urlscan.io logo urlscan.io
SecurityTrails logo

demo.webfant.io Open in urlscan Pro
86.109.17.133  Public Scan

Go To Rescan Add Verdict Report
URL: https://demo.webfant.io/
Submission: On November 27 via api from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 27 HTTP transactions. The main IP is 86.109.17.133, located in Netherlands and belongs to CLDIN-NL CLDIN B.V., NL. The main domain is demo.webfant.io.
TLS certificate: Issued by R10 on November 27th 2024. Valid for: 3 months.
This is the only time demo.webfant.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
15 86.109.17.133 48635 (CLDIN-NL ...)
9 104.22.45.142 13335 (CLOUDFLAR...)
1 142.250.184.195 15169 (GOOGLE)
2 172.67.15.14 13335 (CLOUDFLAR...)
27 4
Apex Domain
Subdomains		 Transfer
15 webfant.io
demo.webfant.io
349 KB
11 tawk.to
embed.tawk.to — Cisco Umbrella Rank: 11098
va.tawk.to — Cisco Umbrella Rank: 10657
176 KB
1 gstatic.com
fonts.gstatic.com
12 KB
27 3
Domain Requested by
15 demo.webfant.io demo.webfant.io
8 embed.tawk.to demo.webfant.io
embed.tawk.to
3 va.tawk.to embed.tawk.to
1 fonts.gstatic.com demo.webfant.io
27 4

This site contains no links.

Subject Issuer Validity Valid
m2pwa.webfant.io
R10		 2024-11-27 -
2025-02-25		 3 months crt.sh
tawk.to
WE1		 2024-11-19 -
2025-02-17		 3 months crt.sh
*.gstatic.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://demo.webfant.io/
Frame ID: 845F48C7EAEA01DFEA0D2288639EA03C
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

RIPCA B.V. - Internationale leverancier van kabels en connectoren sinds 1902

Detected technologies

Overall confidence: 100%
Detected patterns
  • //embed\.tawk\.to

Page Statistics

27
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

538 kB
Transfer

1209 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
demo.webfant.io/ 		184 KB
50 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://demo.webfant.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
c94a4c97de080beeeb20b737162270934abc14b394309041b8c6b2b494579126
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
0
cache-control
max-age=82800, public, s-maxage=82800
content-encoding
gzip
content-length
45372
content-security-policy-report-only
font-src *.googleapis.com *.gstatic.com *.webwinkelkeur.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.cookiebot.com *.cookiebot.eu *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com https://images.unsplash.com *.google.nl *.webwinkelkeur.nl *.usercentrics.eu img.sct.eu1.usercentrics.eu bat.bing.net bat.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.dhlecommerce.nl *.cookiebot.eu *.cookiebot.com *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.cookiebot.com *.cookiebot.eu *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
content-type
text/html; charset=UTF-8
date
Wed, 27 Nov 2024 23:43:58 GMT
expires
Thu, 28 Nov 2024 22:43:58 GMT
pragma
cache
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept-Encoding
x-built-with
Hyva Themes
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-lb-backend
bk_http_cache
x-lb-frontend
fr_http_https
x-lb-server
pea.magehost.pro
x-magento-tags
cms_b_information_block,cms_b_footer_content,store,cms_b,cms_p_2,cms_b_message_block,CMS_BLOCK_footer_content,CMS_BLOCK_footer_content_1
x-realserver
pea.magehost.pro
x-robots-tag
noindex, nofollow, noarchive, nosnippet
x-ua-compatible
IE=edge
x-varnish
360477
x-xss-protection
1; mode=block
styles.css
demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/css/ 		179 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/css/styles.css
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
b022b6b2e9d98e658c9af5a3c6b875f041c7b9d1e31921e7972cf36aa9ef1fd1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://demo.webfant.io/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
content-encoding
gzip
etag
"572944f-2ca37-627bbd09d5222-gzip"
age
0
x-lb-backend
bk_http_cache
x-realserver
pea.magehost.pro
expires
Thu, 27 Nov 2025 23:43:58 GMT
x-varnish
557079
x-lb-server
pea.magehost.pro
date
Wed, 27 Nov 2024 23:43:58 GMT
last-modified
Mon, 25 Nov 2024 12:24:32 GMT
vary
Accept-Encoding
content-type
text/css
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
28477
x-lb-frontend
fr_http_https
Lato-Black.woff2
demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/black/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/black/Lato-Black.woff2
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
f8e767c2e76c5570169d408b513f577c6f6aca4c9174d3f58072a7bf18942425
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
etag
"57294a5-6b3c-627bbd09d8101"
age
0
x-lb-backend
bk_http_cache
x-realserver
pea.magehost.pro
expires
Thu, 27 Nov 2025 23:43:58 GMT
x-varnish
360480
x-lb-server
pea.magehost.pro
date
Wed, 27 Nov 2024 23:43:58 GMT
last-modified
Mon, 25 Nov 2024 12:24:32 GMT
content-type
application/font-woff2
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
27452
x-lb-frontend
fr_http_https
Lato-Bold.woff2
demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/bold/ 		27 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/bold/Lato-Bold.woff2
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
cf18327c8145000edb04816441d02b3833f3c020de202316abea17185dd2c85b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
etag
"57294aa-6c9c-627bbd09d90a1"
age
0
x-lb-backend
bk_http_cache
x-realserver
pea.magehost.pro
expires
Thu, 27 Nov 2025 23:43:58 GMT
x-varnish
491549
x-lb-server
pea.magehost.pro
date
Wed, 27 Nov 2024 23:43:58 GMT
last-modified
Mon, 25 Nov 2024 12:24:32 GMT
content-type
application/font-woff2
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
27804
x-lb-frontend
fr_http_https
Lato-BoldItalic.woff2
demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/Lato-BoldItalic/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/Lato-BoldItalic/Lato-BoldItalic.woff2
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
98623b029816352ad581331bd1164dff03166991eadbd8c48c13190199367b2f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
etag
"5729491-7408-627bbd09d7162"
age
0
x-lb-backend
bk_http_cache
x-realserver
pea.magehost.pro
expires
Thu, 27 Nov 2025 23:43:58 GMT
x-varnish
327688
x-lb-server
pea.magehost.pro
date
Wed, 27 Nov 2024 23:43:58 GMT
last-modified
Mon, 25 Nov 2024 12:24:32 GMT
content-type
application/font-woff2
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
29704
x-lb-frontend
fr_http_https
Lato-Italic.woff2
demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/Lato-Italic/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/Lato-Italic/Lato-Italic.woff2
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
b98d4e5f6dfaa6acad377714cb8f766bb4b3fba57645ca81c725fe1fa541705e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
etag
"5729496-7398-627bbd09d7162"
age
0
x-lb-backend
bk_http_cache
x-realserver
pea.magehost.pro
expires
Thu, 27 Nov 2025 23:43:58 GMT
x-varnish
294923
x-lb-server
pea.magehost.pro
date
Wed, 27 Nov 2024 23:43:58 GMT
last-modified
Mon, 25 Nov 2024 12:24:32 GMT
content-type
application/font-woff2
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
29592
x-lb-frontend
fr_http_https
Lato-LightItalic.woff2
demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/Lato-LightItalic/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/Lato-LightItalic/Lato-LightItalic.woff2
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
cee11f066e712c8235c9f9f44977f60a5eb926af3c9ae269a22bc348e3284d93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
etag
"572949b-534c-627bbd09d7162"
age
0
x-lb-backend
bk_http_cache
x-realserver
pea.magehost.pro
expires
Thu, 27 Nov 2025 23:43:58 GMT
x-varnish
32901
x-lb-server
pea.magehost.pro
date
Wed, 27 Nov 2024 23:43:58 GMT
last-modified
Mon, 25 Nov 2024 12:24:32 GMT
content-type
application/font-woff2
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
21324
x-lb-frontend
fr_http_https
Lato-Thin.woff2
demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/Lato-Thin/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/Lato-Thin/Lato-Thin.woff2
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
6bb54f65af17a5f07042ea512772ec498f9fa264f039c767724294a42566eca4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
etag
"57294a0-6610-627bbd09d8101"
age
0
x-lb-backend
bk_http_cache
x-realserver
pea.magehost.pro
expires
Thu, 27 Nov 2025 23:43:58 GMT
x-varnish
163851
x-lb-server
pea.magehost.pro
date
Wed, 27 Nov 2024 23:43:58 GMT
last-modified
Mon, 25 Nov 2024 12:24:32 GMT
content-type
application/font-woff2
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
26128
x-lb-frontend
fr_http_https
Lato-Light.woff2
demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/light/ 		27 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/light/Lato-Light.woff2
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
d4f1e55a5d27beb98b401db33e64d29d0a91cd36dd3246b80771b5c31ceed2de
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
etag
"57294af-6c98-627bbd09d90a1"
age
0
x-lb-backend
bk_http_cache
x-realserver
pea.magehost.pro
expires
Thu, 27 Nov 2025 23:43:58 GMT
x-varnish
589829
x-lb-server
pea.magehost.pro
date
Wed, 27 Nov 2024 23:43:58 GMT
last-modified
Mon, 25 Nov 2024 12:24:32 GMT
content-type
application/font-woff2
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
27800
x-lb-frontend
fr_http_https
Lato-Regular.woff2
demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/regular/ 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/regular/Lato-Regular.woff2
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
2b77bcd1b4117373d5eb9270517693dbbae13a8413895119a5d47fccabf06b58
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
etag
"57294b4-6f28-627bbd09d90a1"
age
0
x-lb-backend
bk_http_cache
x-realserver
pea.magehost.pro
expires
Thu, 27 Nov 2025 23:43:58 GMT
x-varnish
425992
x-lb-server
pea.magehost.pro
date
Wed, 27 Nov 2024 23:43:58 GMT
last-modified
Mon, 25 Nov 2024 12:24:32 GMT
content-type
application/font-woff2
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
28456
x-lb-frontend
fr_http_https
logo.svg
demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/images/ 		6 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/images/logo.svg
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
7345741478427c9e4e8d8d7602ec0c6276553836a126360d52c9863b838614b6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://demo.webfant.io/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
content-encoding
gzip
etag
"56eaec1-162e-627bbcffe5364-gzip"
age
0
x-lb-backend
bk_http_cache
x-realserver
pea.magehost.pro
expires
Thu, 27 Nov 2025 23:43:58 GMT
x-varnish
393221
x-lb-server
pea.magehost.pro
date
Wed, 27 Nov 2024 23:43:58 GMT
last-modified
Mon, 25 Nov 2024 12:24:22 GMT
vary
Accept-Encoding
content-type
image/svg+xml
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
2488
x-lb-frontend
fr_http_https
NL.png
demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/images/ 		153 B
609 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/images/NL.png
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
d97c112fb788dbb7a78b9b252dd7a82bbb49987b3b32bfdb5e7892e11224e12b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://demo.webfant.io/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
etag
"5729458-99-627bbd09d5222"
age
0
x-lb-backend
bk_http_cache
x-realserver
pea.magehost.pro
expires
Thu, 27 Nov 2025 23:43:59 GMT
x-varnish
458757
x-lb-server
pea.magehost.pro
date
Wed, 27 Nov 2024 23:43:59 GMT
last-modified
Mon, 25 Nov 2024 12:24:32 GMT
content-type
image/png
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
153
x-lb-frontend
fr_http_https
EN.png
demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/images/ 		973 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/images/EN.png
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
c49880b3face9f2fda44c091322c4106e331fc78f39f74138afc2355db3b762d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://demo.webfant.io/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
etag
"5729454-3cd-627bbd09d5222"
age
0
x-lb-backend
bk_http_cache
x-realserver
pea.magehost.pro
expires
Thu, 27 Nov 2025 23:43:59 GMT
x-varnish
557082
x-lb-server
pea.magehost.pro
date
Wed, 27 Nov 2024 23:43:59 GMT
last-modified
Mon, 25 Nov 2024 12:24:32 GMT
content-type
image/png
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
973
x-lb-frontend
fr_http_https
alpine3.min.js
demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/Hyva_Theme/js/ 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/Hyva_Theme/js/alpine3.min.js
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
78f4007773caa52f8d9d9a997387c92f979ecef0484bf88a2d6fea889635cdcc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
content-encoding
gzip
etag
"572ae1f-a417-627bbd0a7d19b-gzip"
age
0
x-lb-backend
bk_http_cache
x-realserver
pea.magehost.pro
expires
Thu, 27 Nov 2025 23:43:58 GMT
x-varnish
622594
x-lb-server
pea.magehost.pro
date
Wed, 27 Nov 2024 23:43:58 GMT
last-modified
Mon, 25 Nov 2024 12:24:33 GMT
vary
Accept-Encoding
content-type
application/javascript
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
15317
x-lb-frontend
fr_http_https
1hh2cjj86
embed.tawk.to/6571dda4ff45ca7d4787eac3/ 		2 KB
1013 B 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.tawk.to/6571dda4ff45ca7d4787eac3/1hh2cjj86
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.45.142 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e5a5853f1970950cd9a715298ae7dbab847eeec1be3ec3fc5c548a4f3219bf4
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

strict-transport-security
max-age=0; includeSubDomains; preload
cache-control
public, max-age=7200, s-maxage=3600
content-encoding
gzip
cf-cache-status
REVALIDATED
etag
W/"stable-v4-67354992019"
x-content-type-options
nosniff
cf-ray
8e95fbca3c351ca6-AMS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 27 Nov 2024 23:43:59 GMT
content-type
application/x-javascript
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0
NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2
fonts.gstatic.com/s/titilliumweb/v17/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/titilliumweb/v17/NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2
Requested by
Host: demo.webfant.io
URL: https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/css/styles.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f3.1e100.net
Software
sffe /
Resource Hash
557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

age
29447
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Thu, 27 Nov 2025 15:33:12 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 27 Nov 2024 15:33:12 GMT
last-modified
Thu, 24 Aug 2023 20:30:13 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
12372
x-xss-protection
0
server
sffe
twk-main.js
embed.tawk.to/_s/v4/app/67354992019/js/ 		121 B
382 B 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.tawk.to/_s/v4/app/67354992019/js/twk-main.js
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/6571dda4ff45ca7d4787eac3/1hh2cjj86
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.45.142 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
705186becc9e0a306a6b4867ae2768aa9dd3b8c12393d9f9c52029e9a6fcf31c
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"da5bb1dc647470204df0e49f5afac2de"
age
18162
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 27 Nov 2024 23:43:59 GMT
content-type
application/javascript
last-modified
Thu, 14 Nov 2024 00:52:21 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-cache-status
HIT
strict-transport-security
max-age=0; includeSubDomains; preload
cache-control
public, max-age=2592000, immutable
cf-ray
8e95fbcc8dbd1ca6-AMS
access-control-allow-origin
*
server
cloudflare
twk-vendor.js
embed.tawk.to/_s/v4/app/67354992019/js/ 		81 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.tawk.to/_s/v4/app/67354992019/js/twk-vendor.js
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/6571dda4ff45ca7d4787eac3/1hh2cjj86
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.45.142 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
548669d6434f5204dca25b9a6f8a02f63301b8c1b58a717b91fec8b6c2918305
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"3b341e35b39f6195793ecaf5db7c1d63"
age
18162
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 27 Nov 2024 23:43:59 GMT
content-type
application/javascript
last-modified
Thu, 14 Nov 2024 00:52:21 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-cache-status
HIT
strict-transport-security
max-age=0; includeSubDomains; preload
cache-control
public, max-age=2592000, immutable
cf-ray
8e95fbcc8dbf1ca6-AMS
access-control-allow-origin
*
server
cloudflare
twk-chunk-vendors.js
embed.tawk.to/_s/v4/app/67354992019/js/ 		212 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.tawk.to/_s/v4/app/67354992019/js/twk-chunk-vendors.js
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/6571dda4ff45ca7d4787eac3/1hh2cjj86
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.45.142 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
194c4fa82fa9bf5897963b335fddcfdb462fe898cafbe8b2eb72a9803f2db05f
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"77a40166698f808a0942865537165b0f"
age
18162
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 27 Nov 2024 23:43:59 GMT
content-type
application/javascript
last-modified
Thu, 14 Nov 2024 00:52:21 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-cache-status
HIT
strict-transport-security
max-age=0; includeSubDomains; preload
cache-control
public, max-age=2592000, immutable
cf-ray
8e95fbcc8dc11ca6-AMS
access-control-allow-origin
*
server
cloudflare
twk-chunk-common.js
embed.tawk.to/_s/v4/app/67354992019/js/ 		223 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.tawk.to/_s/v4/app/67354992019/js/twk-chunk-common.js
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/6571dda4ff45ca7d4787eac3/1hh2cjj86
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.45.142 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b17f212fc06e1cde0574bdd1ee89d507461f5777e3039c725dbb40b5ebb3f192
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"ae0a97d1265892fc012190aa72881581"
age
18162
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 27 Nov 2024 23:43:59 GMT
content-type
application/javascript
last-modified
Thu, 14 Nov 2024 00:52:21 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-cache-status
HIT
strict-transport-security
max-age=0; includeSubDomains; preload
cache-control
public, max-age=2592000, immutable
cf-ray
8e95fbcc8dc31ca6-AMS
access-control-allow-origin
*
server
cloudflare
twk-runtime.js
embed.tawk.to/_s/v4/app/67354992019/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.tawk.to/_s/v4/app/67354992019/js/twk-runtime.js
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/6571dda4ff45ca7d4787eac3/1hh2cjj86
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.45.142 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41c6e86ff4eff6723f15faa7650734836876f67fd98e91d08908115271eac6e5
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"895415bbe1b8cf97aef258d17cb33187"
age
18162
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 27 Nov 2024 23:43:59 GMT
content-type
application/javascript
last-modified
Thu, 14 Nov 2024 00:52:21 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-cache-status
HIT
strict-transport-security
max-age=0; includeSubDomains; preload
cache-control
public, max-age=2592000, immutable
cf-ray
8e95fbcc8dc71ca6-AMS
access-control-allow-origin
*
server
cloudflare
twk-app.js
embed.tawk.to/_s/v4/app/67354992019/js/ 		151 B
406 B 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.tawk.to/_s/v4/app/67354992019/js/twk-app.js
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/6571dda4ff45ca7d4787eac3/1hh2cjj86
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.45.142 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13cf82e6f9d48221cd55f8b3c3d206f7bdb83f291034b478e484ccfef7d500dd
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://demo.webfant.io
Referer
https://demo.webfant.io/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"e736e189edb5d0d9d5b8e7f23dd9114a"
age
18162
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 27 Nov 2024 23:43:59 GMT
content-type
application/javascript
last-modified
Thu, 14 Nov 2024 00:52:21 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-cache-status
HIT
strict-transport-security
max-age=0; includeSubDomains; preload
cache-control
public, max-age=2592000, immutable
cf-ray
8e95fbcc8dc81ca6-AMS
access-control-allow-origin
*
server
cloudflare
favicon.ico
demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/Magento_Theme/ 		34 KB
34 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/Magento_Theme/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
86.109.17.133 , Netherlands, ASN48635 (CLDIN-NL CLDIN B.V., NL),
Reverse DNS
staging.saas.webfant.io
Software
/
Resource Hash
d6b35085fda75d7999494a442d3b98d7b6e4596f35207e4ee2c1dea6d331731a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://demo.webfant.io/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
etag
"572687e-86be-627bbd08fe4aa"
age
0
x-lb-backend
bk_http_cache
x-realserver
pea.magehost.pro
expires
Thu, 27 Nov 2025 23:43:59 GMT
x-varnish
458760
x-lb-server
pea.magehost.pro
date
Wed, 27 Nov 2024 23:43:59 GMT
last-modified
Mon, 25 Nov 2024 12:24:31 GMT
content-type
image/x-icon
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
34494
x-lb-frontend
fr_http_https
widget-settings
va.tawk.to/v1/ 		3 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://va.tawk.to/v1/widget-settings?propertyId=6571dda4ff45ca7d4787eac3&widgetId=1hh2cjj86&sv=null
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/67354992019/js/twk-chunk-common.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.45.142 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4760ed9118fcedb6586b79a661fd809fcad441e237172dbb3cb6e7507e0ca577
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://demo.webfant.io/

Response headers

access-control-max-age
3600
content-encoding
gzip
cf-cache-status
REVALIDATED
etag
W/"2-21-0"
access-control-allow-methods
GET,OPTIONS
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 27 Nov 2024 23:43:59 GMT
content-type
application/json
x-served-by
visitor-application-preemptive-5dzt
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
content-type,x-tawk-token
strict-transport-security
max-age=0; includeSubDomains; preload
cache-control
public, max-age=7200, s-maxage=1800
cf-ray
8e95fbcd5e541ca6-AMS
access-control-allow-origin
*
server
cloudflare
start
va.tawk.to/v1/session/ 		64 B
408 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://va.tawk.to/v1/session/start
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/67354992019/js/twk-chunk-common.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.15.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe384d6150fae0d1a52854c9a928969917ca8f715d6eb6045506292d0d017b39
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json; charset=utf-8
Referer
https://demo.webfant.io/

Response headers

access-control-max-age
3600
cf-cache-status
DYNAMIC
access-control-allow-methods
POST,OPTIONS
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 27 Nov 2024 23:43:59 GMT
content-type
application/json
x-served-by
visitor-application-preemptive-wn2d
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
content-type,x-tawk-token
strict-transport-security
max-age=0; includeSubDomains; preload
access-control-allow-credentials
true
cf-ray
8e95fbce584a0bd7-AMS
access-control-allow-origin
https://demo.webfant.io
content-length
64
server
cloudflare
start
va.tawk.to/v1/session/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://va.tawk.to/v1/session/start
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.45.142 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://demo.webfant.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-tawk-token
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://demo.webfant.io
access-control-max-age
3600
alt-svc
h3=":443"; ma=86400
cache-control
public, s-maxage=600, max-age=600
cf-cache-status
DYNAMIC
cf-ray
8e95fbcd7e691ca6-AMS
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 27 Nov 2024 23:43:59 GMT
priority
u=1,i
server
cloudflare
server-timing
cfExtPri
strict-transport-security
max-age=0; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-served-by
visitor-application-preemptive-wxz0
nl.js
embed.tawk.to/_s/v4/app/67354992019/languages/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.tawk.to/_s/v4/app/67354992019/languages/nl.js
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/67354992019/js/twk-chunk-common.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.15.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae3283639fee44070359bad8f209421f7a3923f4bdab9a7e73f41a07ce392124
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://demo.webfant.io/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"f2869d9553937d45da27e98cef82bf44"
age
1186000
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 27 Nov 2024 23:43:59 GMT
content-type
application/javascript
last-modified
Thu, 14 Nov 2024 00:52:21 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-cache-status
MISS
strict-transport-security
max-age=0; includeSubDomains; preload
cache-control
public, max-age=2592000, immutable
cf-ray
8e95fbcf88f40bd7-AMS
access-control-allow-origin
*
server
cloudflare

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Tawk_API object| Tawk_LoadStart string| BASE_URL string| THEME_PATH object| COOKIE_CONFIG string| CURRENT_STORE_CODE string| CURRENT_WEBSITE_ID object| hyva object| cookie_consent_groups object| cookie_consent_config function| initHeader function| initCompareHeader function| initMiniSearch function| initHeaderNotification function| initCartDrawer function| initAuthentication function| initMessages function| amBrandsPopup function| dispatchMessages function| initConfigurableOptions function| initSwatchOptions object| Alpine object| mageMessages string| $_Tawk_AccountKey string| $_Tawk_WidgetId object| $_Tawk object| tawkJsonp function| $__TawkEngine function| EventEmitter function| $__TawkSocket object| Tawk_Window

6 Cookies

Domain/Path Name / Value
.demo.webfant.io/ Name: PHPSESSID
Value: d9dab488170e9ee78f3ad2263a7a4948
.demo.webfant.io/ Name: last_visited_store
Value: nl
demo.webfant.io/ Name: mage-cache-sessid
Value: true
.demo.webfant.io/ Name: form_key
Value: l5tmMJxwItp02WVn
demo.webfant.io/ Name: twk_idm_key
Value: e7cT8geXHIrRY2XZt-wek
demo.webfant.io/ Name: TawkConnectionTime
Value: 0

17 Console Messages

Source Level URL
Text
security error URL: https://demo.webfant.io/(Line 45)
Message:
[Report Only] Refused to load the script 'https://embed.tawk.to/6571dda4ff45ca7d4787eac3/1hh2cjj86' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.dhlecommerce.nl *.cookiebot.eu *.cookiebot.com *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://embed.tawk.to/6571dda4ff45ca7d4787eac3/1hh2cjj86(Line 57)
Message:
[Report Only] Refused to load the script 'https://embed.tawk.to/_s/v4/app/67354992019/js/twk-main.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.dhlecommerce.nl *.cookiebot.eu *.cookiebot.com *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://embed.tawk.to/6571dda4ff45ca7d4787eac3/1hh2cjj86(Line 57)
Message:
[Report Only] Refused to load the script 'https://embed.tawk.to/_s/v4/app/67354992019/js/twk-vendor.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.dhlecommerce.nl *.cookiebot.eu *.cookiebot.com *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://embed.tawk.to/6571dda4ff45ca7d4787eac3/1hh2cjj86(Line 57)
Message:
[Report Only] Refused to load the script 'https://embed.tawk.to/_s/v4/app/67354992019/js/twk-chunk-vendors.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.dhlecommerce.nl *.cookiebot.eu *.cookiebot.com *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://embed.tawk.to/6571dda4ff45ca7d4787eac3/1hh2cjj86(Line 57)
Message:
[Report Only] Refused to load the script 'https://embed.tawk.to/_s/v4/app/67354992019/js/twk-chunk-common.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.dhlecommerce.nl *.cookiebot.eu *.cookiebot.com *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://embed.tawk.to/6571dda4ff45ca7d4787eac3/1hh2cjj86(Line 57)
Message:
[Report Only] Refused to load the script 'https://embed.tawk.to/_s/v4/app/67354992019/js/twk-runtime.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.dhlecommerce.nl *.cookiebot.eu *.cookiebot.com *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://embed.tawk.to/6571dda4ff45ca7d4787eac3/1hh2cjj86(Line 57)
Message:
[Report Only] Refused to load the script 'https://embed.tawk.to/_s/v4/app/67354992019/js/twk-app.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.dhlecommerce.nl *.cookiebot.eu *.cookiebot.com *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://embed.tawk.to/_s/v4/app/67354992019/js/twk-chunk-common.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://va.tawk.to/v1/widget-settings?propertyId=6571dda4ff45ca7d4787eac3&widgetId=1hh2cjj86&sv=null' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.cookiebot.com *.cookiebot.eu *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms 'self' 'unsafe-inline'".
security error URL: https://embed.tawk.to/_s/v4/app/67354992019/js/twk-chunk-common.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://va.tawk.to/v1/widget-settings?propertyId=6571dda4ff45ca7d4787eac3&widgetId=1hh2cjj86&sv=null' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.cookiebot.com *.cookiebot.eu *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms 'self' 'unsafe-inline'".
security error URL: https://embed.tawk.to/_s/v4/app/67354992019/js/twk-chunk-common.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://va.tawk.to/v1/session/start' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.cookiebot.com *.cookiebot.eu *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms 'self' 'unsafe-inline'".
security error URL: https://embed.tawk.to/_s/v4/app/67354992019/js/twk-chunk-common.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://va.tawk.to/v1/session/start' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.cookiebot.com *.cookiebot.eu *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms 'self' 'unsafe-inline'".
network error URL: https://va.tawk.to/v1/session/start
Message:
Failed to load resource: the server responded with a status of 400 ()
security error URL: https://embed.tawk.to/_s/v4/app/67354992019/js/twk-chunk-common.js(Line 1)
Message:
[Report Only] Refused to load the script 'https://embed.tawk.to/_s/v4/app/67354992019/languages/nl.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.dhlecommerce.nl *.cookiebot.eu *.cookiebot.com *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
javascript warning URL: https://demo.webfant.io/
Message:
The resource https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/Lato-LightItalic/Lato-LightItalic.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://demo.webfant.io/
Message:
The resource https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/Lato-Thin/Lato-Thin.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://demo.webfant.io/
Message:
The resource https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/Lato-Italic/Lato-Italic.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://demo.webfant.io/
Message:
The resource https://demo.webfant.io/static/version1732732875/frontend/Essentials/default/nl_NL/fonts/lato/Lato-BoldItalic/Lato-BoldItalic.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

demo.webfant.io
embed.tawk.to
fonts.gstatic.com
va.tawk.to
104.22.45.142
142.250.184.195
172.67.15.14
86.109.17.133
0e5a5853f1970950cd9a715298ae7dbab847eeec1be3ec3fc5c548a4f3219bf4
13cf82e6f9d48221cd55f8b3c3d206f7bdb83f291034b478e484ccfef7d500dd
194c4fa82fa9bf5897963b335fddcfdb462fe898cafbe8b2eb72a9803f2db05f
2b77bcd1b4117373d5eb9270517693dbbae13a8413895119a5d47fccabf06b58
41c6e86ff4eff6723f15faa7650734836876f67fd98e91d08908115271eac6e5
4760ed9118fcedb6586b79a661fd809fcad441e237172dbb3cb6e7507e0ca577
548669d6434f5204dca25b9a6f8a02f63301b8c1b58a717b91fec8b6c2918305
557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532
6bb54f65af17a5f07042ea512772ec498f9fa264f039c767724294a42566eca4
705186becc9e0a306a6b4867ae2768aa9dd3b8c12393d9f9c52029e9a6fcf31c
7345741478427c9e4e8d8d7602ec0c6276553836a126360d52c9863b838614b6
78f4007773caa52f8d9d9a997387c92f979ecef0484bf88a2d6fea889635cdcc
98623b029816352ad581331bd1164dff03166991eadbd8c48c13190199367b2f
ae3283639fee44070359bad8f209421f7a3923f4bdab9a7e73f41a07ce392124
b022b6b2e9d98e658c9af5a3c6b875f041c7b9d1e31921e7972cf36aa9ef1fd1
b17f212fc06e1cde0574bdd1ee89d507461f5777e3039c725dbb40b5ebb3f192
b98d4e5f6dfaa6acad377714cb8f766bb4b3fba57645ca81c725fe1fa541705e
c49880b3face9f2fda44c091322c4106e331fc78f39f74138afc2355db3b762d
c94a4c97de080beeeb20b737162270934abc14b394309041b8c6b2b494579126
cee11f066e712c8235c9f9f44977f60a5eb926af3c9ae269a22bc348e3284d93
cf18327c8145000edb04816441d02b3833f3c020de202316abea17185dd2c85b
d4f1e55a5d27beb98b401db33e64d29d0a91cd36dd3246b80771b5c31ceed2de
d6b35085fda75d7999494a442d3b98d7b6e4596f35207e4ee2c1dea6d331731a
d97c112fb788dbb7a78b9b252dd7a82bbb49987b3b32bfdb5e7892e11224e12b
f8e767c2e76c5570169d408b513f577c6f6aca4c9174d3f58072a7bf18942425
fe384d6150fae0d1a52854c9a928969917ca8f715d6eb6045506292d0d017b39