Submitted URL: https://accounts.dm.de/
Effective URL: https://signin.dm.de/dm-de/authentication/web-login
Submission: On December 03 via api from DE — Scanned from DE

Summary

This website contacted 10 IPs in 2 countries across 4 domains to perform 84 HTTP transactions. The main IP is 35.201.94.164, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is signin.dm.de.
TLS certificate: Issued by R3 on November 26th 2021. Valid for: 3 months.
This is the only time signin.dm.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
23 assets.dm.de account.dm.de
assets.dm.de
signin.dm.de
17 account.dm.de account.dm.de
10 api.usercentrics.eu assets.dm.de
9 www.gstatic.com www.recaptcha.net
www.gstatic.com
8 signin.dm.de 4 redirects account.dm.de
signin.dm.de
6 www.recaptcha.net signin.dm.de
www.gstatic.com
www.recaptcha.net
5 fonts.gstatic.com www.recaptcha.net
3 app.usercentrics.eu assets.dm.de
app.usercentrics.eu
signin.dm.de
2 sandbox.om.dm.de assets.dm.de
sandbox.om.dm.de
2 graphql.usercentrics.eu assets.dm.de
2 aggregator.service.usercentrics.eu assets.dm.de
1 accounts.dm.de 1 redirects
0 uct.service.usercentrics.eu Failed signin.dm.de
84 13

This site contains links to these domains. Also see Links.

Domain
accounts.dm.de
policies.google.com
www.dm.de
Subject Issuer Validity Valid
*.apps.nonprod.gcp.dmtech.cloud
R3
2021-11-26 -
2022-02-24
3 months crt.sh
assets.dm.de
Sectigo RSA Domain Validation Secure Server CA
2021-07-20 -
2022-07-20
a year crt.sh
app.usercentrics.eu
GTS CA 1D4
2021-10-26 -
2022-01-24
3 months crt.sh
misc.google.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
api.usercentrics.eu
GTS CA 1D4
2021-10-26 -
2022-01-24
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
aggregator.service.usercentrics.eu
GTS CA 1D4
2021-10-16 -
2022-01-14
3 months crt.sh
graphql.usercentrics.eu
GTS CA 1D4
2021-10-23 -
2022-01-21
3 months crt.sh
sandbox.om.dm.de
Sectigo RSA Domain Validation Secure Server CA
2021-07-20 -
2022-07-20
a year crt.sh

This page contains 6 frames:

Primary Page: https://signin.dm.de/dm-de/authentication/web-login
Frame ID: 71243435BEB0A2E2934F6220D6D62C39
Requests: 47 HTTP requests in this frame

Frame: https://account.dm.de/callback?error=login_required&error_description=Could+not+login+with+SSO&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr
Frame ID: 37DBB64EA147D6867DE2F19FA24ECEB7
Requests: 10 HTTP requests in this frame

Frame: https://app.usercentrics.eu/browser-sdk/2.12.8/cross-domain-bridge.html
Frame ID: 40ED1BE8C39E91ED488A367CC7D64C62
Requests: 1 HTTP requests in this frame

Frame: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY&co=aHR0cHM6Ly9zaWduaW4uZG0uZGU6NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&sa=login&cb=vlbzojbn422y
Frame ID: D50656F3F50BF8E46D21249C36E618A7
Requests: 7 HTTP requests in this frame

Frame: https://www.recaptcha.net/recaptcha/enterprise/bframe?hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY
Frame ID: B4F43126B5154979DAFD151758E4AAF9
Requests: 11 HTTP requests in this frame

Frame: https://sandbox.om.dm.de/LATEST/index_de_storage.html?iframeId=OM_STORAGE_FRAME&p
Frame ID: 1D913A747456012D806D36F77D227E59
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

dm Logindm MarkenlogoAugen Symbol

Page URL History Show full URLs

  1. https://accounts.dm.de/ HTTP 302
    https://account.dm.de/ Page URL
  2. https://signin.dm.de/dm-de/oauth-authorize?scope=openid+email+roles+customerId&acr_values=web-log... HTTP 302
    https://signin.dm.de/dm-de/authentication?serviceProviderId=dm-de-token-service-profile&client_id... HTTP 302
    https://signin.dm.de/dm-de/authentication/web-login Page URL

Page Statistics

84
Requests

99 %
HTTPS

78 %
IPv6

4
Domains

13
Subdomains

10
IPs

2
Countries

3118 kB
Transfer

9911 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://accounts.dm.de/ HTTP 302
    https://account.dm.de/ Page URL
  2. https://signin.dm.de/dm-de/oauth-authorize?scope=openid+email+roles+customerId&acr_values=web-login-page&prompt=login&state=piF7r89bNbZjA0xQuD22OFRrbEfUHeLUUM7D0gQfUYyzKY9RTBQndbP38jqkY80v&nonce=vN9ij0zL2iQM7fa5E9ZSXMWLJDm5mp1BRAE1mlPbTljjmMNhPj3QvQLbpCKg7srU&client_id=nextaccount&response_type=code&code_challenge=P-63NdXL32Axe9q-HU2bk91_aisknkZ5WYxb_-Q2G6M&code_challenge_method=S256&redirect_uri=https%3A%2F%2Faccount.dm.de%2Fcallback&for_origin= HTTP 302
    https://signin.dm.de/dm-de/authentication?serviceProviderId=dm-de-token-service-profile&client_id=nextaccount&acr=web-login-page&forceAuthN=true&resumePath=%2Fdm-de%2Foauth-authorize&state=R_J1LfAMHimss9l12EBHfZEjiW9ghvbTiL HTTP 302
    https://signin.dm.de/dm-de/authentication/web-login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://accounts.dm.de/ HTTP 302
  • https://account.dm.de/
Request Chain 12
  • https://signin.dm.de/dm-de/oauth-authorize?scope=openid+email+roles+customerId&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr&nonce=8v6cIqGkleHGClATlA4Dx25x6gvuWR5jKnjfb6OLl8qpdtXSfRNUZElVdCdy4EhY&client_id=nextaccount&response_type=code&code_challenge=zpWg66pYD_ocI0HOAG8i3qEONCRbj2sBquzpWkB8Ji4&code_challenge_method=S256&redirect_uri=https%3A%2F%2Faccount.dm.de%2Fcallback&for_origin=&prompt=none HTTP 302
  • https://signin.dm.de/dm-de/authentication?serviceProviderId=dm-de-token-service-profile&client_id=nextaccount&sso=force&resumePath=%2Fdm-de%2Foauth-authorize&state=R_tIcsqXL07iUKZbvPUbsXacqkccPA8uAW
Request Chain 13
  • https://signin.dm.de/dm-de/oauth-authorize?client_id=nextaccount&sso=force HTTP 303
  • https://account.dm.de/callback?error=login_required&error_description=Could+not+login+with+SSO&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr

84 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
account.dm.de/
Redirect Chain
  • https://accounts.dm.de/
  • https://account.dm.de/
2 KB
3 KB
Document
General
Full URL
https://account.dm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
c6a6224a39f0f79e5fc6f63724160d67e203535eda6a8422f074359ea422694c
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-type
text/html; charset=utf-8
date
Fri, 03 Dec 2021 11:11:39 GMT
etag
"907-M3ofBHr1RSVaWS5HXlNtQMMo8vo"
expect-ct
max-age=0
referrer-policy
strict-origin
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-datadog-parent-id
7286958708767001589
x-datadog-sampled
1
x-datadog-sampling-priority
1
x-datadog-trace-id
7286958708767001589
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-vcap-request-id
c4f93f34-04e3-4f92-5a38-24eebfe1aeb3
x-xss-protection
0
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Redirect headers

content-length
86
content-type
text/html; charset=utf-8
date
Fri, 03 Dec 2021 11:11:39 GMT
location
https://account.dm.de
vary
Accept
x-datadog-parent-id
2010325581271489477
x-datadog-sampled
1
x-datadog-sampling-priority
1
x-datadog-trace-id
2010325581271489477
x-powered-by
Express
x-vcap-request-id
9c819ac0-fa5e-46ed-5f5e-091c92788e63
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
dm-base.min.css
assets.dm.de/js-libraries/prod/css/
6 KB
1 KB
Stylesheet
General
Full URL
https://assets.dm.de/js-libraries/prod/css/dm-base.min.css
Requested by
Host: account.dm.de
URL: https://account.dm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9ffade704941227cf24ae72984b790b5d5a814ba1321e21db137fcb2d82b2f80

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 11:11:24 GMT
content-encoding
gzip
x-goog-meta-goog-reserved-file-mtime
1637252175
age
15
x-guploader-uploadid
ADPycdt14T417Wzhv9wWXsaYn1T-9CIYDtlL3CGyGxxrflx54UybgfrVEYBsMXezWDGxNyyWEryURDqAnmDXFRlVx4w
x-goog-storage-class
REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
580
last-modified
Fri, 19 Nov 2021 10:41:58 GMT
server
UploadServer
etag
"c218192835234224f7812b8d72a648ce"
vary
Accept-Encoding
x-goog-hash
crc32c=S2+XRg==, md5=whgZKDUjQiT3gSuNcqZIzg==
x-goog-generation
1637318518718121
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=60
x-goog-stored-content-length
580
accept-ranges
bytes
content-type
text/css
expires
Fri, 03 Dec 2021 11:12:24 GMT
webpack-1ad8a2eca3222dad2066.js
account.dm.de/_next/static/chunks/
2 KB
1 KB
Script
General
Full URL
https://account.dm.de/_next/static/chunks/webpack-1ad8a2eca3222dad2066.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
2b48cddeae893a736f1506be74baf28feab21148d2ddabe477b6a7703b699b4a
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-encoding
gzip
etag
W/"7d1-17ce11d95e8"
x-vcap-request-id
f7a64001-c58b-42b6-7533-e3bbeb47db9e
x-permitted-cross-domain-policies
none
age
2138761
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
7361569584772388499
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
993
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Tue, 02 Nov 2021 14:46:25 GMT
x-frame-options
SAMEORIGIN
date
Mon, 08 Nov 2021 17:05:38 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
via
1.1 google
x-download-options
noopen
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
7361569584772388499
accept-ranges
bytes
x-content-type-options
nosniff
framework-b3065dc44a57924b4ba2.js
account.dm.de/_next/static/chunks/
138 KB
43 KB
Script
General
Full URL
https://account.dm.de/_next/static/chunks/framework-b3065dc44a57924b4ba2.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
ca0be7ed9cb33547f0867a320aa398abb7c8f5851e605625ea823b0b4b6d9d9d
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-encoding
gzip
etag
W/"228b0-17d230d1e10"
x-vcap-request-id
e6cb6556-8dad-4be0-61b0-84ee7d7a06b1
x-permitted-cross-domain-policies
none
age
1377552
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
6936208746621305757
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43810
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Mon, 15 Nov 2021 10:03:22 GMT
x-frame-options
SAMEORIGIN
date
Wed, 17 Nov 2021 12:32:27 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
via
1.1 google
x-download-options
noopen
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
6936208746621305757
accept-ranges
bytes
x-content-type-options
nosniff
main-38f9f9970e4fcf935f83.js
account.dm.de/_next/static/chunks/
76 KB
23 KB
Script
General
Full URL
https://account.dm.de/_next/static/chunks/main-38f9f9970e4fcf935f83.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
807c6adc39c41a50b61d39a5e81bf900451e504de7fdb720104b0a87e2e0fb17
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-encoding
gzip
etag
W/"12ef6-17d2ddd2f10"
x-vcap-request-id
56763a10-4c5f-41d8-4536-28c50f932bae
x-permitted-cross-domain-policies
none
age
1377519
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
1602258207420938898
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23701
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Wed, 17 Nov 2021 12:26:50 GMT
x-frame-options
SAMEORIGIN
date
Wed, 17 Nov 2021 12:33:00 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
via
1.1 google
x-download-options
noopen
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
1602258207420938898
accept-ranges
bytes
x-content-type-options
nosniff
_app-34ed83b54387633129ed.js
account.dm.de/_next/static/chunks/pages/
3 MB
754 KB
Script
General
Full URL
https://account.dm.de/_next/static/chunks/pages/_app-34ed83b54387633129ed.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
a76022344510c87c57781b6f43dffc4be265d2dc5dea3aa74450eea8895a611b
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-encoding
gzip
etag
W/"2b4c1f-17d7b8bb830"
x-vcap-request-id
790f35ae-1ae3-4728-4ff9-f55f37f67fb6
x-permitted-cross-domain-policies
none
age
72497
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
1095274900901116992
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Thu, 02 Dec 2021 14:28:14 GMT
x-frame-options
SAMEORIGIN
date
Thu, 02 Dec 2021 15:03:22 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
via
1.1 google
x-download-options
noopen
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
1095274900901116992
accept-ranges
bytes
x-content-type-options
nosniff
503-845f0d609d0b16980209.js
account.dm.de/_next/static/chunks/
17 KB
5 KB
Script
General
Full URL
https://account.dm.de/_next/static/chunks/503-845f0d609d0b16980209.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
1d681d1296b0d17c6e9cff5cd29255b304c4d27833c4acd7004d4c04776e57c3
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-encoding
gzip
etag
W/"44d5-17d230d1e10"
x-vcap-request-id
25a34b38-401e-45ff-69c9-3812f9a46c1a
x-permitted-cross-domain-policies
none
age
1377414
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
1359619277617363822
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5074
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Mon, 15 Nov 2021 10:03:22 GMT
x-frame-options
SAMEORIGIN
date
Wed, 17 Nov 2021 12:34:45 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
via
1.1 google
x-download-options
noopen
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
1359619277617363822
accept-ranges
bytes
x-content-type-options
nosniff
index-285bb4f4ee898d18b8fb.js
account.dm.de/_next/static/chunks/pages/
9 KB
4 KB
Script
General
Full URL
https://account.dm.de/_next/static/chunks/pages/index-285bb4f4ee898d18b8fb.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
8011ef0e300cb037130310c4b6d202b0b3ec7fc6991b661ab2849f656e7adb99
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-encoding
gzip
etag
W/"2525-17d230d1e10"
x-vcap-request-id
23db43eb-b85b-4168-718c-342837238524
x-permitted-cross-domain-policies
none
age
1377509
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
4461827073395003317
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3953
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Mon, 15 Nov 2021 10:03:22 GMT
x-frame-options
SAMEORIGIN
date
Wed, 17 Nov 2021 12:33:10 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
via
1.1 google
x-download-options
noopen
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
4461827073395003317
accept-ranges
bytes
x-content-type-options
nosniff
_buildManifest.js
account.dm.de/_next/static/Hz6tloio7T5D9Intn5a-R/
1 KB
828 B
Script
General
Full URL
https://account.dm.de/_next/static/Hz6tloio7T5D9Intn5a-R/_buildManifest.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
8456324d4fc6dec5cce5a1fe3f11da03d2b7de063f8dd3fe8132f2dc5696b257
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-encoding
gzip
etag
W/"5fa-17d7b8bb830"
x-vcap-request-id
f2ce0c16-00a5-4544-605a-748b0f6808af
x-permitted-cross-domain-policies
none
age
72497
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
9212286661770930953
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
678
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Thu, 02 Dec 2021 14:28:14 GMT
x-frame-options
SAMEORIGIN
date
Thu, 02 Dec 2021 15:03:22 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
via
1.1 google
x-download-options
noopen
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
9212286661770930953
accept-ranges
bytes
x-content-type-options
nosniff
_ssgManifest.js
account.dm.de/_next/static/Hz6tloio7T5D9Intn5a-R/
77 B
225 B
Script
General
Full URL
https://account.dm.de/_next/static/Hz6tloio7T5D9Intn5a-R/_ssgManifest.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
via
1.1 google
etag
W/"4d-17d7b8bb830"
x-permitted-cross-domain-policies
none
age
72497
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
2115422214828546106
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
77
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Thu, 02 Dec 2021 14:28:14 GMT
x-frame-options
SAMEORIGIN
date
Thu, 02 Dec 2021 15:03:22 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
x-download-options
noopen
x-vcap-request-id
5e6a6153-d803-4d31-599d-75b9596098f8
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
2115422214828546106
accept-ranges
bytes
x-content-type-options
nosniff
DMBrand-Regular.woff2
assets.dm.de/js-libraries/2021.1118.1057/fonts/
59 KB
60 KB
Font
General
Full URL
https://assets.dm.de/js-libraries/2021.1118.1057/fonts/DMBrand-Regular.woff2
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/js-libraries/prod/css/dm-base.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
452f0ccba0a751a2b13eaed16d5f2de38817429231f90f1435087615bea20f65

Request headers

Referer
https://assets.dm.de/js-libraries/prod/css/dm-base.min.css
Origin
https://account.dm.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 10:42:32 GMT
content-encoding
gzip
x-goog-meta-goog-reserved-file-mtime
1637252175
age
1211347
x-guploader-uploadid
ADPycdvx51eKVaAY2AzvRmlI2chqKeDeSpFpIKfKNBQXAmTpOMIHiI7PP4dybOSo8GmZMXGpHJw4cDkeJYtWlZ5jRe-ND2nmQQ
x-goog-storage-class
REGIONAL
x-goog-metageneration
6
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
60538
last-modified
Thu, 18 Nov 2021 16:19:19 GMT
server
UploadServer
etag
"278969f0142a8fe26ebafb2f7e3b38c5"
vary
Accept-Encoding
x-goog-hash
crc32c=lXwdpQ==, md5=J4lp8BQqj+Juuvsvfjs4xQ==
x-goog-generation
1637252359300502
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public,max-age=31556952
x-goog-stored-content-length
60538
accept-ranges
bytes
content-type
font/woff2
expires
Sat, 19 Nov 2022 10:42:32 GMT
openid-configuration
signin.dm.de/dm-de/oauth-anonymous/.well-known/
2 KB
3 KB
Fetch
General
Full URL
https://signin.dm.de/dm-de/oauth-anonymous/.well-known/openid-configuration
Requested by
Host: account.dm.de
URL: https://account.dm.de/_next/static/chunks/pages/_app-34ed83b54387633129ed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
3103bbadcd955d27092b13e344ad188c754807a4c0150ee685c716b2691e93a1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'none'
via
1.1 google
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
server
nginx
date
Fri, 03 Dec 2021 11:11:39 GMT
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://account.dm.de
x-vcap-request-id
bf132a8f-a477-48d7-62d3-bb5ac5b5e167
strict-transport-security
max-age=31536000
vary
Origin
content-length
2298
x-xss-protection
1; mode=block
authentication
signin.dm.de/dm-de/ Frame 37DB
Redirect Chain
  • https://signin.dm.de/dm-de/oauth-authorize?scope=openid+email+roles+customerId&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr&nonce=8v6cIqGkleHGClATlA4Dx25x6gvuWR5jKnjfb6OLl...
  • https://signin.dm.de/dm-de/authentication?serviceProviderId=dm-de-token-service-profile&client_id=nextaccount&sso=force&resumePath=%2Fdm-de%2Foauth-authorize&state=R_tIcsqXL07iUKZbvPUbsXacqkccPA8uAW
3 KB
3 KB
Document
General
Full URL
https://signin.dm.de/dm-de/authentication?serviceProviderId=dm-de-token-service-profile&client_id=nextaccount&sso=force&resumePath=%2Fdm-de%2Foauth-authorize&state=R_tIcsqXL07iUKZbvPUbsXacqkccPA8uAW
Requested by
Host: account.dm.de
URL: https://account.dm.de/_next/static/chunks/pages/_app-34ed83b54387633129ed.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
8bec545689028c2c3dcc1cc4c32626d1c941403db3c9bae600c5cc80b501911c
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://account.dm.de
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://account.dm.de
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/

Response headers

content-language
en
content-length
3057
content-security-policy
frame-ancestors https://account.dm.de
content-type
text/html;charset=utf-8
date
Fri, 03 Dec 2021 11:11:40 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Language
x-content-type-options
nosniff
x-frame-options
ALLOW-FROM https://account.dm.de
x-vcap-request-id
e0f7beea-5fcb-4cf3-5daf-a9d6171fe281
x-xss-protection
1; mode=block
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Redirect headers

content-length
0
content-security-policy
frame-ancestors https://account.dm.de
date
Fri, 03 Dec 2021 11:11:39 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://signin.dm.de/dm-de/authentication?serviceProviderId=dm-de-token-service-profile&client_id=nextaccount&sso=force&resumePath=%2Fdm-de%2Foauth-authorize&state=R_tIcsqXL07iUKZbvPUbsXacqkccPA8uAW
server
nginx
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
ALLOW-FROM https://account.dm.de
x-vcap-request-id
89ad1491-fc4b-420e-442f-ffaa77bb98fe
x-xss-protection
1; mode=block
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
callback
account.dm.de/ Frame 37DB
Redirect Chain
  • https://signin.dm.de/dm-de/oauth-authorize?client_id=nextaccount&sso=force
  • https://account.dm.de/callback?error=login_required&error_description=Could+not+login+with+SSO&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr
2 KB
1013 B
Document
General
Full URL
https://account.dm.de/callback?error=login_required&error_description=Could+not+login+with+SSO&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
b92c8e19dbeb9c84f7e4ea094be60500424fb43879afa5cdd617f8de8d3fc5a3
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
Origin
https://signin.dm.de
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/

Response headers

content-encoding
gzip
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-type
text/html; charset=utf-8
date
Fri, 03 Dec 2021 11:11:40 GMT
etag
"8c1-GwRfIeO1tuE5ZJtM9sXAUpycP7I"
expect-ct
max-age=0
referrer-policy
strict-origin
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-datadog-parent-id
3954467068450188974
x-datadog-sampled
1
x-datadog-sampling-priority
1
x-datadog-trace-id
3954467068450188974
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-vcap-request-id
a4ea26db-cc43-40e4-5867-f6dd2b175f73
x-xss-protection
0
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Redirect headers

content-length
0
content-security-policy
frame-ancestors https://account.dm.de
date
Fri, 03 Dec 2021 11:11:40 GMT
location
https://account.dm.de/callback?error=login_required&error_description=Could+not+login+with+SSO&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr
server
nginx
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
ALLOW-FROM https://account.dm.de
x-vcap-request-id
dc6f0da7-37fc-43d0-672b-1d088170f2a1
x-xss-protection
1; mode=block
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
dm-base.min.css
assets.dm.de/js-libraries/prod/css/ Frame 37DB
6 KB
650 B
Stylesheet
General
Full URL
https://assets.dm.de/js-libraries/prod/css/dm-base.min.css
Requested by
Host: account.dm.de
URL: https://account.dm.de/callback?error=login_required&error_description=Could+not+login+with+SSO&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9ffade704941227cf24ae72984b790b5d5a814ba1321e21db137fcb2d82b2f80

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 11:11:24 GMT
content-encoding
gzip
x-goog-meta-goog-reserved-file-mtime
1637252175
age
16
x-guploader-uploadid
ADPycdt14T417Wzhv9wWXsaYn1T-9CIYDtlL3CGyGxxrflx54UybgfrVEYBsMXezWDGxNyyWEryURDqAnmDXFRlVx4w
x-goog-storage-class
REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
580
last-modified
Fri, 19 Nov 2021 10:41:58 GMT
server
UploadServer
etag
"c218192835234224f7812b8d72a648ce"
vary
Accept-Encoding
x-goog-hash
crc32c=S2+XRg==, md5=whgZKDUjQiT3gSuNcqZIzg==
x-goog-generation
1637318518718121
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=60
x-goog-stored-content-length
580
accept-ranges
bytes
content-type
text/css
expires
Fri, 03 Dec 2021 11:12:24 GMT
webpack-1ad8a2eca3222dad2066.js
account.dm.de/_next/static/chunks/ Frame 37DB
2 KB
1 KB
Script
General
Full URL
https://account.dm.de/_next/static/chunks/webpack-1ad8a2eca3222dad2066.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/callback?error=login_required&error_description=Could+not+login+with+SSO&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
2b48cddeae893a736f1506be74baf28feab21148d2ddabe477b6a7703b699b4a
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-encoding
gzip
etag
W/"7d1-17ce11d95e8"
x-vcap-request-id
f7a64001-c58b-42b6-7533-e3bbeb47db9e
x-permitted-cross-domain-policies
none
age
2138762
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
7361569584772388499
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
993
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Tue, 02 Nov 2021 14:46:25 GMT
x-frame-options
SAMEORIGIN
date
Mon, 08 Nov 2021 17:05:38 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
via
1.1 google
x-download-options
noopen
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
7361569584772388499
accept-ranges
bytes
x-content-type-options
nosniff
framework-b3065dc44a57924b4ba2.js
account.dm.de/_next/static/chunks/ Frame 37DB
138 KB
43 KB
Script
General
Full URL
https://account.dm.de/_next/static/chunks/framework-b3065dc44a57924b4ba2.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/callback?error=login_required&error_description=Could+not+login+with+SSO&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
ca0be7ed9cb33547f0867a320aa398abb7c8f5851e605625ea823b0b4b6d9d9d
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-encoding
gzip
etag
W/"228b0-17d230d1e10"
x-vcap-request-id
e6cb6556-8dad-4be0-61b0-84ee7d7a06b1
x-permitted-cross-domain-policies
none
age
1377553
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
6936208746621305757
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43810
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Mon, 15 Nov 2021 10:03:22 GMT
x-frame-options
SAMEORIGIN
date
Wed, 17 Nov 2021 12:32:27 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
via
1.1 google
x-download-options
noopen
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
6936208746621305757
accept-ranges
bytes
x-content-type-options
nosniff
main-38f9f9970e4fcf935f83.js
account.dm.de/_next/static/chunks/ Frame 37DB
76 KB
23 KB
Script
General
Full URL
https://account.dm.de/_next/static/chunks/main-38f9f9970e4fcf935f83.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/callback?error=login_required&error_description=Could+not+login+with+SSO&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
807c6adc39c41a50b61d39a5e81bf900451e504de7fdb720104b0a87e2e0fb17
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-encoding
gzip
etag
W/"12ef6-17d2ddd2f10"
x-vcap-request-id
56763a10-4c5f-41d8-4536-28c50f932bae
x-permitted-cross-domain-policies
none
age
1377520
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
1602258207420938898
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23701
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Wed, 17 Nov 2021 12:26:50 GMT
x-frame-options
SAMEORIGIN
date
Wed, 17 Nov 2021 12:33:00 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
via
1.1 google
x-download-options
noopen
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
1602258207420938898
accept-ranges
bytes
x-content-type-options
nosniff
_app-34ed83b54387633129ed.js
account.dm.de/_next/static/chunks/pages/ Frame 37DB
3 MB
754 KB
Script
General
Full URL
https://account.dm.de/_next/static/chunks/pages/_app-34ed83b54387633129ed.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/callback?error=login_required&error_description=Could+not+login+with+SSO&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
a76022344510c87c57781b6f43dffc4be265d2dc5dea3aa74450eea8895a611b
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-encoding
gzip
etag
W/"2b4c1f-17d7b8bb830"
x-vcap-request-id
790f35ae-1ae3-4728-4ff9-f55f37f67fb6
x-permitted-cross-domain-policies
none
age
72498
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
1095274900901116992
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Thu, 02 Dec 2021 14:28:14 GMT
x-frame-options
SAMEORIGIN
date
Thu, 02 Dec 2021 15:03:22 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
via
1.1 google
x-download-options
noopen
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
1095274900901116992
accept-ranges
bytes
x-content-type-options
nosniff
callback-e080e1f414ec7f929fab.js
account.dm.de/_next/static/chunks/pages/ Frame 37DB
3 KB
1 KB
Script
General
Full URL
https://account.dm.de/_next/static/chunks/pages/callback-e080e1f414ec7f929fab.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/callback?error=login_required&error_description=Could+not+login+with+SSO&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
72fd6a9a969e08d0892cce9a8164616fc4a6f07be8aaa65201cf6e7755640952
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-encoding
gzip
etag
W/"b51-17ce11d95e8"
x-vcap-request-id
43899fd6-7760-4467-628f-c2a8f5482e7d
x-permitted-cross-domain-policies
none
age
1507810
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
5960313270904379959
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1363
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Tue, 02 Nov 2021 14:46:25 GMT
x-frame-options
SAMEORIGIN
date
Tue, 16 Nov 2021 00:21:30 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
via
1.1 google
x-download-options
noopen
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
5960313270904379959
accept-ranges
bytes
x-content-type-options
nosniff
_buildManifest.js
account.dm.de/_next/static/Hz6tloio7T5D9Intn5a-R/ Frame 37DB
1 KB
715 B
Script
General
Full URL
https://account.dm.de/_next/static/Hz6tloio7T5D9Intn5a-R/_buildManifest.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/callback?error=login_required&error_description=Could+not+login+with+SSO&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
8456324d4fc6dec5cce5a1fe3f11da03d2b7de063f8dd3fe8132f2dc5696b257
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
content-encoding
gzip
etag
W/"5fa-17d7b8bb830"
x-vcap-request-id
f2ce0c16-00a5-4544-605a-748b0f6808af
x-permitted-cross-domain-policies
none
age
72498
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
9212286661770930953
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
678
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Thu, 02 Dec 2021 14:28:14 GMT
x-frame-options
SAMEORIGIN
date
Thu, 02 Dec 2021 15:03:22 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
via
1.1 google
x-download-options
noopen
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
9212286661770930953
accept-ranges
bytes
x-content-type-options
nosniff
_ssgManifest.js
account.dm.de/_next/static/Hz6tloio7T5D9Intn5a-R/ Frame 37DB
77 B
111 B
Script
General
Full URL
https://account.dm.de/_next/static/Hz6tloio7T5D9Intn5a-R/_ssgManifest.js
Requested by
Host: account.dm.de
URL: https://account.dm.de/callback?error=login_required&error_description=Could+not+login+with+SSO&state=7ekuD5pp04LXWfWBl3y3lCW1mw9jyX5TMQr7W1XLRgXbEYDbIPMGw69x7SzhLDjr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
/
Resource Hash
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
via
1.1 google
etag
W/"4d-17d7b8bb830"
x-permitted-cross-domain-policies
none
age
72498
x-dns-prefetch-control
off
x-datadog-sampling-priority
1
x-datadog-parent-id
2115422214828546106
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
77
x-datadog-sampled
1
referrer-policy
strict-origin
last-modified
Thu, 02 Dec 2021 14:28:14 GMT
x-frame-options
SAMEORIGIN
date
Thu, 02 Dec 2021 15:03:22 GMT
expect-ct
max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/javascript; charset=UTF-8
x-download-options
noopen
x-vcap-request-id
5e6a6153-d803-4d31-599d-75b9596098f8
x-xss-protection
0
cache-control
public, max-age=31536000, immutable
x-datadog-trace-id
2115422214828546106
accept-ranges
bytes
x-content-type-options
nosniff
Primary Request web-login
signin.dm.de/dm-de/authentication/
Redirect Chain
  • https://signin.dm.de/dm-de/oauth-authorize?scope=openid+email+roles+customerId&acr_values=web-login-page&prompt=login&state=piF7r89bNbZjA0xQuD22OFRrbEfUHeLUUM7D0gQfUYyzKY9RTBQndbP38jqkY80v&nonce=vN...
  • https://signin.dm.de/dm-de/authentication?serviceProviderId=dm-de-token-service-profile&client_id=nextaccount&acr=web-login-page&forceAuthN=true&resumePath=%2Fdm-de%2Foauth-authorize&state=R_J1LfAM...
  • https://signin.dm.de/dm-de/authentication/web-login
5 KB
5 KB
Document
General
Full URL
https://signin.dm.de/dm-de/authentication/web-login
Requested by
Host: account.dm.de
URL: https://account.dm.de/_next/static/chunks/pages/_app-34ed83b54387633129ed.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
0e0e69340e5b4ffdd8dd91cee9ada3077916687aca9092491cc8e7f457cc3112
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://account.dm.de
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://account.dm.de
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://account.dm.de/

Response headers

content-language
en
content-length
4631
content-security-policy
frame-ancestors https://account.dm.de
content-type
text/html;charset=utf-8
date
Fri, 03 Dec 2021 11:11:40 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Language
x-content-type-options
nosniff
x-frame-options
ALLOW-FROM https://account.dm.de
x-vcap-request-id
9ab6399f-94da-4c44-60ba-09fa7460162e
x-xss-protection
1; mode=block
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Redirect headers

content-length
0
content-security-policy
frame-ancestors https://account.dm.de
date
Fri, 03 Dec 2021 11:11:40 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://signin.dm.de/dm-de/authentication/web-login
server
nginx
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
ALLOW-FROM https://account.dm.de
x-vcap-request-id
e74fadbc-74a9-4529-5794-303706b0cca8
x-xss-protection
1; mode=block
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
dm-base.min.css
assets.dm.de/js-libraries/prod/css/
6 KB
647 B
Stylesheet
General
Full URL
https://assets.dm.de/js-libraries/prod/css/dm-base.min.css
Requested by
Host: signin.dm.de
URL: https://signin.dm.de/dm-de/authentication/web-login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9ffade704941227cf24ae72984b790b5d5a814ba1321e21db137fcb2d82b2f80

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 11:11:24 GMT
content-encoding
gzip
x-goog-meta-goog-reserved-file-mtime
1637252175
age
16
x-guploader-uploadid
ADPycdt14T417Wzhv9wWXsaYn1T-9CIYDtlL3CGyGxxrflx54UybgfrVEYBsMXezWDGxNyyWEryURDqAnmDXFRlVx4w
x-goog-storage-class
REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
580
last-modified
Fri, 19 Nov 2021 10:41:58 GMT
server
UploadServer
etag
"c218192835234224f7812b8d72a648ce"
vary
Accept-Encoding
x-goog-hash
crc32c=S2+XRg==, md5=whgZKDUjQiT3gSuNcqZIzg==
x-goog-generation
1637318518718121
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=60
x-goog-stored-content-length
580
accept-ranges
bytes
content-type
text/css
expires
Fri, 03 Dec 2021 11:12:24 GMT
libraries-dm.min.js
assets.dm.de/js-libraries/2021.1118.1057/js/
634 KB
182 KB
Script
General
Full URL
https://assets.dm.de/js-libraries/2021.1118.1057/js/libraries-dm.min.js
Requested by
Host: signin.dm.de
URL: https://signin.dm.de/dm-de/authentication/web-login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
daf369f225f35c5a01f0b51c02ce56df61b27cbc872cd3e929fc67e42aea81ff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 08:00:27 GMT
content-encoding
gzip
x-goog-meta-goog-reserved-file-mtime
1637252175
age
270673
x-guploader-uploadid
ADPycdv-cUS94q6TdvUi-BCGJg4IOtlcWlXRTG9MylqfULT_CH7dZ0bEpjAMj-zuQOBdGw3c0X7ZKnTveX01Xz8cd2-4A2u8nQ
x-goog-storage-class
REGIONAL
x-goog-metageneration
6
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
185935
last-modified
Thu, 18 Nov 2021 16:19:19 GMT
server
UploadServer
etag
"cd57d151380a823e64d490fda961534e"
vary
Accept-Encoding
x-goog-hash
crc32c=jiMnhQ==, md5=zVfRUTgKgj5k1JD9qWFTTg==
x-goog-generation
1637252359496471
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31556952
x-goog-stored-content-length
185935
accept-ranges
bytes
content-type
application/javascript
expires
Wed, 30 Nov 2022 08:00:27 GMT
design-system_globals.min.js
assets.dm.de/design-system/6.8.11/
93 KB
27 KB
Script
General
Full URL
https://assets.dm.de/design-system/6.8.11/design-system_globals.min.js
Requested by
Host: signin.dm.de
URL: https://signin.dm.de/dm-de/authentication/web-login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
12c36848f35565f6b17bd5928b3338e58bba76c68c0107ed31da8ab2df72c1df

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 10:42:48 GMT
content-encoding
gzip
age
1732
x-guploader-uploadid
ADPycduFsIcR_Qo05ia3QEHEsEltRdxeM8-HvaFW0gpNBrcTx-Fw1Nj59l5mfPBIj5HixjCqBLc9SDGxCfnYstfLdrE
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
27192
last-modified
Thu, 25 Nov 2021 09:04:12 GMT
server
UploadServer
etag
"865742dd7eeddcb1ea2e996904b9dbd3"
vary
Accept-Encoding
x-goog-hash
crc32c=A+FISA==, md5=hldC3X7t3LHqLplpBLnb0w==
x-goog-generation
1637831052276229
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=1800
x-goog-stored-content-length
27192
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 03 Dec 2021 11:12:48 GMT
design-system_dm.min.js
assets.dm.de/design-system/6.8.11/
274 KB
66 KB
Script
General
Full URL
https://assets.dm.de/design-system/6.8.11/design-system_dm.min.js
Requested by
Host: signin.dm.de
URL: https://signin.dm.de/dm-de/authentication/web-login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2769f52082319160fae846f1e9c28d7d9c60e6fb4fb20c15c668db7f9bbfc5ef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 10:42:48 GMT
content-encoding
gzip
age
1732
x-guploader-uploadid
ADPycdtjvj9QRZ3ziu3wG0mPXQ85baX19u7hVXOpzMAcwuBSMLOaepoq8_Dok0z2Oqy2mp352EuY-qLHW5MKO8aPh9EoTguJxw
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
67620
last-modified
Thu, 25 Nov 2021 09:04:10 GMT
server
UploadServer
etag
"28e9798bd3663c2d1e37d7f61b81e8a7"
vary
Accept-Encoding
x-goog-hash
crc32c=lnCm4g==, md5=KOl5i9NmPC0eN9f2G4Hopw==
x-goog-generation
1637831050119929
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=1800
x-goog-stored-content-length
67620
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 03 Dec 2021 11:12:48 GMT
auth-0.147.0.min.js
signin.dm.de/assets/js/
354 KB
79 KB
Script
General
Full URL
https://signin.dm.de/assets/js/auth-0.147.0.min.js
Requested by
Host: signin.dm.de
URL: https://signin.dm.de/dm-de/authentication/web-login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.94.164 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
164.94.201.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e50cb0108ac6dc7c70a48886e3262442fba8ec289a46f330d44945bb81e0458b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/dm-de/authentication/web-login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 11:11:32 GMT
via
1.1 google
x-content-type-options
nosniff
server
nginx
age
8
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
x-vcap-request-id
e17f6410-9b36-42ee-6994-0089df317eae
cache-control
public, max-age=300
content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
81223
magicDmSettings.min.js
assets.dm.de/om/api/prod/
772 B
649 B
Script
General
Full URL
https://assets.dm.de/om/api/prod/magicDmSettings.min.js
Requested by
Host: signin.dm.de
URL: https://signin.dm.de/dm-de/authentication/web-login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
737f77a7a1a4d0d0bdf35afa559dcf317b3e4f63c72e54dbc5d98255ee4030e6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 11:11:27 GMT
content-encoding
gzip
age
13
x-guploader-uploadid
ADPycds-edRU8ph2KYOEQixxNKASk9m8E24yba4iqm0AIZ0bdo1l07ALmsvhQc1_OMQZAen7kox_kuC8GuazMObRa83UGpbv5w
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
390
last-modified
Thu, 02 Dec 2021 13:23:31 GMT
server
UploadServer
etag
"f81e8edf751d019eaf979eb57789d4cc"
vary
Accept-Encoding
x-goog-hash
crc32c=3wvrbw==, md5=+B6O33UdAZ6vl561d4nUzA==
x-goog-generation
1638367965245613
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=60
x-goog-stored-content-length
390
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 03 Dec 2021 11:12:27 GMT
om-api.min.js
assets.dm.de/om/api/prod/
189 KB
40 KB
Script
General
Full URL
https://assets.dm.de/om/api/prod/om-api.min.js
Requested by
Host: signin.dm.de
URL: https://signin.dm.de/dm-de/authentication/web-login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
3654ff6602d11d5378bc694205dc207eaebd360fb240602b8adbc7ae2f310391

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 11:11:21 GMT
content-encoding
gzip
age
19
x-guploader-uploadid
ADPycdskGqhfh7GRgyOtqIhTb5MToUIJH1xEPj0G8myL2g5yZuJZGgXJLqmORGMjtha69pnU2L-gX1o6pOptEWckLpW-Zs1grw
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
40202
last-modified
Thu, 02 Dec 2021 13:23:31 GMT
server
UploadServer
etag
"708142025cb2a1c5c0c8c8b7c5fe35f0"
vary
Accept-Encoding
x-goog-hash
crc32c=Mzvifg==, md5=cIFCAlyyocXAyMi3xf418A==
x-goog-generation
1638451411530224
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=60
x-goog-stored-content-length
40202
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 03 Dec 2021 11:12:21 GMT
bundle.js
app.usercentrics.eu/browser-ui/latest/
548 KB
154 KB
Script
General
Full URL
https://app.usercentrics.eu/browser-ui/latest/bundle.js
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/om/api/prod/om-api.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
440d943f370eb7a31e6e981e305841adb312f561e4dc8f9d5f78d66359fce768
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 11:09:23 GMT
content-encoding
gzip
age
137
x-guploader-uploadid
ADPycduYZJjloGHWDuO33sjnspLfOd58DGzel-laUcH-4xomVqIGUyR-6UHGydJ7P7eaS9PugL1DBDk0FKkivOb8hOE
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
156745
last-modified
Wed, 01 Dec 2021 08:36:01 GMT
server
UploadServer
etag
"4d34425d488c8c99d107c66f5bbb7c10"
strict-transport-security
max-age=7776000
x-goog-hash
crc32c=VuKSXA==, md5=TTRCXUiMjJnRB8ZvW7t8EA==
x-goog-generation
1638347760980086
access-control-allow-origin
*
access-control-expose-headers
Content-Type, Content-Length, Transfer-Encoding
cache-control
public, max-age=3600, no-transform
x-goog-stored-content-length
156745
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 03 Dec 2021 12:09:23 GMT
design-system_IconSprite_190499d6b11b2ba122cd.min.js
assets.dm.de/design-system/6.8.11/
44 KB
11 KB
Script
General
Full URL
https://assets.dm.de/design-system/6.8.11/design-system_IconSprite_190499d6b11b2ba122cd.min.js
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/design-system/6.8.11/design-system_dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
ff4d295bc113a05783323b28da491a0f78272e814de418b6026954f4c38b1a1e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 09:08:43 GMT
content-encoding
gzip
age
698577
x-guploader-uploadid
ADPycdvraqMN981d9VJyA94XISwGWWV8N49s7Tm1ii3tPln2ZYwqUX56SXqxYXDpLVBOTSnsjruTTVdsQKe4x_i9M0w
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
10696
last-modified
Thu, 25 Nov 2021 09:04:15 GMT
server
UploadServer
etag
"ba5bc3af330a7b0e431a76312e479e89"
vary
Accept-Encoding
x-goog-hash
crc32c=/1877w==, md5=ulvDrzMKew5DGnYxLkeeiQ==
x-goog-generation
1637831055507691
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
10696
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 25 Nov 2022 09:08:43 GMT
design-system_Form_afe81fe730680cb2e441.min.js
assets.dm.de/design-system/6.8.11/
705 B
780 B
Script
General
Full URL
https://assets.dm.de/design-system/6.8.11/design-system_Form_afe81fe730680cb2e441.min.js
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/design-system/6.8.11/design-system_dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
5324c7fb79c1930a503894dadba9a9c480c7f65929f859b2d39d9db8938b707d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 09:18:57 GMT
content-encoding
gzip
age
697963
x-guploader-uploadid
ADPycdu5U7kaYPgFCmI5uNlhcP8yL5EXJouux1GPZG-DvOBmFYXpjDEgsz8t8nAow0aQUWW0dKPSeede7iUTGRPYoiOCOsWTXg
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
507
last-modified
Thu, 25 Nov 2021 09:04:15 GMT
server
UploadServer
etag
"66df5663c3e5dadcf2e9f5eff7e22541"
vary
Accept-Encoding
x-goog-hash
crc32c=j6f/Jw==, md5=Zt9WY8Pl2tzy6fXv9+IlQQ==
x-goog-generation
1637831055360808
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
507
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 25 Nov 2022 09:18:57 GMT
DMBrand-Regular.woff2
assets.dm.de/js-libraries/2021.1118.1057/fonts/
59 KB
59 KB
Font
General
Full URL
https://assets.dm.de/js-libraries/2021.1118.1057/fonts/DMBrand-Regular.woff2
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/js-libraries/prod/css/dm-base.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
452f0ccba0a751a2b13eaed16d5f2de38817429231f90f1435087615bea20f65

Request headers

Referer
https://assets.dm.de/js-libraries/prod/css/dm-base.min.css
Origin
https://signin.dm.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 10:42:32 GMT
content-encoding
gzip
x-goog-meta-goog-reserved-file-mtime
1637252175
age
1211348
x-guploader-uploadid
ADPycdvx51eKVaAY2AzvRmlI2chqKeDeSpFpIKfKNBQXAmTpOMIHiI7PP4dybOSo8GmZMXGpHJw4cDkeJYtWlZ5jRe-ND2nmQQ
x-goog-storage-class
REGIONAL
x-goog-metageneration
6
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
60538
last-modified
Thu, 18 Nov 2021 16:19:19 GMT
server
UploadServer
etag
"278969f0142a8fe26ebafb2f7e3b38c5"
vary
Accept-Encoding
x-goog-hash
crc32c=lXwdpQ==, md5=J4lp8BQqj+Juuvsvfjs4xQ==
x-goog-generation
1637252359300502
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public,max-age=31556952
x-goog-stored-content-length
60538
accept-ranges
bytes
content-type
font/woff2
expires
Sat, 19 Nov 2022 10:42:32 GMT
enterprise.js
www.recaptcha.net/recaptcha/
943 B
1002 B
Script
General
Full URL
https://www.recaptcha.net/recaptcha/enterprise.js?hl=de
Requested by
Host: signin.dm.de
URL: https://signin.dm.de/assets/js/auth-0.147.0.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
bfa7061d345823fcecc5a876900538a5563907dbccbda00a3b073b0abbc49fe0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 11:11:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
589
x-xss-protection
1; mode=block
expires
Fri, 03 Dec 2021 11:11:40 GMT
design-system_InputField_ca24a94a3a099faaefde.min.js
assets.dm.de/design-system/6.8.11/
4 KB
2 KB
Script
General
Full URL
https://assets.dm.de/design-system/6.8.11/design-system_InputField_ca24a94a3a099faaefde.min.js
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/design-system/6.8.11/design-system_dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
5b84a9f551f667b94c3d2baa0ad2de46dee7ce87720d7bf5dcf7a0011ff84a53

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 09:24:54 GMT
content-encoding
gzip
age
697606
x-guploader-uploadid
ADPycduOs72wuLlNU3N8frENJ0QYycyz4puObrVmvBVrZ1tfkjeYSG1EKR8yIpLUHEWyfz1d09t2pbKGPiXevEvNkCuCY-hFRw
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
1616
last-modified
Thu, 25 Nov 2021 09:04:15 GMT
server
UploadServer
etag
"8765052ec07ee162562d00a47962d3c5"
vary
Accept-Encoding
x-goog-hash
crc32c=6IjDfQ==, md5=h2UFLsB+4WJWLQCkeWLTxQ==
x-goog-generation
1637831055487373
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1616
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 25 Nov 2022 09:24:54 GMT
design-system_InputLabel_a037336d5b150aa8ddb5.min.js
assets.dm.de/design-system/6.8.11/
1 KB
982 B
Script
General
Full URL
https://assets.dm.de/design-system/6.8.11/design-system_InputLabel_a037336d5b150aa8ddb5.min.js
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/design-system/6.8.11/design-system_dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
72f2433e4821fea84a1fafee7ea4a87c0c88e4c1bd85964537ba0d45a166b53f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 09:18:58 GMT
content-encoding
gzip
age
697962
x-guploader-uploadid
ADPycdtyKtLFUcd36oa-UFsHEqxfV6EDQzQ_bgClnSVOdGlK8bvvwXBpPZqd-QYtUQEbDcZv1gP2u7FrXWDEDXiG0wZtfZVI3A
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
708
last-modified
Thu, 25 Nov 2021 09:04:15 GMT
server
UploadServer
etag
"14e193816189965c09becf031f5c1d03"
vary
Accept-Encoding
x-goog-hash
crc32c=izF6Lg==, md5=FOGTgWGJllwJvs8DH1wdAw==
x-goog-generation
1637831055486451
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
708
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 25 Nov 2022 09:18:58 GMT
design-system_InputWithIcon_dc56a4164418180833ac.min.js
assets.dm.de/design-system/6.8.11/
3 KB
2 KB
Script
General
Full URL
https://assets.dm.de/design-system/6.8.11/design-system_InputWithIcon_dc56a4164418180833ac.min.js
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/design-system/6.8.11/design-system_dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4d1f196e7542e0f314a7a0ddaf20b67435fca529aef0e2131f9aad99f8f85c43

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 08:00:27 GMT
content-encoding
gzip
age
270673
x-guploader-uploadid
ADPycdsdnm-97gTSQaV7J1KrqsDyslX2PNKx4-P5V0cj-8tZYL6R8QzAPvYP7p4Gq03r1DTP8QEp-Hu8RvUL4e35ObQ
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
1346
last-modified
Thu, 25 Nov 2021 09:04:15 GMT
server
UploadServer
etag
"8d4e54191a6598802bdb7c68dbe625e5"
vary
Accept-Encoding
x-goog-hash
crc32c=pybt+A==, md5=jU5UGRplmIAr23xo2+Yl5Q==
x-goog-generation
1637831055516895
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1346
accept-ranges
bytes
content-type
application/javascript
expires
Wed, 30 Nov 2022 08:00:27 GMT
design-system_CheckboxField_f1892699f1486553ecc3.min.js
assets.dm.de/design-system/6.8.11/
5 KB
2 KB
Script
General
Full URL
https://assets.dm.de/design-system/6.8.11/design-system_CheckboxField_f1892699f1486553ecc3.min.js
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/design-system/6.8.11/design-system_dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
1c925462a7954bc34df807f354fbb27410954acea7d56839dd5ded7655fe45d8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 09:24:54 GMT
content-encoding
gzip
age
697606
x-guploader-uploadid
ADPycdsB6kx1DWsq_34bdpMPiMEvRp6poeD3UGvA3HuggpwQ-GmhqvxI0UOkObSezkkHs6qPOywjLUwPQQjbjmjiBcCPnaMQAA
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
1998
last-modified
Thu, 25 Nov 2021 09:04:14 GMT
server
UploadServer
etag
"c373c3245cc6fa361957db1f8b9a6656"
vary
Accept-Encoding
x-goog-hash
crc32c=4CAE4g==, md5=w3PDJFzG+jYZV9sfi5pmVg==
x-goog-generation
1637831054753802
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1998
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 25 Nov 2022 09:24:54 GMT
design-system_vendors~LayerNew~SearchFormWithSuggestions_51290fe7acfc74660594.min.js
assets.dm.de/design-system/6.8.11/
18 KB
7 KB
Script
General
Full URL
https://assets.dm.de/design-system/6.8.11/design-system_vendors~LayerNew~SearchFormWithSuggestions_51290fe7acfc74660594.min.js
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/design-system/6.8.11/design-system_dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
7acc9628d851907184b2b12912f5b373cb6c982eef9f2e38ddd90745888a6c76

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 09:08:43 GMT
content-encoding
gzip
age
698577
x-guploader-uploadid
ADPycduOGiY3uG_759t7FtzHEGWi19X79qjee6-CR-oAZvJsFZZ7cNc0wXS5YW4X576QDvnstqMdEGxnH1ilwdrUXCU
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
6721
last-modified
Thu, 25 Nov 2021 09:04:16 GMT
server
UploadServer
etag
"f416fad1c9d638fb6277ec0ed0b7cefd"
vary
Accept-Encoding
x-goog-hash
crc32c=gBaw/g==, md5=9Bb60cnWOPtid+wO0LfO/Q==
x-goog-generation
1637831056772692
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
6721
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 25 Nov 2022 09:08:43 GMT
design-system_LayerNew_d5f26afff07b9e44e56e.min.js
assets.dm.de/design-system/6.8.11/
7 KB
3 KB
Script
General
Full URL
https://assets.dm.de/design-system/6.8.11/design-system_LayerNew_d5f26afff07b9e44e56e.min.js
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/design-system/6.8.11/design-system_dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
d344e7e68f4552c8953aac56dd494d2cd17318d862b78ad8b324db8a4fb8cb48

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 09:08:48 GMT
content-encoding
gzip
age
698572
x-guploader-uploadid
ADPycdv8tLzZArfKG8donU1C7Y159hMARXFIF0dgFtFTwyuV88Ofx91O15Y3LreslpsSRKZQ6zGepfaUYhz9Yng5XGrcHShmHg
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
2675
last-modified
Thu, 25 Nov 2021 09:04:15 GMT
server
UploadServer
etag
"b8bb57761e2828e624bc0034cd9027b9"
vary
Accept-Encoding
x-goog-hash
crc32c=NUiLPQ==, md5=uLtXdh4oKOYkvAA0zZAnuQ==
x-goog-generation
1637831055534128
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
2675
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 25 Nov 2022 09:08:48 GMT
design-system_Separator_a5576de724ab2b20a3c6.min.js
assets.dm.de/design-system/6.8.11/
689 B
774 B
Script
General
Full URL
https://assets.dm.de/design-system/6.8.11/design-system_Separator_a5576de724ab2b20a3c6.min.js
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/design-system/6.8.11/design-system_dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
5a28abcaac5c8af9fcfccbfe6e77f5b2f9b4f881b9e3458d433ee74d12f1c2ce

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 09:17:52 GMT
content-encoding
gzip
age
698028
x-guploader-uploadid
ADPycdsitIk_qkEqT1mohzTO2Y_0wP1BinFJv7Qh9pFnP6WTSOSabQRkcY9zuDtEUVxF0DZks4f7PL69_Vywbe5CoQ-YIrNzCA
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
501
last-modified
Thu, 25 Nov 2021 09:04:16 GMT
server
UploadServer
etag
"8c734261d2cee089ce4a91198a926d71"
vary
Accept-Encoding
x-goog-hash
crc32c=xE6Pjw==, md5=jHNCYdLO4InOSpEZipJtcQ==
x-goog-generation
1637831056215722
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
501
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 25 Nov 2022 09:17:52 GMT
DMBrand-Medium.woff2
assets.dm.de/js-libraries/2021.1118.1057/fonts/
59 KB
59 KB
Font
General
Full URL
https://assets.dm.de/js-libraries/2021.1118.1057/fonts/DMBrand-Medium.woff2
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/js-libraries/prod/css/dm-base.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
02cec45dd64b5ef59a99478302a5876355a7b6bea9be1f058fb66fc05821a0b8

Request headers

Referer
https://assets.dm.de/js-libraries/prod/css/dm-base.min.css
Origin
https://signin.dm.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 10:42:33 GMT
content-encoding
gzip
x-goog-meta-goog-reserved-file-mtime
1637252175
age
1211347
x-guploader-uploadid
ADPycdsOHEHFnVk1MHVryAYp9ccmjYBHHYytek10Y0AiO3gkDJmXGbl_w30qZZ5Ry7wCgJZ_jEAVcX8t1wvPXarUc8PJzHUvrA
x-goog-storage-class
REGIONAL
x-goog-metageneration
6
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
60435
last-modified
Thu, 18 Nov 2021 16:19:19 GMT
server
UploadServer
etag
"fc8e85a3701756a3848562294c2be3fc"
vary
Accept-Encoding
x-goog-hash
crc32c=6J8yaw==, md5=/I6Fo3AXVqOEhWIpTCvj/A==
x-goog-generation
1637252359194400
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public,max-age=31556952
x-goog-stored-content-length
60435
accept-ranges
bytes
content-type
font/woff2
expires
Sat, 19 Nov 2022 10:42:33 GMT
design-system_EyeIcon_7e705ac5371dee130fb6.min.js
assets.dm.de/design-system/6.8.11/
1 KB
1 KB
Script
General
Full URL
https://assets.dm.de/design-system/6.8.11/design-system_EyeIcon_7e705ac5371dee130fb6.min.js
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/design-system/6.8.11/design-system_dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
5f1fd147196fc91cde5a2700a075ae3a8763941ccfadc71f98201c13f88d6a91

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 08:00:27 GMT
content-encoding
gzip
age
270673
x-guploader-uploadid
ADPycdsXxxqR4jVJ3CN9yRXhR8rzsrK77ZH2ayxZVE5e-sGZa-Xcak2RGVKu0JtbDmP1CnJt0t3Ek_4LmbeeBz7RJzM
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
866
last-modified
Thu, 25 Nov 2021 09:04:15 GMT
server
UploadServer
etag
"9be05c7dea05dbcdf171359c43442daf"
vary
Accept-Encoding
x-goog-hash
crc32c=Yv71wg==, md5=m+BcfeoF283xcTWcQ0Qtrw==
x-goog-generation
1637831055334999
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
866
accept-ranges
bytes
content-type
application/javascript
expires
Wed, 30 Nov 2022 08:00:27 GMT
truncated
/
702 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f3722afbf616f94e4c92396c7ba76bc0bf6e3f3c818e7162c41364e4f6f63ef5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
languages.json
api.usercentrics.eu/settings/GQ5XCUXY9/latest/ Frame
0
0
Preflight
General
Full URL
https://api.usercentrics.eu/settings/GQ5XCUXY9/latest/languages.json
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://signin.dm.de
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

x-guploader-uploadid
ADPycdvwZOjz-bCIlWcKJ3XyWMg95Fm9zfG35FxeX20MZRpMGNYxY5FPBOJGE1cOhLZpPWoRN5SxF5fRnwM8MNc25RjwunYZfQ
access-control-allow-origin
*
access-control-max-age
3600
access-control-allow-methods
GET,HEAD,PUT,POST,DELETE
access-control-allow-headers
Content-Type,Origin
date
Fri, 03 Dec 2021 11:11:40 GMT
expires
Fri, 03 Dec 2021 11:11:40 GMT
cache-control
private, max-age=0
content-length
0
server
UploadServer
content-type
text/html; charset=UTF-8
strict-transport-security
max-age=7776000
alt-svc
clear
languages.json
api.usercentrics.eu/settings/GQ5XCUXY9/latest/
126 B
659 B
Fetch
General
Full URL
https://api.usercentrics.eu/settings/GQ5XCUXY9/latest/languages.json
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/js-libraries/2021.1118.1057/js/libraries-dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
3676f8c6ca86fbcce085254ed740e5839dff33aaf42e074cfca7951d8ead5275
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://signin.dm.de/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type
application/json

Response headers

date
Fri, 03 Dec 2021 11:11:38 GMT
content-encoding
gzip
age
2
x-guploader-uploadid
ADPycduk4C8Uk_EtYVUHYr8Whxo8TIUwNqVfoq2wglXEwH5jp7Uu9qiNH09NkDBxWm3GqdzieQd_DCWfBFIV5iEPzFmphYgSvQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
107
last-modified
Tue, 23 Nov 2021 14:28:53 GMT
server
UploadServer
etag
"b222d10c328372ac597e76f9bebc02a5"
strict-transport-security
max-age=7776000
x-goog-hash
crc32c=ET3VNg==, md5=siLRDDKDcqxZfnb5vrwCpQ==
x-goog-generation
1636964755361543
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Origin, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=1800, s-maxage=10, no-transform
x-goog-stored-content-length
107
accept-ranges
bytes
content-type
application/json
expires
Fri, 03 Dec 2021 11:11:48 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/
347 KB
136 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__de.js
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise.js?hl=de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0a56234241a7dd6d1f2a13b3d521d260c999c9bf50e97f255859649775eec6ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://signin.dm.de/
Origin
https://signin.dm.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 10:27:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2671
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
138691
x-xss-protection
0
last-modified
Mon, 15 Nov 2021 05:04:02 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Sat, 03 Dec 2022 10:27:09 GMT
dps-de.json
api.usercentrics.eu/settings/GQ5XCUXY9/latest/ Frame
0
0
Preflight
General
Full URL
https://api.usercentrics.eu/settings/GQ5XCUXY9/latest/dps-de.json
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://signin.dm.de
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

x-guploader-uploadid
ADPycdtbe-LE4dxB42WXpVbeS4ZgmVDPW6nML7bxT9DTEyt5lZv-Wgh7MydwDkVjySIRgdSt3ZJDCKwYKtzQ8h89v20
access-control-allow-origin
*
access-control-max-age
3600
access-control-allow-methods
GET,HEAD,PUT,POST,DELETE
access-control-allow-headers
Content-Type,Origin
date
Fri, 03 Dec 2021 11:11:40 GMT
expires
Fri, 03 Dec 2021 11:11:40 GMT
cache-control
private, max-age=0
content-length
0
server
UploadServer
content-type
text/html; charset=UTF-8
strict-transport-security
max-age=7776000
alt-svc
clear
dps-de.json
api.usercentrics.eu/settings/GQ5XCUXY9/latest/
7 KB
2 KB
Fetch
General
Full URL
https://api.usercentrics.eu/settings/GQ5XCUXY9/latest/dps-de.json
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/js-libraries/2021.1118.1057/js/libraries-dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
4bb8f1aedc7f2cc87c1aaa62b8753ebb2e2d804d909ebd5efbf07ec87965f315
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://signin.dm.de/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type
application/json

Response headers

date
Fri, 03 Dec 2021 11:11:38 GMT
content-encoding
gzip
age
2
x-guploader-uploadid
ADPycdtgWURgq9Ax_KMGJy2cV3t21MoYN5V1L3JClytpSQ6UwKX_rlbSgGznFApW6-kty5hvrDqK27T1DWOQ8f43O9ZWn_6lsg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
1346
last-modified
Tue, 23 Nov 2021 14:28:53 GMT
server
UploadServer
etag
"0dcb61193e20010824dbedeeb48fceb5"
strict-transport-security
max-age=7776000
x-goog-hash
crc32c=efMNig==, md5=DcthGT4gAQgk2+3utI/OtQ==
x-goog-generation
1637677732992134
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Origin, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=1800, s-maxage=10, no-transform
x-goog-stored-content-length
1346
accept-ranges
bytes
content-type
application/json
expires
Fri, 03 Dec 2021 11:11:48 GMT
core.json
api.usercentrics.eu/settings/GQ5XCUXY9/latest/
530 B
586 B
Fetch
General
Full URL
https://api.usercentrics.eu/settings/GQ5XCUXY9/latest/core.json
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/js-libraries/2021.1118.1057/js/libraries-dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
82d0611f82dffea0d445a0d7d8011eb04eeb97e9abfaf1544f4f4f23739314e3
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://signin.dm.de/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type
application/json

Response headers

date
Fri, 03 Dec 2021 11:11:34 GMT
content-encoding
gzip
age
6
x-guploader-uploadid
ADPycdui_rtnsOexR7jA0X_bODfz9qwNQptpZQZUVhn4R3qzTxQRZypDaSTuCifaEAgxblyKdNm9iUStdGKtmkayodI
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
335
last-modified
Tue, 23 Nov 2021 14:28:53 GMT
server
UploadServer
etag
"cdffda932879b86a7c863414ef4762f2"
strict-transport-security
max-age=7776000
x-goog-hash
crc32c=2gbXNg==, md5=zf/akyh5uGp8hjQU70di8g==
x-goog-generation
1637677732988715
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Origin, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=1800, s-maxage=10, no-transform
x-goog-stored-content-length
335
accept-ranges
bytes
content-type
application/json
expires
Fri, 03 Dec 2021 11:11:44 GMT
core.json
api.usercentrics.eu/settings/GQ5XCUXY9/latest/ Frame
0
0
Preflight
General
Full URL
https://api.usercentrics.eu/settings/GQ5XCUXY9/latest/core.json
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://signin.dm.de
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

x-guploader-uploadid
ADPycduaut_Wlih2s9iS54qMezaZFIHmnDpnHdZHLdeCu6IHyQjJYTsKRaWLVgQtQ-J6Vu_jjciNGoguJW3UuztIf_I
access-control-allow-origin
*
access-control-max-age
3600
access-control-allow-methods
GET,HEAD,PUT,POST,DELETE
access-control-allow-headers
Content-Type,Origin
date
Fri, 03 Dec 2021 11:11:40 GMT
expires
Fri, 03 Dec 2021 11:11:40 GMT
cache-control
private, max-age=0
content-length
0
server
UploadServer
content-type
text/html; charset=UTF-8
strict-transport-security
max-age=7776000
alt-svc
clear
cross-domain-bridge.html
app.usercentrics.eu/browser-sdk/2.12.8/ Frame 40ED
5 KB
1 KB
Document
General
Full URL
https://app.usercentrics.eu/browser-sdk/2.12.8/cross-domain-bridge.html
Requested by
Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/latest/bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
8563f915516318c564b1a4b4d4005778294178cfac736d0ed7dd5afa86d4cd50
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/

Response headers

x-guploader-uploadid
ADPycdt3dTDnLy0IRKIr5HmvQ0YhRAgA0RGX9X4Cr1DVejfPPNpdO1mdGGmUm_L1hMknL7T0J3ihr9L0j-4ITzp99cMqJe__wg
date
Wed, 01 Dec 2021 08:11:43 GMT
expires
Fri, 31 Dec 2021 08:11:43 GMT
last-modified
Tue, 30 Nov 2021 10:08:54 GMT
etag
"40a7a80e0eeef11d8e22ce4e8081a5a3"
x-goog-generation
1638266934178070
x-goog-metageneration
3
x-goog-stored-content-encoding
gzip
x-goog-stored-content-length
1123
content-type
text/html
content-encoding
gzip
x-goog-hash
crc32c=IVQyyw== md5=QKeoDg7u8R2OIs5OgIGlow==
x-goog-storage-class
STANDARD
accept-ranges
bytes
content-length
1123
access-control-allow-origin
*
access-control-expose-headers
Content-Type Content-Length Transfer-Encoding
server
UploadServer
age
183597
cache-control
public, max-age=2592000, no-transform
strict-transport-security
max-age=7776000
alt-svc
clear
1px.png
app.usercentrics.eu/session/
489 B
836 B
Image
General
Full URL
https://app.usercentrics.eu/session/1px.png?settingsId=GQ5XCUXY9
Requested by
Host: signin.dm.de
URL: https://signin.dm.de/dm-de/authentication/web-login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
009a4cf1623ff76804e55d59a17f680f77d8c76ada674500997ff44cc7ac0741
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 10:51:43 GMT
content-encoding
gzip
age
1197
x-guploader-uploadid
ADPycdsmcupv7YQNdctpVhJ9C0D-F9q3umGGsCmxX2-Fov9P2TZ0TFaOgxGEKZ8afRjXnVqss0NaaVY4qk_Ich58pq_8sw-x3Q
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
522
last-modified
Fri, 08 May 2020 09:06:13 GMT
server
UploadServer
etag
"3702ada73b8951017b8451cbd6a96523"
strict-transport-security
max-age=7776000
x-goog-hash
crc32c=pFwm0Q==, md5=NwKtpzuJUQF7hFHL1qllIw==
x-goog-generation
1588928773413784
cache-control
public,max-age=1800,no-transform
x-goog-stored-content-length
522
accept-ranges
bytes
content-type
image/png
expires
Fri, 03 Dec 2021 11:21:43 GMT
de.json
api.usercentrics.eu/settings/GQ5XCUXY9/latest/
29 KB
8 KB
Fetch
General
Full URL
https://api.usercentrics.eu/settings/GQ5XCUXY9/latest/de.json
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/js-libraries/2021.1118.1057/js/libraries-dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
2563c10cf64a8fc6ec75008fbc39ba2b9ae09fd3e785e4eb7e2eec7c308aeb6f
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://signin.dm.de/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type
application/json

Response headers

date
Fri, 03 Dec 2021 11:11:38 GMT
content-encoding
gzip
age
3
x-guploader-uploadid
ADPycdsDcP6HeGb2JDDUK0EPUsadB0Yg_wG6tg_EDxpg4diJo3RjnNid1ugwhmbozJOdYUcGJat_nC1ZxZ6HhrwI9Nc
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
8279
last-modified
Tue, 23 Nov 2021 14:28:53 GMT
server
UploadServer
etag
"de8c2230f4350e64197192e20aa35eaa"
strict-transport-security
max-age=7776000
x-goog-hash
crc32c=0si1lw==, md5=3owiMPQ1DmQZcZLiCqNeqg==
x-goog-generation
1637677732983072
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Origin, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=1800, s-maxage=10, no-transform
x-goog-stored-content-length
8279
accept-ranges
bytes
content-type
application/json
expires
Fri, 03 Dec 2021 11:11:48 GMT
de.json
api.usercentrics.eu/settings/GQ5XCUXY9/latest/ Frame
0
0
Preflight
General
Full URL
https://api.usercentrics.eu/settings/GQ5XCUXY9/latest/de.json
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://signin.dm.de
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

x-guploader-uploadid
ADPycdtceaWc6ebM-e3m2i2984rjDVauJtH2HWaQQieaj5ZPrZt-pd-Jdznut2U_J1iTbL5LJ9yEoPOuMsbWIwfd0DA
access-control-allow-origin
*
access-control-max-age
3600
access-control-allow-methods
GET,HEAD,PUT,POST,DELETE
access-control-allow-headers
Content-Type,Origin
date
Fri, 03 Dec 2021 11:11:40 GMT
expires
Fri, 03 Dec 2021 11:11:40 GMT
cache-control
private, max-age=0
content-length
0
server
UploadServer
content-type
text/html; charset=UTF-8
strict-transport-security
max-age=7776000
alt-svc
clear
de
aggregator.service.usercentrics.eu/aggregate/
75 KB
10 KB
Fetch
General
Full URL
https://aggregator.service.usercentrics.eu/aggregate/de?templates=04-zirlyd@3.2.11,0j_ZFVxzP@3.1.7,4Sw0Se1ko@2.1.9,4pWGT3Gbp@2.1.8,5znn6Q5K2@3.1.10,7Pa6xM8iu@3.3.8,BZBd9foiZ@3.2.8,BfyCQ03TY@3.1.9,Ez77BqgNY@5.3.20,HVkEaeYk-@3.1.12,JDzyzXLOL@4.1.7,JpNpnWSgn@9.3.24,L9XQsP9Eg@7.3.17,XwP1fxgyc@2.1.9,a4NZq5Ydr@2.1.9,gTXpE6mwh@2.0.10,kT2Q2DvrN@4.1.10,rIK6GXZs2@2.0.7,xO4pVRK_j@3.1.9
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/js-libraries/2021.1118.1057/js/libraries-dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:256b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
a91fe67eebef93417306ab06b05c1995aa3ee63f19b03eb8b0694c447da16703

Request headers

Referer
https://signin.dm.de/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type
application/json

Response headers

date
Tue, 30 Nov 2021 14:29:00 GMT
content-encoding
br
server
Google Frontend
age
247361
etag
"11uzsnk"
vary
Accept-Encoding, accept-encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=604800
alt-svc
clear
content-length
10188
via
1.1 google
de
aggregator.service.usercentrics.eu/aggregate/ Frame
0
0
Preflight
General
Full URL
https://aggregator.service.usercentrics.eu/aggregate/de?templates=04-zirlyd@3.2.11,0j_ZFVxzP@3.1.7,4Sw0Se1ko@2.1.9,4pWGT3Gbp@2.1.8,5znn6Q5K2@3.1.10,7Pa6xM8iu@3.3.8,BZBd9foiZ@3.2.8,BfyCQ03TY@3.1.9,Ez77BqgNY@5.3.20,HVkEaeYk-@3.1.12,JDzyzXLOL@4.1.7,JpNpnWSgn@9.3.24,L9XQsP9Eg@7.3.17,XwP1fxgyc@2.1.9,a4NZq5Ydr@2.1.9,gTXpE6mwh@2.0.10,kT2Q2DvrN@4.1.10,rIK6GXZs2@2.0.7,xO4pVRK_j@3.1.9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:256b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://signin.dm.de
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

vary
Origin, Access-Control-Request-Headers
access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-headers
content-type
access-control-max-age
86400
x-cloud-trace-context
6d8135e1626e8d2ac485f3ca655f0565
date
Fri, 03 Dec 2021 11:11:41 GMT
content-type
text/html
server
Google Frontend
content-length
0
via
1.1 google
alt-svc
clear
anchor
www.recaptcha.net/recaptcha/enterprise/ Frame D506
40 KB
20 KB
Document
General
Full URL
https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY&co=aHR0cHM6Ly9zaWduaW4uZG0uZGU6NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&sa=login&cb=vlbzojbn422y
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
e1e2415e80fdb9c6fca8302455484db2e628abcf91e237d37d3d0c4f4ecca430
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-OrfXt1xJN99NPxNO1AgVfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Fri, 03 Dec 2021 11:11:41 GMT
content-security-policy
script-src 'report-sample' 'nonce-OrfXt1xJN99NPxNO1AgVfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
20872
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
translations-de.json
api.usercentrics.eu/translations/
7 KB
3 KB
Fetch
General
Full URL
https://api.usercentrics.eu/translations/translations-de.json
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/js-libraries/2021.1118.1057/js/libraries-dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
b363f0a47bc38a40c1282d2b24aa85128b9ad2e8ac099658ef1e3191fcef3c88
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://signin.dm.de/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type
application/json

Response headers

date
Thu, 02 Dec 2021 23:10:03 GMT
content-encoding
gzip
vary
Accept-Encoding
age
43298
x-guploader-uploadid
ADPycdtB5LGhJLfKAVKJEVMJz9IKUboUfm02z0d-ngC9IEy8zCsCgbzk9wapMTt8fgt0lx7iLNUwLT2NMFXo_xNjU0s
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
2341
last-modified
Mon, 22 Nov 2021 16:24:39 GMT
server
UploadServer
etag
"0aacb08a508877dc40207dbfa7eec56d"
strict-transport-security
max-age=7776000
x-goog-hash
crc32c=nqUTFQ==, md5=CqywilCId9xAIH2/p+7FbQ==
x-goog-generation
1637598279343086
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Origin, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400, s-maxage=86400
x-goog-stored-content-length
2341
accept-ranges
bytes
content-type
application/json
expires
Fri, 03 Dec 2021 23:10:03 GMT
translations-de.json
api.usercentrics.eu/translations/ Frame
0
0
Preflight
General
Full URL
https://api.usercentrics.eu/translations/translations-de.json
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://signin.dm.de
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

x-guploader-uploadid
ADPycdtP9-ya04K0nqMuYylRabF9C_F16X-ljINzEm4vtr-todg2bC_4_KRHiurCpaqDH028QDLGMmK-t3E0LjWdBUk
access-control-allow-origin
*
access-control-max-age
3600
access-control-allow-methods
GET,HEAD,PUT,POST,DELETE
access-control-allow-headers
Content-Type,Origin
date
Fri, 03 Dec 2021 11:11:41 GMT
expires
Fri, 03 Dec 2021 11:11:41 GMT
cache-control
private, max-age=0
content-length
0
server
UploadServer
content-type
text/html; charset=UTF-8
strict-transport-security
max-age=7776000
alt-svc
clear
graphql
graphql.usercentrics.eu/ Frame
0
0
Preflight
General
Full URL
https://graphql.usercentrics.eu/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:7903:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
access-control-allow-origin,content-type,x-request-id
Origin
https://signin.dm.de
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Fri, 03 Dec 2021 11:11:41 GMT
content-length
0
x-powered-by
Express
access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
access-control-allow-origin,content-type,x-request-id
via
1.1 google
alt-svc
clear
graphql
graphql.usercentrics.eu/
2 KB
945 B
Fetch
General
Full URL
https://graphql.usercentrics.eu/graphql
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/js-libraries/2021.1118.1057/js/libraries-dm.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:7903:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/ Express
Resource Hash
d5140a9a235c280fe2786bf8453f955f956ce0e1fb9832af61ee5af999ac651a

Request headers

Access-Control-Allow-Origin
*
Accept
application/json
Referer
https://signin.dm.de/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
X-Request-ID
0f2ba1dd-c501-4605-a9ba-50564d43e4c1
content-type
application/json

Response headers

date
Fri, 03 Dec 2021 11:11:41 GMT
content-encoding
gzip
etag
W/"628-v2jIOkvYDk6uPbPJvvTbUEbgNNA"
x-powered-by
Express
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
alt-svc
clear
via
1.1 google
uct
uct.service.usercentrics.eu/
0
0

dm-ds-brand.svg
assets.dm.de/design-system/prod/assets/
2 KB
1 KB
Image
General
Full URL
https://assets.dm.de/design-system/prod/assets/dm-ds-brand.svg
Requested by
Host: signin.dm.de
URL: https://signin.dm.de/dm-de/authentication/web-login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
52eab6899f80be9cccc850d45c735af902b67d94f82ebb02eb9dff28d0940f0d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 11:09:34 GMT
content-encoding
gzip
age
127
x-guploader-uploadid
ADPycdvABDts4Ikm-2ota0WZwlJZK19F1USPMHo8WObkAZJ61-BWjtg5lNxhbemWjG4HlzI6tj2F5T5lmdSn7qdWqiM
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
1199
last-modified
Thu, 02 Dec 2021 11:06:19 GMT
server
UploadServer
etag
"3ce0d74f9a58616c1e4c99a25cf9fe7a"
vary
Accept-Encoding
x-goog-hash
crc32c=FgNVmw==, md5=PODXT5pYYWweTJmiXPn+eg==
x-goog-generation
1638443179215449
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=1800
x-goog-stored-content-length
1199
accept-ranges
bytes
content-type
image/svg+xml
expires
Fri, 03 Dec 2021 11:39:34 GMT
styles__ltr.css
www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/ Frame D506
51 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY&co=aHR0cHM6Ly9zaWduaW4uZG0uZGU6NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&sa=login&cb=vlbzojbn422y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.recaptcha.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 10:27:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2666
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24065
x-xss-protection
0
last-modified
Mon, 15 Nov 2021 05:04:02 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Sat, 03 Dec 2022 10:27:15 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/ Frame D506
347 KB
135 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__de.js
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY&co=aHR0cHM6Ly9zaWduaW4uZG0uZGU6NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&sa=login&cb=vlbzojbn422y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0a56234241a7dd6d1f2a13b3d521d260c999c9bf50e97f255859649775eec6ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.recaptcha.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 10:27:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2672
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
138691
x-xss-protection
0
last-modified
Mon, 15 Nov 2021 05:04:02 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Sat, 03 Dec 2022 10:27:09 GMT
DMBrand-Bold.woff2
assets.dm.de/js-libraries/2021.1118.1057/fonts/
59 KB
60 KB
Font
General
Full URL
https://assets.dm.de/js-libraries/2021.1118.1057/fonts/DMBrand-Bold.woff2
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/js-libraries/prod/css/dm-base.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
13259848536be75c3cfd3feba67ef5d90e89fbd6b252583da07e77e81f71e35d

Request headers

Referer
https://assets.dm.de/js-libraries/prod/css/dm-base.min.css
Origin
https://signin.dm.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 10:42:33 GMT
content-encoding
gzip
x-goog-meta-goog-reserved-file-mtime
1637252175
age
1211348
x-guploader-uploadid
ADPycdsQ_o5rFdOxmXVuwJaeMFyqgboYKS1gHPqjgJWTElNBNvtAjChzNA-DZDquogPE1ZOFJNcqpyg_Wg7wmFCcfZoTO9vz2Q
x-goog-storage-class
REGIONAL
x-goog-metageneration
6
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
60873
last-modified
Thu, 18 Nov 2021 16:19:19 GMT
server
UploadServer
etag
"f98e482df925634dfcf85b04cc2c540b"
vary
Accept-Encoding
x-goog-hash
crc32c=s6ttCg==, md5=+Y5ILfklY038+FsEzCxUCw==
x-goog-generation
1637252359064638
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public,max-age=31556952
x-goog-stored-content-length
60873
accept-ranges
bytes
content-type
font/woff2
expires
Sat, 19 Nov 2022 10:42:33 GMT
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame D506
2 KB
2 KB
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 07:03:19 GMT
x-content-type-options
nosniff
age
14902
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Fri, 10 Dec 2021 07:03:19 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame D506
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY&co=aHR0cHM6Ly9zaWduaW4uZG0uZGU6NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&sa=login&cb=vlbzojbn422y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.recaptcha.net/
Origin
https://www.recaptcha.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 17:06:41 GMT
x-content-type-options
nosniff
age
237900
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 30 Nov 2022 17:06:41 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame D506
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY&co=aHR0cHM6Ly9zaWduaW4uZG0uZGU6NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&sa=login&cb=vlbzojbn422y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.recaptcha.net/
Origin
https://www.recaptcha.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 14:17:54 GMT
x-content-type-options
nosniff
age
248027
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 30 Nov 2022 14:17:54 GMT
webworker.js
www.recaptcha.net/recaptcha/enterprise/ Frame D506
102 B
134 B
Other
General
Full URL
https://www.recaptcha.net/recaptcha/enterprise/webworker.js?hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY&co=aHR0cHM6Ly9zaWduaW4uZG0uZGU6NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&sa=login&cb=vlbzojbn422y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
23d4875896a0991fa45cd27b4935dc479b16e1a0774d10cf2d7ccc5406ef2764
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY&co=aHR0cHM6Ly9zaWduaW4uZG0uZGU6NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&sa=login&cb=vlbzojbn422y
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 11:11:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112
x-xss-protection
1; mode=block
expires
Fri, 03 Dec 2021 11:11:41 GMT
bframe
www.recaptcha.net/recaptcha/enterprise/ Frame B4F4
7 KB
1 KB
Document
General
Full URL
https://www.recaptcha.net/recaptcha/enterprise/bframe?hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f8dfd8b5ff21492b0aa231cef9c6067d0cbc4fae6a4371e9f13b96dddc5d142b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-zLPd122mWxXZ66h+U8JvoQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Fri, 03 Dec 2021 11:11:41 GMT
content-security-policy
script-src 'report-sample' 'nonce-zLPd122mWxXZ66h+U8JvoQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1118
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
styles__ltr.css
www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/ Frame B4F4
51 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise/bframe?hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.recaptcha.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 10:27:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2666
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24065
x-xss-protection
0
last-modified
Mon, 15 Nov 2021 05:04:02 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Sat, 03 Dec 2022 10:27:15 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/ Frame B4F4
347 KB
135 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__de.js
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise/bframe?hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0a56234241a7dd6d1f2a13b3d521d260c999c9bf50e97f255859649775eec6ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.recaptcha.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 10:27:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2672
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
138691
x-xss-protection
0
last-modified
Mon, 15 Nov 2021 05:04:02 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Sat, 03 Dec 2022 10:27:09 GMT
index_de_storage.html
sandbox.om.dm.de/LATEST/ Frame 1D91
197 B
679 B
Document
General
Full URL
https://sandbox.om.dm.de/LATEST/index_de_storage.html?iframeId=OM_STORAGE_FRAME&p
Requested by
Host: assets.dm.de
URL: https://assets.dm.de/om/api/prod/om-api.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
cebcafb2948b59846a8990041ff37040b0f2c209c19bb360aed5e608f6669423

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://signin.dm.de/

Response headers

x-guploader-uploadid
ADPycdsDl1F_HVofnRhd-6Wk2apyw6CnD3SmFqBoLQlJOqxWomknFsxWqQ5COj7D9gwQ1RUWZm5OrZuiAhXnRvFlsKI
date
Fri, 03 Dec 2021 11:10:24 GMT
expires
Fri, 03 Dec 2021 11:12:24 GMT
last-modified
Wed, 01 Dec 2021 12:26:53 GMT
etag
"3ea8521e655928acff970ad6edb7dcee"
x-goog-generation
1638361613044272
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
x-goog-stored-content-length
180
x-goog-meta-goog-reserved-file-mtime
1638353916
content-type
text/html
content-encoding
gzip
x-goog-hash
crc32c=ujUutg== md5=PqhSHmVZKKz/lwrW7bfc7g==
x-goog-storage-class
REGIONAL
accept-ranges
bytes
vary
Accept-Encoding
content-length
180
server
UploadServer
age
77
cache-control
public,max-age=120
alt-svc
clear
reload
www.recaptcha.net/recaptcha/enterprise/ Frame B4F4
36 KB
22 KB
XHR
General
Full URL
https://www.recaptcha.net/recaptcha/enterprise/reload?k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
ec9d944f366c722328ab981eb6383dd2ca3dc025571ff6aafca2a70b100da75e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.recaptcha.net/recaptcha/enterprise/bframe?hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-protobuffer

Response headers

date
Fri, 03 Dec 2021 11:11:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
private, max-age=0
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22085
x-xss-protection
1; mode=block
expires
Fri, 03 Dec 2021 11:11:41 GMT
storage.js
sandbox.om.dm.de/LATEST/ Frame 1D91
5 KB
3 KB
Script
General
Full URL
https://sandbox.om.dm.de/LATEST/storage.js
Requested by
Host: sandbox.om.dm.de
URL: https://sandbox.om.dm.de/LATEST/index_de_storage.html?iframeId=OM_STORAGE_FRAME&p
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.161.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.161.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
41801fc22f5becc378bb77bc7903b9261224c38837b130b862847eb4ec3d6845

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sandbox.om.dm.de/LATEST/index_de_storage.html?iframeId=OM_STORAGE_FRAME&p
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 11:10:31 GMT
content-encoding
gzip
x-goog-meta-goog-reserved-file-mtime
1638353916
age
70
x-guploader-uploadid
ADPycdsy4nzZaV7zDjScypeGgcxYxL28wBYghWnxwTaOdvhI4z47o2-XWUhmVhg4TNcFQrQ7WkmKm9gcKBBDDbpXN-fyC6iTUw
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
2397
last-modified
Wed, 01 Dec 2021 12:26:53 GMT
server
UploadServer
etag
"b9cea509200bf58f26984a219845a2a8"
vary
Accept-Encoding
x-goog-hash
crc32c=oY/whQ==, md5=uc6lCSAL9Y8mmEohmEWiqA==
x-goog-generation
1638361613312649
cache-control
public,max-age=120
x-goog-stored-content-length
2397
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 03 Dec 2021 11:12:31 GMT
refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame B4F4
600 B
624 B
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/refresh_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 19:52:10 GMT
x-content-type-options
nosniff
age
227971
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
600
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Tue, 07 Dec 2021 19:52:10 GMT
audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame B4F4
530 B
554 B
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/audio_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 05:44:53 GMT
x-content-type-options
nosniff
age
192408
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
530
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Wed, 08 Dec 2021 05:44:53 GMT
info_2x.png
www.gstatic.com/recaptcha/api2/ Frame B4F4
665 B
689 B
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/info_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 11:26:47 GMT
x-content-type-options
nosniff
age
171894
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
665
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Wed, 08 Dec 2021 11:26:47 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B4F4
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.recaptcha.net/
Origin
https://www.recaptcha.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 17:06:41 GMT
x-content-type-options
nosniff
age
237900
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 30 Nov 2022 17:06:41 GMT
KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B4F4
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.recaptcha.net/
Origin
https://www.recaptcha.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 29 Nov 2021 21:19:14 GMT
x-content-type-options
nosniff
age
309147
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15340
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:16 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 29 Nov 2022 21:19:14 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B4F4
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.recaptcha.net/
Origin
https://www.recaptcha.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 14:17:54 GMT
x-content-type-options
nosniff
age
248027
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 30 Nov 2022 14:17:54 GMT
payload
www.recaptcha.net/recaptcha/enterprise/ Frame B4F4
21 KB
21 KB
Image
General
Full URL
https://www.recaptcha.net/recaptcha/enterprise/payload?p=06AGdBq26-oCVSGU3m-ukcdGemBx3KJZLM_KFtAWd-xliyCu_VL_TQLUhYdHHWRd1isvgEzkQDyhFnLYzxTqZ8kv-GB6x8CQJpy_TqHXxls3cDU4dYSLsvLcI92BWAu19_Iqxc8Ob-c4ELY1Y7ffh3id94VsrPjGnYIrFbkQf2U6k-fx54YazBdfEfGJxyETjDG5iKPFI0lf6P-Q_D31qZv_AEBlON8KE7eA&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9ef98e87b427010e5c091d88789e54f63d8cc90e5e9772fc98c0d8dd1f27956d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.recaptcha.net/recaptcha/enterprise/bframe?hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&k=6Lf9eMMZAAAAAHBIsILdTE0o3jZNLdbTxzwwSTqY
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 11:11:41 GMT
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
private, max-age=30
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21331
x-xss-protection
1; mode=block
expires
Fri, 03 Dec 2021 11:11:41 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
uct.service.usercentrics.eu
URL
https://uct.service.usercentrics.eu/uct?v=1&cid=bbe632227857c1e4eba433cf9bcd98139411a8d3ee243528514ce134d1b13161&sid=GQ5XCUXY9&t=1&r=https%3A%2F%2Fsignin.dm.de%2Fdm-de%2Fauthentication%2Fweb-login&cb=1638529901180

Verdicts & Comments Add Verdict or Comment

89 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler string| site object| langs string| host string| lang object| __core-js_shared__ object| core object| DD_LOGS object| DmAbtestRegistry object| reducerRegistry object| store object| i18next object| BrowserLogs object| DmAbtestApi object| DmBreakpoint object| DmDataProvider object| DmDeviceProvider object| DmErrorBoundary object| DmGlobalConfig object| DmI18n object| DmLinkWrapper object| DmReduxStoreProvider function| Find function| axios object| I18Next object| PropTypes object| React object| ReactDOM object| ReactHelmet function| ReactHtmlClassname object| ReactI18Next object| ReactIntl object| ReactRedux object| ReactRouter object| ReactRouterDom object| ReactYoutube object| Recompose object| Redux object| ReduxDevTools object| ReduxThunk function| YoutubePlayer object| default object| ReactInit object| dmUi object| DmStyleProvider object| DmStyleConfig object| BodyScrollLock object| ReactFocusLock object| ReactTransitionGroup object| webpackJsonp_designSystem object| validationErrorMessages object| authentication object| dmSettings object| __tti object| DmOmTypes object| DmInsightsApi object| DmCustomerConsentApi object| DmEngageApi object| DmConversionsApi object| DmPiiFilterApi object| DmOmInitApi object| omModules object| omConfig object| mmCartUtils object| mmBehaviourUtils object| dmWebTracker object| DmOmApi object| felaRenderer function| recaptchaSubmitCallback function| recaptchaErrorCallback function| recaptchaExpiredCallback function| __import__ boolean| UC_UI_IS_RENDERED string| __webpack_nonce__ object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| closure_lm_130217 object| dataLayer object| UC_UI

7 Cookies

Domain/Path Name / Value
www.recaptcha.net/recaptcha Name: _GRECAPTCHA
Value: 09ABBMTcMtfv7sQHin59OwSG6X1SKTb6n_TO_zw3a2B5WqxpiWebPKbrDqTeRTARzlwzqHduQ5LGFPzH_Wi-ovQ0M
signin.dm.de/ Name: ssm
Value: ssm
signin.dm.de/ Name: sessionid
Value: 61a9fb6c-b51cc2ca-1860-477d-b799-8ca7e9e1f56e###36ee4656d238a6337d1d3540f524b20ad41fe287c9ccca12a18f93f3ee93301f
signin.dm.de/ Name: _sessionid
Value: 61a9fb6c-b51cc2ca-1860-477d-b799-8ca7e9e1f56e###36ee4656d238a6337d1d3540f524b20ad41fe287c9ccca12a18f93f3ee93301f
signin.dm.de/ Name: _dd_s
Value: logs=1&id=5d8e00ae-6de7-436c-8e87-27de8e64fec5&created=1638529900566&expire=1638530800566
.dm.de/ Name: AB_BAER-6903
Value: a
.dm.de/ Name: dm_ucControllerId
Value: bbe632227857c1e4eba433cf9bcd98139411a8d3ee243528514ce134d1b13161

1 Console Messages

Source Level URL
Text
security error URL: https://signin.dm.de/dm-de/authentication/web-login
Message:
Refused to load the image 'https://uct.service.usercentrics.eu/uct?v=1&cid=bbe632227857c1e4eba433cf9bcd98139411a8d3ee243528514ce134d1b13161&sid=GQ5XCUXY9&t=1&r=https%3A%2F%2Fsignin.dm.de%2Fdm-de%2Fauthentication%2Fweb-login&cb=1638529901180' because it violates the following Content Security Policy directive: "img-src 'self' data: https://assets.dm.de https://ssl.hurra.com https://app.usercentrics.eu https://img.usercentrics.eu".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' https://assets.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;font-src data: https://assets.dm.de https://*.usercentrics.eu;style-src 'unsafe-inline' https://assets.dm.de https://*.usercentrics.eu;img-src 'self' data: https://assets.dm.de https://linkmaker.itunes.apple.com https://play.google.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com;frame-src 'self' https://www.dm.de https://checkout.dm.de https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://signin.dm.de https://paint-prod.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://sandbox.om.dm.de;frame-ancestors 'self' https://www.dm.de https://signin.dm.de;connect-src 'self' https://www.dm.de https://kuba-prod.services.dmtech.com https://signin.dm.de https://paint-prod.services.dmtech.com https://www.payback.de https://www.payback.at https://images.payback.at https://www.payback.pl https://images.payback.pl https://happychild-prod.services.dmtech.com https://orderhistory-prod.services.dmtech.com https://*.usercentrics.eu https://exc.mm.dm.de https://del.mm.dm.de https://con.mm.dm.de https://ssl.hurra.com https://assets.dm.de https://ebon-prod.services.dmtech.com;base-uri 'self';form-action 'self' https://www.dm.de https://signin.dm.de https://*.usercentrics.eu;upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.dm.de
accounts.dm.de
aggregator.service.usercentrics.eu
api.usercentrics.eu
app.usercentrics.eu
assets.dm.de
fonts.gstatic.com
graphql.usercentrics.eu
sandbox.om.dm.de
signin.dm.de
uct.service.usercentrics.eu
www.gstatic.com
www.recaptcha.net
uct.service.usercentrics.eu
2600:1901:0:256b::
2600:1901:0:5987::
2600:1901:0:7903::
2600:1901:0:c07c::
2a00:1450:4001:80f::2003
2a00:1450:4001:827::2003
2a00:1450:4001:831::2003
35.201.94.164
35.244.161.140
009a4cf1623ff76804e55d59a17f680f77d8c76ada674500997ff44cc7ac0741
02cec45dd64b5ef59a99478302a5876355a7b6bea9be1f058fb66fc05821a0b8
0a56234241a7dd6d1f2a13b3d521d260c999c9bf50e97f255859649775eec6ee
0e0e69340e5b4ffdd8dd91cee9ada3077916687aca9092491cc8e7f457cc3112
12c36848f35565f6b17bd5928b3338e58bba76c68c0107ed31da8ab2df72c1df
13259848536be75c3cfd3feba67ef5d90e89fbd6b252583da07e77e81f71e35d
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1c925462a7954bc34df807f354fbb27410954acea7d56839dd5ded7655fe45d8
1d681d1296b0d17c6e9cff5cd29255b304c4d27833c4acd7004d4c04776e57c3
23d4875896a0991fa45cd27b4935dc479b16e1a0774d10cf2d7ccc5406ef2764
2563c10cf64a8fc6ec75008fbc39ba2b9ae09fd3e785e4eb7e2eec7c308aeb6f
2769f52082319160fae846f1e9c28d7d9c60e6fb4fb20c15c668db7f9bbfc5ef
2b48cddeae893a736f1506be74baf28feab21148d2ddabe477b6a7703b699b4a
3103bbadcd955d27092b13e344ad188c754807a4c0150ee685c716b2691e93a1
3654ff6602d11d5378bc694205dc207eaebd360fb240602b8adbc7ae2f310391
3676f8c6ca86fbcce085254ed740e5839dff33aaf42e074cfca7951d8ead5275
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
41801fc22f5becc378bb77bc7903b9261224c38837b130b862847eb4ec3d6845
440d943f370eb7a31e6e981e305841adb312f561e4dc8f9d5f78d66359fce768
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
452f0ccba0a751a2b13eaed16d5f2de38817429231f90f1435087615bea20f65
4bb8f1aedc7f2cc87c1aaa62b8753ebb2e2d804d909ebd5efbf07ec87965f315
4d1f196e7542e0f314a7a0ddaf20b67435fca529aef0e2131f9aad99f8f85c43
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866
52eab6899f80be9cccc850d45c735af902b67d94f82ebb02eb9dff28d0940f0d
5324c7fb79c1930a503894dadba9a9c480c7f65929f859b2d39d9db8938b707d
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
5a28abcaac5c8af9fcfccbfe6e77f5b2f9b4f881b9e3458d433ee74d12f1c2ce
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5b84a9f551f667b94c3d2baa0ad2de46dee7ce87720d7bf5dcf7a0011ff84a53
5f1fd147196fc91cde5a2700a075ae3a8763941ccfadc71f98201c13f88d6a91
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
72f2433e4821fea84a1fafee7ea4a87c0c88e4c1bd85964537ba0d45a166b53f
72fd6a9a969e08d0892cce9a8164616fc4a6f07be8aaa65201cf6e7755640952
737f77a7a1a4d0d0bdf35afa559dcf317b3e4f63c72e54dbc5d98255ee4030e6
7acc9628d851907184b2b12912f5b373cb6c982eef9f2e38ddd90745888a6c76
8011ef0e300cb037130310c4b6d202b0b3ec7fc6991b661ab2849f656e7adb99
807c6adc39c41a50b61d39a5e81bf900451e504de7fdb720104b0a87e2e0fb17
82d0611f82dffea0d445a0d7d8011eb04eeb97e9abfaf1544f4f4f23739314e3
8456324d4fc6dec5cce5a1fe3f11da03d2b7de063f8dd3fe8132f2dc5696b257
8563f915516318c564b1a4b4d4005778294178cfac736d0ed7dd5afa86d4cd50
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8bec545689028c2c3dcc1cc4c32626d1c941403db3c9bae600c5cc80b501911c
9ef98e87b427010e5c091d88789e54f63d8cc90e5e9772fc98c0d8dd1f27956d
9ffade704941227cf24ae72984b790b5d5a814ba1321e21db137fcb2d82b2f80
a76022344510c87c57781b6f43dffc4be265d2dc5dea3aa74450eea8895a611b
a91fe67eebef93417306ab06b05c1995aa3ee63f19b03eb8b0694c447da16703
b363f0a47bc38a40c1282d2b24aa85128b9ad2e8ac099658ef1e3191fcef3c88
b92c8e19dbeb9c84f7e4ea094be60500424fb43879afa5cdd617f8de8d3fc5a3
bfa7061d345823fcecc5a876900538a5563907dbccbda00a3b073b0abbc49fe0
c6a6224a39f0f79e5fc6f63724160d67e203535eda6a8422f074359ea422694c
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
ca0be7ed9cb33547f0867a320aa398abb7c8f5851e605625ea823b0b4b6d9d9d
cebcafb2948b59846a8990041ff37040b0f2c209c19bb360aed5e608f6669423
d344e7e68f4552c8953aac56dd494d2cd17318d862b78ad8b324db8a4fb8cb48
d5140a9a235c280fe2786bf8453f955f956ce0e1fb9832af61ee5af999ac651a
daf369f225f35c5a01f0b51c02ce56df61b27cbc872cd3e929fc67e42aea81ff
e1e2415e80fdb9c6fca8302455484db2e628abcf91e237d37d3d0c4f4ecca430
e50cb0108ac6dc7c70a48886e3262442fba8ec289a46f330d44945bb81e0458b
ec9d944f366c722328ab981eb6383dd2ca3dc025571ff6aafca2a70b100da75e
f3722afbf616f94e4c92396c7ba76bc0bf6e3f3c818e7162c41364e4f6f63ef5
f8dfd8b5ff21492b0aa231cef9c6067d0cbc4fae6a4371e9f13b96dddc5d142b
ff4d295bc113a05783323b28da491a0f78272e814de418b6026954f4c38b1a1e