urlscan.io logo urlscan.io
SecurityTrails logo

basel-print.secure.roche.com Open in urlscan Pro
2606:4700::6811:5434  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://basel-print.secure.roche.com/
Effective URL: https://basel-print.secure.roche.com/de/
Submission: On March 22 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 2606:4700::6811:5434, located in United States and belongs to CLOUDFLARENET, US. The main domain is basel-print.secure.roche.com.
TLS certificate: Issued by E1 on March 22nd 2024. Valid for: 3 months.
This is the only time basel-print.secure.roche.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 9 2606:4700::68... 13335 (CLOUDFLAR...)
9 2
Apex Domain
Subdomains		 Transfer
9 roche.com
basel-print.secure.roche.com
121 KB
0 cloudflareinsights.com Failed
static.cloudflareinsights.com Failed
9 2
Domain Requested by
9 basel-print.secure.roche.com 1 redirects basel-print.secure.roche.com
0 static.cloudflareinsights.com Failed basel-print.secure.roche.com
9 2

This site contains no links.

Subject Issuer Validity Valid
basel-print.secure.roche.com
E1		 2024-03-22 -
2024-06-20		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://basel-print.secure.roche.com/de/
Frame ID: 04F6ED5CAF35C57C9C29515E41199349
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

MyQ - Anmeldung

Page URL History Show full URLs

  1. https://basel-print.secure.roche.com/ HTTP 302
    https://basel-print.secure.roche.com/de/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:prototype|protoaculous)(?:-([\d.]*[\d]))?.*\.js

Page Statistics

9
Requests

89 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

117 kB
Transfer

326 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://basel-print.secure.roche.com/ HTTP 302
    https://basel-print.secure.roche.com/de/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
basel-print.secure.roche.com/de/
Redirect Chain
  • https://basel-print.secure.roche.com/
  • https://basel-print.secure.roche.com/de/
19 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://basel-print.secure.roche.com/de/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:5434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff4043c3f62bda07ca636dea157cdcc5f7ec9b14f63d4849547949e096e7cc40
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
86854d542f7b35fd-FRA
content-encoding
br
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com
content-type
text/html; charset=utf-8
date
Fri, 22 Mar 2024 09:54:44 GMT
expect-staple
max-age=86400; includeSubDomains
feature-policy
layout-animations *; legacy-image-formats *; oversized-images *; sync-xhr *; unoptimized-images *; unsized-media *; accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; execution-while-not-rendered 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
last-modified
Fri, 22 Mar 2024 09:54:44 GMT
link
</www/css/166/css37554218ba5fb6dd7e17ac1bea4594ddef91c10ca7a397f52c8a70365db7c23a.css>; rel=preload; as=style, </www/js/251/js55ecd6ec3b95ca131314ad51ddc9f160ef91c10ca7a397f52c8a70365db7c23a.js>; rel=preload; as=script
nel
{"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
permissions-policy
layout-animations=*, legacy-image-formats=*, oversized-images=*, sync-xhr=*, unoptimized-images=*, unsized-media=*, accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), execution-while-not-rendered=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=()
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
86854d52fdc435fd-FRA
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com
content-type
text/html; charset=UTF-8
date
Fri, 22 Mar 2024 09:54:44 GMT
expect-staple
max-age=86400; includeSubDomains
feature-policy
layout-animations *; legacy-image-formats *; oversized-images *; sync-xhr *; unoptimized-images *; unsized-media *; accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; execution-while-not-rendered 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
last-modified
Fri, 22 Mar 2024 09:54:44 GMT
location
https://basel-print.secure.roche.com/de/
nel
{"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
permissions-policy
layout-animations=*, legacy-image-formats=*, oversized-images=*, sync-xhr=*, unoptimized-images=*, unsized-media=*, accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), execution-while-not-rendered=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=()
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
css37554218ba5fb6dd7e17ac1bea4594ddef91c10ca7a397f52c8a70365db7c23a.css
basel-print.secure.roche.com/www/css/166/ 		25 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://basel-print.secure.roche.com/www/css/166/css37554218ba5fb6dd7e17ac1bea4594ddef91c10ca7a397f52c8a70365db7c23a.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:5434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1c527bf6d666fd4d2fdff62538c0aea82dad5b867b109fa4d902eefdac2b054
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://basel-print.secure.roche.com/de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 09:54:44 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 22 Mar 2024 09:51:03 GMT
server
cloudflare
etag
W/"6577-6143cc3121088-gzip"
vary
Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
text/css
x-frame-options
SAMEORIGIN
expect-staple
max-age=86400; includeSubDomains
feature-policy
layout-animations *; legacy-image-formats *; oversized-images *; sync-xhr *; unoptimized-images *; unsized-media *; accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; execution-while-not-rendered 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
permissions-policy
layout-animations=*, legacy-image-formats=*, oversized-images=*, sync-xhr=*, unoptimized-images=*, unsized-media=*, accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), execution-while-not-rendered=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=()
cf-ray
86854d55a97c35fd-FRA
js55ecd6ec3b95ca131314ad51ddc9f160ef91c10ca7a397f52c8a70365db7c23a.js
basel-print.secure.roche.com/www/js/251/ 		143 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://basel-print.secure.roche.com/www/js/251/js55ecd6ec3b95ca131314ad51ddc9f160ef91c10ca7a397f52c8a70365db7c23a.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:5434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59c170c24545d841b770e1b3b16ec383a2583b1566b77561d6eafcacbd026e9b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://basel-print.secure.roche.com/de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 09:54:44 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 22 Mar 2024 09:51:03 GMT
server
cloudflare
etag
W/"23d8e-6143cc31281d0-gzip"
vary
Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript
x-frame-options
SAMEORIGIN
expect-staple
max-age=86400; includeSubDomains
feature-policy
layout-animations *; legacy-image-formats *; oversized-images *; sync-xhr *; unoptimized-images *; unsized-media *; accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; execution-while-not-rendered 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
permissions-policy
layout-animations=*, legacy-image-formats=*, oversized-images=*, sync-xhr=*, unoptimized-images=*, unsized-media=*, accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), execution-while-not-rendered=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=()
cf-ray
86854d55a98135fd-FRA
prototype.js
basel-print.secure.roche.com/Wsf/Web/js/ 		135 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://basel-print.secure.roche.com/Wsf/Web/js/prototype.js
Requested by
Host: basel-print.secure.roche.com
URL: https://basel-print.secure.roche.com/de/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:5434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2d5aaaa8a0c2400ee442dd5e000200a7e52335793d346e053ba1c1f9216b79c
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://basel-print.secure.roche.com/de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 09:54:44 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 15 Feb 2024 08:25:30 GMT
server
cloudflare
etag
W/"21ce3-611675ecc1280-gzip"
vary
Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript
x-frame-options
SAMEORIGIN
expect-staple
max-age=86400; includeSubDomains
feature-policy
layout-animations *; legacy-image-formats *; oversized-images *; sync-xhr *; unoptimized-images *; unsized-media *; accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; execution-while-not-rendered 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
permissions-policy
layout-animations=*, legacy-image-formats=*, oversized-images=*, sync-xhr=*, unoptimized-images=*, unsized-media=*, accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), execution-while-not-rendered=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=()
cf-ray
86854d55a98435fd-FRA
logoEleven.png
basel-print.secure.roche.com/Web/img/ 		2 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://basel-print.secure.roche.com/Web/img/logoEleven.png
Requested by
Host: basel-print.secure.roche.com
URL: https://basel-print.secure.roche.com/de/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:5434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57b407f5ea9f12f8e83bcd5d0092f53940a39a055aa4d1b303e686c245729670
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://basel-print.secure.roche.com/de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 09:54:44 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
content-length
2108
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 15 Feb 2024 08:25:30 GMT
server
cloudflare
etag
"83c-611675ecc1280"
vary
Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
image/png
x-frame-options
SAMEORIGIN
expect-staple
max-age=86400; includeSubDomains
feature-policy
layout-animations *; legacy-image-formats *; oversized-images *; sync-xhr *; unoptimized-images *; unsized-media *; accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; execution-while-not-rendered 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
permissions-policy
layout-animations=*, legacy-image-formats=*, oversized-images=*, sync-xhr=*, unoptimized-images=*, unsized-media=*, accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), execution-while-not-rendered=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
86854d55a98735fd-FRA
server-network.png
basel-print.secure.roche.com/Web/img/ 		507 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://basel-print.secure.roche.com/Web/img/server-network.png
Requested by
Host: basel-print.secure.roche.com
URL: https://basel-print.secure.roche.com/de/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:5434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f2d6358a967724e64fc4ae39495ff238e6743b001f68211be7224c58560f966
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://basel-print.secure.roche.com/de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 09:54:44 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
content-length
507
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 15 Feb 2024 08:25:30 GMT
server
cloudflare
etag
"1fb-611675ecc1280"
vary
Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
image/png
x-frame-options
SAMEORIGIN
expect-staple
max-age=86400; includeSubDomains
feature-policy
layout-animations *; legacy-image-formats *; oversized-images *; sync-xhr *; unoptimized-images *; unsized-media *; accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; execution-while-not-rendered 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
permissions-policy
layout-animations=*, legacy-image-formats=*, oversized-images=*, sync-xhr=*, unoptimized-images=*, unsized-media=*, accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), execution-while-not-rendered=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
86854d55a98935fd-FRA
key.png
basel-print.secure.roche.com/WSF/UIMods/App/stdSkin/icons/ 		612 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://basel-print.secure.roche.com/WSF/UIMods/App/stdSkin/icons/key.png
Requested by
Host: basel-print.secure.roche.com
URL: https://basel-print.secure.roche.com/de/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:5434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f0ed284afcf94f728410e720ca9ac84107d90a676864c780b0a3ddd70d8e58b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://basel-print.secure.roche.com/de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 09:54:45 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
content-length
612
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 15 Feb 2024 08:25:30 GMT
server
cloudflare
etag
"264-611675ecc1280"
vary
Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
image/png
x-frame-options
SAMEORIGIN
expect-staple
max-age=86400; includeSubDomains
feature-policy
layout-animations *; legacy-image-formats *; oversized-images *; sync-xhr *; unoptimized-images *; unsized-media *; accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; execution-while-not-rendered 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
permissions-policy
layout-animations=*, legacy-image-formats=*, oversized-images=*, sync-xhr=*, unoptimized-images=*, unsized-media=*, accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), execution-while-not-rendered=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
86854d569ac835fd-FRA
v84a3a4012de94ce1a686ba8c167c359c1696973893317
static.cloudflareinsights.com/beacon.min.js/ 		0
0
expDown.png
basel-print.secure.roche.com/Wsf/UIMods/App/stdSkin/gfx/ 		144 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://basel-print.secure.roche.com/Wsf/UIMods/App/stdSkin/gfx/expDown.png
Requested by
Host: basel-print.secure.roche.com
URL: https://basel-print.secure.roche.com/www/css/166/css37554218ba5fb6dd7e17ac1bea4594ddef91c10ca7a397f52c8a70365db7c23a.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:5434 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f354fe43886bd0cc45bc555e4eed5cd497225ad57ff3667f2276dc66d65089df
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://basel-print.secure.roche.com/www/css/166/css37554218ba5fb6dd7e17ac1bea4594ddef91c10ca7a397f52c8a70365db7c23a.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 09:54:45 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
content-length
144
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 15 Feb 2024 08:25:30 GMT
server
cloudflare
etag
"90-611675ecc1280"
vary
Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
image/png
x-frame-options
SAMEORIGIN
expect-staple
max-age=86400; includeSubDomains
feature-policy
layout-animations *; legacy-image-formats *; oversized-images *; sync-xhr *; unoptimized-images *; unsized-media *; accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; execution-while-not-rendered 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
permissions-policy
layout-animations=*, legacy-image-formats=*, oversized-images=*, sync-xhr=*, unoptimized-images=*, unsized-media=*, accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), execution-while-not-rendered=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
86854d574bd835fd-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
static.cloudflareinsights.com
URL
https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Verdicts & Comments Add Verdict or Comment

71 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Prototype object| Class function| PeriodicalExecuter function| Template object| $break object| Enumerable function| $A function| $w function| $H function| Hash function| $R function| ObjectRange object| Abstract object| Try object| Ajax object| Form object| Field function| $F object| Toggle object| Insertion object| $continue object| Position function| $ function| $$ undefined| Sizzle function| Selector undefined| v boolean| DEBUG object| Wsf function| __extends object| exports function| require object| Wsf_EventsTrait object| Wsf_FocusTrapTrait function| Wsf_OutsideClickDetector object| Wsf_RestoreFocusTrait function| Wsf_App object| g_app object| Wsf_Web_MVC_ControlStateCoder function| Wsf_Ctrls_Control function| Wsf_Ctrls_LayoutStack function| Wsf_Ctrls_LayoutStackH function| Wsf_Ctrls_LayoutFullsize object| Wsf_Web_Vocabulary function| W function| HW function| Wsf_Web_CallServerMethodHandler function| Wsf_Cmd function| Wsf_Web_MVC_CmdUITempl function| Wsf_Web_MVC_BroadcastEventData function| Wsf_EventCmd function| Wsf_Ctrls_View function| Wsf_Ctrls_ViewHtmlGeneric function| Wsf_Ctrls_ViewHtmlDesktop function| Web_ViewLogin function| Web_Login_CtrlLoginForm function| Wsf_Forms_CtrlForm function| Wsf_Ctrls_Html function| Web_Login_FormLogin function| Wsf_Forms_CtrlGroup function| Wsf_Forms_Control function| Wsf_Forms_CtrlComboBox function| Wsf_Forms_CtrlText function| Wsf_Forms_CtrlPassword function| Wsf_Forms_CtrlButton function| Wsf_Ctrls_CmdButton function| Wsf_Ctrls_Menu_CtrlMenu function| Wsf_Ctrls_Tabs3 function| Web_Login_FormPinReset function| Bezier boolean| DEV

3 Cookies

Domain/Path Name / Value
basel-print.secure.roche.com/ Name: PHPSESSID443
Value: 8c243a75dd1abd5469595c5298d66ef7
.secure.roche.com/ Name: __cf_bm
Value: wPC8BWzvzdt4meI_m9buBy9Rd1Q2tM8f3e4RPU4zxNg-1711101284-1.0.1.1-DYETtN0IOQKYVzDTc9ndNXcChr84jfxCrnEHJegpWlo1DMoBaP6yM6_Gu0tI73WkyWabP.Jzs638zLy8IChQ1g
.secure.roche.com/ Name: __cfruid
Value: f1252f74b55484e2eb5ad49f522dd36bfb942e37-1711101284

28 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'layout-animations'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'legacy-image-formats'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'oversized-images'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'unoptimized-images'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'unsized-media'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'vr'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'wake-lock'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'web-share'.
security warning
Message:
Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: sync-xhr, accelerometer, autoplay, camera, display-capture, geolocation, gyroscope, magnetometer, microphone, midi, picture-in-picture, publickey-credentials-get, usb, screen-wake-lock, xr-spatial-tracking. Values defined in Permissions-Policy header will be used.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'layout-animations'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'legacy-image-formats'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'oversized-images'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'unoptimized-images'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'unsized-media'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'vr'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'wake-lock'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security error URL: https://basel-print.secure.roche.com/de/
Message:
Refused to load the script 'https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data:; img-src 'self' 'unsafe-inline' data:; connect-src 'self' wss://basel-print.secure.roche.com https://basel-print.secure.roche.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block