab057-8a60-47bd-8891-d9c76b68270df1c8e9
buteco.superbexperience.com/	1970-01-20 17:57:36	Name: _dd_s Value: logs=0&expire=1706256536966

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
network	error	URL: https://api-gx.superbexperience.com/check-login Message: Failed to load resource: the server responded with a status of 401 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-gx.superbexperience.com
buteco.superbexperience.com
checkoutshopper-live.adyen.com
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com
s.superbexperience.com
www.googletagmanager.com
www.restaurangcarbon.se
151.101.192.176
193.67.130.68
2600:9000:236e:8c00:1a:15c6:ac80:93a1
2a00:1450:4001:810::2008
3.65.155.121
34.149.87.45
35.156.138.213
44.239.50.116
54.186.23.98
99.86.4.76
0d6e8bced7dcdb5838dc874c944ac9a1a25d1fd44f1d4083d2b4808bcf73c12b
2612d016805ef4e96d3bea84c18e7f331fff68410e1bda833b1dfc2dcc980945
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
3f354f6f20e60290dc17885131dd921b23ed765f297410aab06f271e184a5c79
44040ff8e4eae235dfa45407956e41da1d0841c3765b779217de64c69cdcd3d5
44a5c3e53fcbeae22e4be24b4537fae1b64066510ba5d46f86ade5ab1f968448
4d35ee62244c04b958f4e0bab32affee775a2212cdc92a7eff705b19ce195606
4d7850a4e5c940b19e7e01e130895d429f2653081374103344f3d848b3f00b94
539eab260c7aed2b00d3c20f01d9878d49117bd717eb88de01b6082d5ecfe18d
641a08f44670322e0b6a78e38b461006c9b3e093e1bf7e3e91477186aa6a1082
6e284f7fc745830773d503970185e9f1e62b8554744b7d7488f683a09188d2b3
79f3798d9b4236dadadef59a0b21152664b861b049ded8daaeeef0db9fcc0808
85af3a5f1bfa9240c6c0694237a69775992174c402dc55180f7335c8e167eed4
8b69f61fa0038c48555fdf3d2e7dcc84018e17bd720bf50a17fdaf3e190c9442
8c5ad68e3f7b8e03f786831956c442002e87015ec38103ec855981c23e6d685c
932e5c2f55748b99147bc8cc74f20d3ef449353b3af8c72b9afa5479137b812c
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
ae85bd7c6fbf0b944f93ed70cdf62e97ce4c2775a5733b422af9cd02da1bd0b3
b27c26c90a1f33a898347ddbf10f949523ed9077a44e09c72c5e599ba15cd316
b35b9264b97e135fed319953849ce5e95241f2e836f10e9a73bb7c9689113dba
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
bff68575494d6a71fa69fb3894d84e9b8cda5bc9484667f2ba357aa76486dd6c
c12e614a266663a2b447731e32ebc0de6f577619c359586e12a63ef511ca32c1
c5d6ace53f93eacfce87c48f1d49c03d2961fa69b7c19af3cdecef70fe52e777
c9754140ecbb8bc6326be10ae2d7f62197654f9737c7c5dfe37460c906573d95
db4e7bc52a8f421e6937bd8bcf3c9d867bc7fdf0bf1da018007928978eb108f4
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0663ce474ec95ed66d605acae8e26e3ca161095c9d4a363bb7bc39df83d5d5b
f388ff77afb92793c031a2cdc920dad272234bd513929d6f442f53aae16bda9a
fdacd504cc78f308c4dc30fcf8b54aa78c6930c1bb37107d645e563929c52e2b

buteco.superbexperience.com Open in urlscan Pro 3.65.155.121 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

53 Requests

100 %HTTPS

20 %IPv6

6 Domains

10 Subdomains

9 IPs

3 Countries

1655 kBTransfer

5032 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

53 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

buteco.superbexperience.com Open in urlscan Pro
3.65.155.121 Public Scan

Screenshot
Live screenshot

Full Image

53
Requests

100 %
HTTPS

20 %
IPv6

6
Domains

10
Subdomains

9
IPs

3
Countries

1655 kB
Transfer

5032 kB
Size

4
Cookies

53 HTTP transactions
0 data transactions