spotify.design Open in urlscan Pro
2001:4860:4802:32::15 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://creative.artisantalent.com/e3t/Ctc/Q*113/cdp4r04/VWy4hM7Cc-WWW8KWPNw8Fp_qhW7qxXbD4RGn6TN5DTzm33q3pBV1-WJV7Cg-NfN8cfZw79n5Cy...
Effective URL:
https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-...
Submission: On October 28 via api (October 28th 2022, 3:37:23 pm UTC) from US — Scanned from DE

Summary HTTP 71 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 10 IPs in 2 countries across 9 domains to perform 71 HTTP transactions. The main IP is 2001:4860:4802:32::15, located in United States and belongs to GOOGLE, US. The main domain is spotify.design.
TLS certificate: Issued by GTS CA 1D4 on September 25th 2022. Valid for: 3 months.

This is the only time spotify.design was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:2c40::c7... 2606:2c40::c73c:67e4	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
44	2001:4860:480... 2001:4860:4802:32::15	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
9	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a04:4e42:62:... 2a04:4e42:62::760	54113 (FASTLY) (FASTLY)
4	2600:9000:225... 2600:9000:225e:a200:12:94b3:c380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::ac40:929e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:1901:0:5... 2600:1901:0:524d::	15169 (GOOGLE) (GOOGLE)
6	2600:1901:1:c... 2600:1901:1:c36::	15169 (GOOGLE) (GOOGLE)
71	10

2 2606:2c40::c73c:67e4 (United States) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

creative.artisantalent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2001:4860:4802:32::15 (United States)

ASN15169 (GOOGLE, US)

spotify.design	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:62::760 (United States)

ASN54113 (FASTLY, US)

sdk.scdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:225e:a200:12:94b3:c380:93a1 (United States)

ASN16509 (AMAZON-02, US)

images.ctfassets.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:929e (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:524d:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

apresolve.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:1901:1:c36:: (United States)

ASN15169 (GOOGLE, US)

api.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	spotify.design spotify.design	915 KB
9	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 403	194 KB
7	spotify.com apresolve.spotify.com — Cisco Umbrella Rank: 878 api.spotify.com — Cisco Umbrella Rank: 2341	826 B
4	ctfassets.net images.ctfassets.net — Cisco Umbrella Rank: 3836	83 KB
3	scdn.co sdk.scdn.co — Cisco Umbrella Rank: 496893	176 KB
2	artisantalent.com 1 redirects creative.artisantalent.com	4 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 691	262 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 29	20 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 51	50 KB
71	9

	Domain	Requested by
44	spotify.design	creative.artisantalent.com spotify.design
9	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org
6	api.spotify.com	sdk.scdn.co
4	images.ctfassets.net	spotify.design
3	sdk.scdn.co	spotify.design sdk.scdn.co
2	creative.artisantalent.com	1 redirects
1	apresolve.spotify.com	sdk.scdn.co
1	geolocation.onetrust.com	cdn.cookielaw.org
1	www.google-analytics.com	sdk.scdn.co
1	www.googletagmanager.com	spotify.design
71	10

This site contains links to these domains. Also see Links.

Domain
www.instagram.com
www.twitter.com
newsroom.spotify.com
twitter.com
www.spotifyjobs.com
www.spotify.com
engineering.atspotify.com
research.atspotify.com
medium.com
tcf.cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
creative.artisantalent.com Cloudflare Inc ECC CA-3	`2022-05-20` - `2023-05-20`	a year	crt.sh
spotify.design GTS CA 1D4	`2022-09-25` - `2022-12-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
*.scdn.co DigiCert TLS RSA SHA256 2020 CA1	`2022-08-02` - `2023-08-02`	a year	crt.sh
images.ctfassets.net Amazon	`2022-02-17` - `2023-03-18`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-01-12` - `2023-01-12`	a year	crt.sh
*.spotify.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-06` - `2023-04-06`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog&utm_content=231531564&utm_source=hs_email
Frame ID: EAEEC0C482B663D6265194231FEA8C1C
Requests: 61 HTTP requests in this frame

Frame: https://sdk.scdn.co/embedded/index.html
Frame ID: 7BD69A35E1F06C68F6C64B3D7964EDFA
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Backstage Tickets to the World of Service Design at Spotify | Spotify DesignBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://creative.artisantalent.com/e3t/Ctc/Q*113/cdp4r04/VWy4hM7Cc-WWW8KWPNw8Fp_qhW7qxXbD4RGn6TN5DTzm33q3pBV1-W... Page URL
https://creative.artisantalent.com/events/public/v1/encoded/track/tc/Q*113/cdp4r04/VWy4hM7Cc-WWW8KWPNw8Fp_qhW7q... HTTP 307
https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_camp... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

71
Requests

100 %
HTTPS

100 %
IPv6

9
Domains

10
Subdomains

10
IPs

2
Countries

1444 kB
Transfer

4813 kB
Size

3
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://www.instagram.com/spotify.design/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.twitter.com/spotify.design/
Title: Twitter

Search URL Search Domain Scan URL

URL: https://newsroom.spotify.com/2022-09-20/with-audiobooks-launching-in-the-u-s-today-spotify-is-the-home-for-all-the-audio-you-love/
Title: Audiobooks

Search URL Search Domain Scan URL

URL: https://newsroom.spotify.com/2022-05-03/spotify-island-brings-new-experiences-for-fans-and-artists-to-roblox/
Title: Roblox

Search URL Search Domain Scan URL

URL: https://www.instagram.com/gracehyejinkwon/
Title: Read More

Search URL Search Domain Scan URL

URL: https://twitter.com/marcorighetto
Title: Read More

Search URL Search Domain Scan URL

URL: https://newsroom.spotify.com/
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://www.spotifyjobs.com/
Title: Spotify Jobs

Search URL Search Domain Scan URL

URL: https://www.spotify.com/
Title: Spotify.com

Search URL Search Domain Scan URL

URL: https://engineering.atspotify.com/
Title: Spotify R&D Engineering

Search URL Search Domain Scan URL

URL: https://research.atspotify.com/
Title: Spotify R&D Research

Search URL Search Domain Scan URL

URL: https://medium.com/spotify-insights
Title: Spotify R&D Insights

Search URL Search Domain Scan URL

URL: https://twitter.com/spotifydesign
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.spotify.com/uk/legal/end-user-agreement/
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.spotify.com/uk/legal/privacy-policy/
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.spotify.com/uk/legal/cookies-policy/
Title: Cookies

Search URL Search Domain Scan URL

URL: https://www.spotify.com/uk/account/apps/
Title: Revoke access

Search URL Search Domain Scan URL

URL: https://www.spotify.com/legal/cookies-policy/
Title: Cookie Policy

Search URL Search Domain Scan URL

URL: https://tcf.cookiepedia.co.uk/?lang=en
Title: | View Full Legal Text Opens in a new Tab

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://creative.artisantalent.com/e3t/Ctc/Q*113/cdp4r04/VWy4hM7Cc-WWW8KWPNw8Fp_qhW7qxXbD4RGn6TN5DTzm33q3pBV1-WJV7Cg-NfN8cfZw79n5CyVY8tVH3v2NGFW4KPMSH8Sl8K4W3rh-Sd10lJ43N8G817SXSDZGW5L2BRS8YvNnFW6gqjVP9dRtFQW8pGqd19cjCXGN5HVcTy6NQRpW7CkyCX4xxNkvW9j0qvw6PHjBsW3rS-NQ4RhGjgW59LLxl4gR5SxW8NVwDw4Q4Gd8W7CKn3Q93HlCNN315L-lg48SLW4g0hjV5RmlZLW8012nD1XkPN8W3TY1PJ6xl13fW8HGyQm5MWqVMW199nkb761ftvW2ZCrgx2CB34HV766Nb3513fJW7yMP7W8H3s74W80SxRj9j2vwYW5VYMRs5ChDH4N1W4sxtscrjDW7tk4Ck2-fK2lW6ZhwMV1m5qBcW4jKt7v7-7yT73hPh1 Page URL
https://creative.artisantalent.com/events/public/v1/encoded/track/tc/Q*113/cdp4r04/VWy4hM7Cc-WWW8KWPNw8Fp_qhW7qxXbD4RGn6TN5DTzm33q3pBV1-WJV7Cg-NfN8cfZw79n5CyVY8tVH3v2NGFW4KPMSH8Sl8K4W3rh-Sd10lJ43N8G817SXSDZGW5L2BRS8YvNnFW6gqjVP9dRtFQW8pGqd19cjCXGN5HVcTy6NQRpW7CkyCX4xxNkvW9j0qvw6PHjBsW3rS-NQ4RhGjgW59LLxl4gR5SxW8NVwDw4Q4Gd8W7CKn3Q93HlCNN315L-lg48SLW4g0hjV5RmlZLW8012nD1XkPN8W3TY1PJ6xl13fW8HGyQm5MWqVMW199nkb761ftvW2ZCrgx2CB34HV766Nb3513fJW7yMP7W8H3s74W80SxRj9j2vwYW5VYMRs5ChDH4N1W4sxtscrjDW7tk4Ck2-fK2lW6ZhwMV1m5qBcW4jKt7v7-7yT73hPh1?_ud=177388ef-7e13-4d69-9d25-99465f373ea5&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog&utm_content=231531564&utm_source=hs_email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

71 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 VWy4hM7Cc-WWW8KWPNw8Fp_qhW7qxXbD4RGn6TN5DTzm33q3pBV1-WJV7Cg-NfN8cfZw79n5CyVY8tVH3v2NGFW4KPMSH8Sl8K4W3rh-Sd10lJ43N8G817SXSDZGW5L2BRS8YvNnFW6gqjVP9dRtFQW8pGqd19cjCXGN5HVcTy6NQRpW7CkyCX4xxNkvW9j0qvw6P...
creative.artisantalent.com/e3t/Ctc/Q*113/cdp4r04/ 10 KB
4 KB 413ms
162ms Document
text/html 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://creative.artisantalent.com/e3t/Ctc/Q*113/cdp4r04/VWy4hM7Cc-WWW8KWPNw8Fp_qhW7qxXbD4RGn6TN5DTzm33q3pBV1-WJV7Cg-NfN8cfZw79n5CyVY8tVH3v2NGFW4KPMSH8Sl8K4W3rh-Sd10lJ43N8G817SXSDZGW5L2BRS8YvNnFW6gqjVP9dRtFQW8pGqd19cjCXGN5HVcTy6NQRpW7CkyCX4xxNkvW9j0qvw6PHjBsW3rS-NQ4RhGjgW59LLxl4gR5SxW8NVwDw4Q4Gd8W7CKn3Q93HlCNN315L-lg48SLW4g0hjV5RmlZLW8012nD1XkPN8W3TY1PJ6xl13fW8HGyQm5MWqVMW199nkb761ftvW2ZCrgx2CB34HV766Nb3513fJW7yMP7W8H3s74W80SxRj9j2vwYW5VYMRs5ChDH4N1W4sxtscrjDW7tk4Ck2-fK2lW6ZhwMV1m5qBcW4jKt7v7-7yT73hPh1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
cf-cache-status: MISS
cf-ray: 7614c0790dbc0bbc-AMS
content-encoding: br
content-type: text/html;charset=utf-8
date: Fri, 28 Oct 2022 15:37:17 GMT
last-modified: Fri, 28 Oct 2022 15:37:17 GMT
referrer-policy: no-referrer
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-hs-https-only: worker
x-hubspot-correlation-id: 77c28348-79e5-4ab9-a7b2-ad39943014fa
x-robots-tag: none

GET
H2

200

Primary Request backstage-tickets-to-the-world-of-service-design-at-spotify Show response
spotify.design/article/
Redirect Chain

https://creative.artisantalent.com/events/public/v1/encoded/track/tc/Q*113/cdp4r04/VWy4hM7Cc-WWW8KWPNw8Fp_qhW7qxXbD4RGn6TN5DTzm33q3pBV1-WJV7Cg-NfN8cfZw79n5CyVY8tVH3v2NGFW4KPMSH8Sl8K4W3rh-Sd10lJ43N8...
https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU...

228 KB
50 KB

212ms
67ms

Document
text/html

2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog&utm_content=231531564&utm_source=hs_email

Requested by

Host: creative.artisantalent.com
URL: https://creative.artisantalent.com/e3t/Ctc/Q*113/cdp4r04/VWy4hM7Cc-WWW8KWPNw8Fp_qhW7qxXbD4RGn6TN5DTzm33q3pBV1-WJV7Cg-NfN8cfZw79n5CyVY8tVH3v2NGFW4KPMSH8Sl8K4W3rh-Sd10lJ43N8G817SXSDZGW5L2BRS8YvNnFW6gqjVP9dRtFQW8pGqd19cjCXGN5HVcTy6NQRpW7CkyCX4xxNkvW9j0qvw6PHjBsW3rS-NQ4RhGjgW59LLxl4gR5SxW8NVwDw4Q4Gd8W7CKn3Q93HlCNN315L-lg48SLW4g0hjV5RmlZLW8012nD1XkPN8W3TY1PJ6xl13fW8HGyQm5MWqVMW199nkb761ftvW2ZCrgx2CB34HV766Nb3513fJW7yMP7W8H3s74W80SxRj9j2vwYW5VYMRs5ChDH4N1W4sxtscrjDW7tk4Ck2-fK2lW6ZhwMV1m5qBcW4jKt7v7-7yT73hPh1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

4e3178d4c0da5ab0364b00e9deb2465535b9b667ee20386523e5f1836e653037

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://creative.artisantalent.com/e3t/Ctc/Q*113/cdp4r04/VWy4hM7Cc-WWW8KWPNw8Fp_qhW7qxXbD4RGn6TN5DTzm33q3pBV1-WJV7Cg-NfN8cfZw79n5CyVY8tVH3v2NGFW4KPMSH8Sl8K4W3rh-Sd10lJ43N8G817SXSDZGW5L2BRS8YvNnFW6gqjVP9dRtFQW8pGqd19cjCXGN5HVcTy6NQRpW7CkyCX4xxNkvW9j0qvw6PHjBsW3rS-NQ4RhGjgW59LLxl4gR5SxW8NVwDw4Q4Gd8W7CKn3Q93HlCNN315L-lg48SLW4g0hjV5RmlZLW8012nD1XkPN8W3TY1PJ6xl13fW8HGyQm5MWqVMW199nkb761ftvW2ZCrgx2CB34HV766Nb3513fJW7yMP7W8H3s74W80SxRj9j2vwYW5VYMRs5ChDH4N1W4sxtscrjDW7tk4Ck2-fK2lW6ZhwMV1m5qBcW4jKt7v7-7yT73hPh1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
access-control-allow-origin: https://spotify.design
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
content-type: text/html
date: Fri, 28 Oct 2022 15:37:17 GMT
etag: "hoJjAQ"
expires: Fri, 01 Jan 1990 00:00:00 GMT
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
strict-transport-security: max-age=31536000; includeSubDomains
x-cloud-trace-context: c826e2acc96fb8c7a97c9104fb618e1d
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: false
cf-cache-status: MISS
cf-ray: 7614c07a2fe50bbc-AMS
date: Fri, 28 Oct 2022 15:37:17 GMT
link: <https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog&utm_content=231531564&utm_source=hs_email>; rel="canonical"
location: https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog&utm_content=231531564&utm_source=hs_email
referrer-policy: no-referrer
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-hs-https-only: worker
x-hubspot-correlation-id: 63780ceb-7dbd-477a-b359-6e462353c252
x-robots-tag: none

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 129 KB
50 KB 134ms
50ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TKJFZ4G

Requested by

Host: spotify.design
URL: https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog&utm_content=231531564&utm_source=hs_email

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1fe1bade116972d1bed66fce030b95b9526c8e3c85ead56edfb92a8436f62f07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 15:37:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51151
x-xss-protection: 0
last-modified: Fri, 28 Oct 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 28 Oct 2022 15:37:17 GMT

GET
H2 200 webpack-runtime-562a3285ea38844b6caa.js Show response
spotify.design/ 5 KB
2 KB 77ms
72ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/webpack-runtime-562a3285ea38844b6caa.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

dc3773164d8fdac551ab6e8a70bfee5e9385a94aa05e0153268b016d58935f6b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: fcaa1341b9394856a9e000e855c8823e
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 framework-29f1b313a32e457f126d.js Show response
spotify.design/ 126 KB
47 KB 87ms
82ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/framework-29f1b313a32e457f126d.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

dd36cadd2847108bba1ff47933cc31442da957f98794156810de18e92083e31e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 6f95db34c061337de194d35084294fc0
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 app-fb994cb4a8f55c2339f3.js Show response
spotify.design/ 212 KB
80 KB 81ms
76ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/app-fb994cb4a8f55c2339f3.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

fbfa6fe07a55294eb6ce90f4d673b006ef42439a07ac38f377d4783aab73fc1b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: fcaa1341b9394856a9e000e855c8823e
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 styles-e9d24b1846c7d6eb9685.js Show response
spotify.design/ 61 B
190 B 63ms
58ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/styles-e9d24b1846c7d6eb9685.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

68d5bef571c6a9e14d8a182bc2ed9cbe64d353a86dcba0387440760cbeed8f53

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 2d7e2237cc77a79d10277e9b07a0a086
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 commons-079fd8a0e4e2b9f945d3.js Show response
spotify.design/ 25 KB
8 KB 77ms
72ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/commons-079fd8a0e4e2b9f945d3.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

667d9859304d6363e1a07cd061358f2be038d077f0ad4fba2e3e113ab3297430

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 6f95db34c061337de194d35084294fc0
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4b1cac69a36f77cdc36a755221e713fa0e981a1f-920fec0138e95c56e366.js Show response
spotify.design/ 27 KB
11 KB 64ms
60ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/4b1cac69a36f77cdc36a755221e713fa0e981a1f-920fec0138e95c56e366.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

c2895afc5eda9b7b17c492e2c50cb4102f224b792b33d23c310fbd664e1c6a78

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 33c60aa45db45f6822bf2a3f9d55f5f9;o=1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 631dd0213348276beb4a01718dfb635658e0038b-d2628198a4ef86331e6f.js Show response
spotify.design/ 35 KB
12 KB 103ms
99ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/631dd0213348276beb4a01718dfb635658e0038b-d2628198a4ef86331e6f.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

3148b446208b70913cd7a7a17687bb41b36aab8c5686291f4ae14c9ebd2ab458

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 2743198bb71fea0f16b944807a6355f4
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 component---src-pages-articles-article-long-form-tsx-d2fba3096181f28c2db0.js Show response
spotify.design/ 10 KB
4 KB 84ms
80ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/component---src-pages-articles-article-long-form-tsx-d2fba3096181f28c2db0.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e59780e4246c0918b42f104a9373facf41afb5e694222adcc4d3e31ef993e2d6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 6f95db34c061337de194d35084294fc0
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json
spotify.design/page-data/article/backstage-tickets-to-the-world-of-service-design-at-spotify/ 90 KB
14 KB 70ms
66ms Other
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/article/backstage-tickets-to-the-world-of-service-design-at-spotify/page-data.json

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

38482851c7c9a229cdb41222ea5129241b75a6fec9d6be71c1210fd8f89e543c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: e759b1d84f3d55640f6d83d406a6c812
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1187690368.json
spotify.design/page-data/sq/d/ 11 KB
2 KB 85ms
81ms Other
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/sq/d/1187690368.json

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

4de9be81b0658742b5408696d30882950dee00bd1a66c63b0d6eacdc00f78035

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 6f95db34c061337de194d35084294fc0
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 2238183853.json
spotify.design/page-data/sq/d/ 342 B
316 B 158ms
155ms Other
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/sq/d/2238183853.json

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

27b802c5ce4ff03a576ab4d83a834448b2a7b8c2a82557c0353f2530b25c613b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: e759b1d84f3d55640f6d83d406a6c812
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 3580036773.json
spotify.design/page-data/sq/d/ 578 KB
64 KB 159ms
156ms Other
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/sq/d/3580036773.json

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

f63d80cf2d03ecb96401261a4e7c83d48fce19e5478bc3a843275cae664ba525

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: ce3a04986b98bff53ffa6666692d21ec
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 app-data.json
spotify.design/page-data/ 50 B
155 B 157ms
154ms Other
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/app-data.json

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

b9a1e0336031deb3bbea8e3dfe8fccc81aa5532f541a9e607aca4abb68f8229d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 33c60aa45db45f6822bf2a3f9d55f5f9;o=1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 CircularSpotifyTxT-Book.woff2
spotify.design/fonts/ 63 KB
63 KB 164ms
164ms Font
font/woff2 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/fonts/CircularSpotifyTxT-Book.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

16f860a080d405f412750f83c4ee2168302cd1f3347416b5b3ae50bae3571b28

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog&utm_content=231531564&utm_source=hs_email
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: fcaa1341b9394856a9e000e855c8823e
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 CircularSpotifyTxT-Bold.woff2
spotify.design/fonts/ 68 KB
68 KB 133ms
132ms Font
font/woff2 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/fonts/CircularSpotifyTxT-Bold.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

0e1e4f36fc8076dd1b5f30ac8aeaeed4b5927e475d0d4e7b8d63a33beb2fd0b5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog&utm_content=231531564&utm_source=hs_email
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: e759b1d84f3d55640f6d83d406a6c812
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 CircularSpotifyTxT-Medium.woff2
spotify.design/fonts/ 65 KB
65 KB 134ms
134ms Font
font/woff2 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/fonts/CircularSpotifyTxT-Medium.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

a9d8ae96f7d8b1c672c9cdf8709e876e76172e41c2d9f15a842fc6d9c6f5573d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog&utm_content=231531564&utm_source=hs_email
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 2743198bb71fea0f16b944807a6355f4
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 CircularSpotifyTxT-BookItalic.woff2
spotify.design/fonts/ 65 KB
65 KB 118ms
118ms Font
font/woff2 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/fonts/CircularSpotifyTxT-BookItalic.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

ea393486f21307f8441a06a46571a3a8c04444827f5bbec4eac4cc39292261fb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog&utm_content=231531564&utm_source=hs_email
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:17 GMT
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 6f95db34c061337de194d35084294fc0
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
8 KB 133ms
52ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKJFZ4G

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: e0VkrpV+7zqDAjQ/RMXPsw==
age: 2375
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 7151
x-ms-lease-status: unlocked
last-modified: Thu, 27 Oct 2022 18:34:40 GMT
server: cloudflare
etag: 0x8DAB849E88F0321
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a1a9abaa-301e-0033-1c3c-ea81cb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7614c0808ef1bb67-FRA

GET
H/1.1 200
OK spotify-player.js Show response
sdk.scdn.co/ 22 KB
7 KB 153ms
44ms Script
application/javascript 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.scdn.co/spotify-player.js
Requested by: Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8dd8d26fd3602896e53d7e10b8d6436b1f0fef79454525b1cfa4293ceaae93ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Fri, 28 Oct 2022 15:37:18 GMT
Content-Encoding: gzip
Age: 1221819
X-Cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
Connection: keep-alive
Content-Length: 6455
X-Served-By: cache-chi-kigq8000067-CHI, cache-hhn11527-HHN
Last-Modified: Fri, 14 Oct 2022 12:13:27 GMT
ETag: "120c4e15203b98d7e27af0b3e3c0f686"
x-goog-generation: 1665749606994349
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
x-goog-stored-content-length: 6455
Accept-Ranges: bytes
X-Cache-Hits: 4, 3

GET
H2 200 23-664fa462a57c2b57a530.js Show response
spotify.design/ 3 KB
1 KB 63ms
61ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/23-664fa462a57c2b57a530.js

Requested by

Host: spotify.design
URL: https://spotify.design/webpack-runtime-562a3285ea38844b6caa.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

ad8191b5bcad004f9a2225a3a796afb6a28d9e66aa63cfda8283a8386c8173b3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 33c60aa45db45f6822bf2a3f9d55f5f9;o=1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 22-439227499fdc2cbfec17.js Show response
spotify.design/ 8 KB
3 KB 63ms
61ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/22-439227499fdc2cbfec17.js

Requested by

Host: spotify.design
URL: https://spotify.design/webpack-runtime-562a3285ea38844b6caa.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

2fadbba039f859db355efc06294158f83db0b605d83f8e503b2f390a81dc3e05

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: e759b1d84f3d55640f6d83d406a6c812
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 21-f12d7e8dbc31a75c9e26.js Show response
spotify.design/ 4 KB
2 KB 64ms
62ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/21-f12d7e8dbc31a75c9e26.js

Requested by

Host: spotify.design
URL: https://spotify.design/webpack-runtime-562a3285ea38844b6caa.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

56eef5eb5631927cc189752237b6a6077e12f6b611eb16318d7939972d946d7f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: e759b1d84f3d55640f6d83d406a6c812
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Backstage_Tickets_-_Header_2x.png
images.ctfassets.net/c1zhnszcah7h/1VqfjLicKoYHNifWAWaGcg/8407fab386622dc82f84f2db6101ed2e/ 50 KB
50 KB 155ms
52ms Image
image/webp 2600:9000:225e:a200:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/c1zhnszcah7h/1VqfjLicKoYHNifWAWaGcg/8407fab386622dc82f84f2db6101ed2e/Backstage_Tickets_-_Header_2x.png?w=1000&h=597&q=96&fm=webp
Requested by: Host: spotify.design
URL: https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog&utm_content=231531564&utm_source=hs_email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:a200:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 32d8921f22ab8d81614e979a04445e6695d877343cc11b5b755d773ed5a01986

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 15:37:18 GMT
via: 1.1 18c9dea802c00b7c060142aad49f7288.cloudfront.net (CloudFront)
last-modified: Wed, 26 Oct 2022 16:20:09 GMT
server: Contentful Images API
x-amz-cf-pop: FRA60-P4
age: 70511
etag: "749bb77a73862568bd95aafe441495bb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 50988
x-amz-cf-id: 27JezrZBZdgHVaqjdvIMOnE1zWZVWC2fCylLeZwi_qiC30VrKHtwmQ==

GET
H2 200 GraceKwonHeadShot.JPG
images.ctfassets.net/c1zhnszcah7h/2aXLaztaZXQ8Slqg34pe8/e9e35593da4e8f832c5a385406fd3c27/ 6 KB
7 KB 198ms
95ms Image
image/webp 2600:9000:225e:a200:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/c1zhnszcah7h/2aXLaztaZXQ8Slqg34pe8/e9e35593da4e8f832c5a385406fd3c27/GraceKwonHeadShot.JPG?w=240&h=239&q=96&fm=webp
Requested by: Host: spotify.design
URL: https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog&utm_content=231531564&utm_source=hs_email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:a200:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 0e2478e89e0d9c07dfc5e9abc37e94761a5423493e7ed6e5e7a1f67995306dc1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 15:37:18 GMT
via: 1.1 18c9dea802c00b7c060142aad49f7288.cloudfront.net (CloudFront)
last-modified: Wed, 26 Oct 2022 16:31:04 GMT
server: Contentful Images API
x-amz-cf-pop: FRA60-P4
age: 35356
etag: "1e71f13e04dbe81b91d2ee9003e1d5f3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 6354
x-amz-cf-id: 6E-fWJd61jjnVbI9oiSAv3JQ5WwN1m4b9izO5cNJ8-vhCAyjJavJUQ==

GET
H2 200 Righetto_Marco_Headshot.jpg
images.ctfassets.net/c1zhnszcah7h/5qNdttdSmzf0meuTB6CP6w/6a55032f7c4f4d2714e9aaa856ed72b4/ 9 KB
9 KB 194ms
91ms Image
image/webp 2600:9000:225e:a200:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/c1zhnszcah7h/5qNdttdSmzf0meuTB6CP6w/6a55032f7c4f4d2714e9aaa856ed72b4/Righetto_Marco_Headshot.jpg?w=240&h=240&q=96&fm=webp
Requested by: Host: spotify.design
URL: https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog&utm_content=231531564&utm_source=hs_email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:a200:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: bd1dd7cfc5a5ff4e939bebf07c9409fb08e41da3175ea676dbcb9d9f64d21d18

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 15:37:18 GMT
via: 1.1 18c9dea802c00b7c060142aad49f7288.cloudfront.net (CloudFront)
last-modified: Wed, 26 Oct 2022 16:31:55 GMT
server: Contentful Images API
x-amz-cf-pop: FRA60-P4
age: 35349
etag: "c51d6233eea54d18dfc69c116d055bdf"
x-cache: Hit from cloudfront
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 8922
x-amz-cf-id: rBXd95RR-1MBsaXQ4Ock-6o7r9nPeCOQktrX5dwwnHi5ZqvcLEDIbA==

GET
H2 200 Rebecca_Stonebraker_headshot.jpg
images.ctfassets.net/c1zhnszcah7h/6AbyNjUXdAx4J0lZ30ZzRG/002fecb5df378710bc9405c64d17ef82/ 16 KB
17 KB 205ms
103ms Image
image/webp 2600:9000:225e:a200:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/c1zhnszcah7h/6AbyNjUXdAx4J0lZ30ZzRG/002fecb5df378710bc9405c64d17ef82/Rebecca_Stonebraker_headshot.jpg?w=240&h=240&q=96&fm=webp
Requested by: Host: spotify.design
URL: https://spotify.design/article/backstage-tickets-to-the-world-of-service-design-at-spotify?utm_campaign=Newsletters%20-%202020&utm_medium=email&_hsmi=231531564&_hsenc=p2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog&utm_content=231531564&utm_source=hs_email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:a200:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 81ca50f5e95fc4d4957d73edb72bca422928ed071a39bc3c7f6e66c0586c839f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 15:37:18 GMT
via: 1.1 18c9dea802c00b7c060142aad49f7288.cloudfront.net (CloudFront)
last-modified: Wed, 26 Oct 2022 16:29:52 GMT
server: Contentful Images API
x-amz-cf-pop: FRA60-P4
age: 35349
etag: "de2850009b1d1295d1230382690820ae"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 16874
x-amz-cf-id: t2lSeoVybcyqFJ1rF65rF57neMb3Yv4vBXuRVAhHLBr7ydvXrJC2XA==

GET
H2 200 page-data.json
spotify.design/page-data/team/ 0
7 KB 63ms
61ms Other
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/team/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 574009d67f8a9fb471edb8a3268d8be1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json
spotify.design/page-data/tools/ 0
4 KB 65ms
63ms Other
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/tools/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 574009d67f8a9fb471edb8a3268d8be1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json
spotify.design/page-data/stories/ 0
77 KB 65ms
64ms Other
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/stories/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 574009d67f8a9fb471edb8a3268d8be1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json
spotify.design/page-data/article/scaling-design-ops/ 0
15 KB 76ms
75ms Other
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/article/scaling-design-ops/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: e759b1d84f3d55640f6d83d406a6c812
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json
spotify.design/page-data/stories/listen/ 0
12 KB 67ms
66ms Other
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/stories/listen/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: e759b1d84f3d55640f6d83d406a6c812
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json
spotify.design/page-data/article/grace-kwon-senior-service-designer/ 0
8 KB 69ms
68ms Other
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/article/grace-kwon-senior-service-designer/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 574009d67f8a9fb471edb8a3268d8be1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json
spotify.design/page-data/index/ 0
24 KB 63ms
63ms Other
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/index/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 574009d67f8a9fb471edb8a3268d8be1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json
spotify.design/page-data/article/jc-chhim-senior-product-designer/ 0
8 KB 70ms
70ms Other
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/article/jc-chhim-senior-product-designer/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://spotify.design
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 33c60aa45db45f6822bf2a3f9d55f5f9;o=1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 db6fc0f2-3a62-4b76-b62a-4e72db863cad.json Show response
cdn.cookielaw.org/consent/db6fc0f2-3a62-4b76-b62a-4e72db863cad/ 5 KB
2 KB 131ms
47ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/db6fc0f2-3a62-4b76-b62a-4e72db863cad/db6fc0f2-3a62-4b76-b62a-4e72db863cad.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

362565e44e7d52800381c7a502834830e6ecbe6742214f87e32e8c2c79f856d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: NYYM0xdq5Lzvk6tszjVFPQ==
age: 11932
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1872
x-ms-lease-status: unlocked
last-modified: Wed, 08 Sep 2021 14:37:57 GMT
server: cloudflare
etag: 0x8D972D640237BB5
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 9ae5d1b6-401e-00d9-12c7-2c7eca000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7614c0816d4e9b83-FRA
expires: Fri, 28 Oct 2022 19:37:18 GMT

GET
H2 200 page-data.json Show response
spotify.design/page-data/team/ 51 KB
7 KB 73ms
61ms XHR
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/team/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

bdbe281e793c9504037d7fc0a84da7a3bb55cacd0c366aa54a4c832777ee421d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 33c60aa45db45f6822bf2a3f9d55f5f9;o=1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json Show response
spotify.design/page-data/tools/ 37 KB
4 KB 81ms
69ms XHR
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/tools/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

31cfb92be587f8f1465be4b3a6d1206750310b90f6692e6f6e1aa7474c3c1df8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 5256c33a3eb56715554f5815a2e44b09
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json Show response
spotify.design/page-data/stories/listen/ 103 KB
12 KB 69ms
69ms XHR
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/stories/listen/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

4bd07dd1a730c98652606bbf06d96a04c881086549c98f81704d6c137195d014

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 33c60aa45db45f6822bf2a3f9d55f5f9;o=1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json Show response
spotify.design/page-data/article/grace-kwon-senior-service-designer/ 43 KB
8 KB 72ms
64ms XHR
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/article/grace-kwon-senior-service-designer/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

88a3c54f8e33fc7beef8ac5096a51f0133d4273efee16d106d38486ce997ea9a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 33c60aa45db45f6822bf2a3f9d55f5f9;o=1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json Show response
spotify.design/page-data/article/jc-chhim-senior-product-designer/ 45 KB
8 KB 74ms
65ms XHR
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/article/jc-chhim-senior-product-designer/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

f68fbaf87d549de8771d522fd15ead75129030ac35afc77d01fa11b7c1a0a14c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: fcaa1341b9394856a9e000e855c8823e
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json Show response
spotify.design/page-data/article/scaling-design-ops/ 74 KB
15 KB 77ms
69ms XHR
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/article/scaling-design-ops/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

45182295a1414af7485522bff03d410cba4efb37a2a62d2419a48e557d7f0a34

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 574009d67f8a9fb471edb8a3268d8be1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json Show response
spotify.design/page-data/index/ 201 KB
24 KB 78ms
70ms XHR
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/index/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

8327af006cd7a29a5a471d351d121642d6269c22b978bcf2e075b068eb6fa352

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 5256c33a3eb56715554f5815a2e44b09
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page-data.json Show response
spotify.design/page-data/stories/ 682 KB
77 KB 72ms
71ms XHR
application/json 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/page-data/stories/page-data.json

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

2a1ce18bc426fb132290d105c6b856026027f0319c65bf9fadb12c45b8f7eac9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 2743198bb71fea0f16b944807a6355f4
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK index.html Show response
sdk.scdn.co/embedded/ Frame 7BD6 569 B
925 B 43ms
42ms Document
text/html 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.scdn.co/embedded/index.html
Requested by: Host: sdk.scdn.co
URL: https://sdk.scdn.co/spotify-player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1fee0b34c67a3e22047b627896862289225552817e79f658ade465b28c7103e0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 914249
Cache-Control: public, max-age=3600
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 345
Content-Type: text/html
Date: Fri, 28 Oct 2022 15:37:18 GMT
ETag: "a6730f3a37490ccd43c7d0edd582ad61"
Last-Modified: Fri, 14 Oct 2022 12:13:32 GMT
X-Cache: HIT, HIT
X-Cache-Hits: 1461, 3
X-Served-By: cache-chi-kigq8000115-CHI, cache-hhn11527-HHN
x-goog-generation: 1665749612555965
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 345

GET
H2 200 component---src-pages-team-tsx-a6af872c6e19adb70554.js
spotify.design/ 0
13 KB 111ms
110ms Other
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/component---src-pages-team-tsx-a6af872c6e19adb70554.js

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 2743198bb71fea0f16b944807a6355f4
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 7BD6 49 KB
20 KB 401ms
39ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:01:58 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 2120
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Fri, 28 Oct 2022 17:01:58 GMT

GET
H/1.1 200
OK index.js Show response
sdk.scdn.co/embedded/ Frame 7BD6 696 KB
169 KB 39ms
37ms Script
application/javascript 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.scdn.co/embedded/index.js
Requested by: Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 9856781a9cfae7a222da2e948c2f9ebdf682287b1cbd238b2479606d674cebd9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sdk.scdn.co/embedded/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Fri, 28 Oct 2022 15:37:18 GMT
Content-Encoding: gzip
Age: 919264
X-Cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
Connection: keep-alive
Content-Length: 172104
X-Served-By: cache-chi-kigq8000091-CHI, cache-hhn11527-HHN
Last-Modified: Fri, 14 Oct 2022 12:13:32 GMT
ETag: "489fa342cd78803d82fe0f981c841daf"
x-goog-generation: 1665749612828699
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
x-goog-stored-content-length: 172104
Accept-Ranges: bytes
X-Cache-Hits: 11454, 1

GET
H2 200 component---src-pages-tools-tsx-682cbff027073db93814.js
spotify.design/ 0
1 KB 105ms
104ms Other
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/component---src-pages-tools-tsx-682cbff027073db93814.js

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: b6e60d6daf554202da7437540f1feaa0
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 component---src-components-listen-tsx-ebbe1c9e57ab0288f4a7.js
spotify.design/ 0
775 B 104ms
103ms Other
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/component---src-components-listen-tsx-ebbe1c9e57ab0288f4a7.js

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: b6e60d6daf554202da7437540f1feaa0
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 42 B
262 B 443ms
91ms XHR
application/json 2606:4700:4400::ac40:929e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:929e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f535a51459b52869c655d036a26642811651265429aecc1ce589733146bbd757

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 15:37:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 7614c083ff469094-FRA
access-control-allow-headers: Content-Type
content-length: 42

GET
H2 200 component---src-pages-articles-article-spotlight-tsx-6b29c6491368ebce38aa.js
spotify.design/ 0
2 KB 98ms
98ms Other
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/component---src-pages-articles-article-spotlight-tsx-6b29c6491368ebce38aa.js

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 574009d67f8a9fb471edb8a3268d8be1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 component---src-pages-articles-article-long-form-tsx-d2fba3096181f28c2db0.js
spotify.design/ 0
4 KB 94ms
94ms Other
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/component---src-pages-articles-article-long-form-tsx-d2fba3096181f28c2db0.js

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 574009d67f8a9fb471edb8a3268d8be1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 component---src-pages-index-tsx-45b7d57417f049962d65.js
spotify.design/ 0
19 KB 87ms
87ms Other
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/component---src-pages-index-tsx-45b7d57417f049962d65.js

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 574009d67f8a9fb471edb8a3268d8be1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 component---src-pages-stories-tsx-6e863463c301fe99281b.js
spotify.design/ 0
962 B 76ms
76ms Other
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://spotify.design/component---src-pages-stories-tsx-6e863463c301fe99281b.js

Requested by

Host: spotify.design
URL: https://spotify.design/app-fb994cb4a8f55c2339f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com .scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' .contentful.com .scdn.co .ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' .spotify.com .scdn.co .contentful.com .ctfassets.net www.google-analytics.com cdn.cookielaw.org .onetrust.com; media-src 'self' .contentful.com .ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' .scdn.co .spotify.com .youtube.com .vimeo.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer
server: Google Frontend
etag: "hoJjAQ"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: https://spotify.design
x-cloud-trace-context: 574009d67f8a9fb471edb8a3268d8be1
cache-control: no-cache, must-revalidate
feature-policy: autoplay 'self' https://sdk.scdn.co; encrypted-media 'self' https://sdk.scdn.co; fullscreen 'self';
access-control-allow-headers: Access-Control-Allow-Origin, Content-Type, Access-Control-Allow-Methods, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, X-Content-Type-Options
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
apresolve.spotify.com/ Frame 7BD6 273 B
273 B 151ms
46ms Fetch
application/json 2600:1901:0:524d::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apresolve.spotify.com/?type=dealer&type=spclient
Requested by: Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:524d:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e291612711e081df634f08361cb9f3e0785c6f2d8da67e30839b0e27780aa883

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
via: 1.1 google
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.23.0/ 312 KB
75 KB 49ms
49ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: joMckLq8BtEunD8NH/4XVA==
age: 13338
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 76366
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:58 GMT
server: cloudflare
etag: 0x8D96DBF6CBEE741
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 078992f7-401e-0051-5acf-11c613000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7614c0849807bb67-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/db6fc0f2-3a62-4b76-b62a-4e72db863cad/0bb1437e-7fc5-453d-8295-b19834bf67c0/ 106 KB
21 KB 56ms
55ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/db6fc0f2-3a62-4b76-b62a-4e72db863cad/0bb1437e-7fc5-453d-8295-b19834bf67c0/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c71a7af15fbd22766e5c254708cdb5e9c8fa718ab59a849e02287fdd31d84dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ek3iKov1934Xh53KTyfkQg==
age: 11932
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 21352
x-ms-lease-status: unlocked
last-modified: Wed, 08 Sep 2021 14:38:03 GMT
server: cloudflare
etag: 0x8D972D643BDCB61
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 02934a78-401e-009d-53c7-2ca2a6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7614c0854ef99b83-FRA
expires: Fri, 28 Oct 2022 19:37:18 GMT

GET
H2 200 iab2Data.json Show response
cdn.cookielaw.org/vendorlist/ 360 KB
52 KB 74ms
73ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/vendorlist/iab2Data.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a69138d0d40754726a2300f4985df53d56503eb588d6e4391acfb415aa4714f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: T128EWh0IRhlkdFdWHoFUw==
age: 11932
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 52552
x-ms-lease-status: unlocked
last-modified: Fri, 28 Oct 2022 08:41:42 GMT
server: cloudflare
etag: 0x8DAB8C03D06AEE8
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b4100947-b01e-0000-22ac-ead8e6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7614c0854efe9b83-FRA

GET
H2 200 otTCF.js Show response
cdn.cookielaw.org/scripttemplates/6.23.0/ 67 KB
15 KB 45ms
45ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/otTCF.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f4ade5c0b8fdedeefdd3a199c26f0e8abd2d526fd30f84a4ced9931be959c16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Oct 2022 15:37:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: lu40VrYjAGw+l/zvqO+mkw==
age: 10022
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 14840
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:59 GMT
server: cloudflare
etag: 0x8D96DBF6D9991DE
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 104d502e-001e-0091-7f6c-c44c57000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7614c08549b0bb67-FRA

GET
H2 400 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame 7BD6 99 B
281 B 50ms
49ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

2930399e94032c46e37527b481565b4768465ec21431f9e8c8fbc54c132702e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://sdk.scdn.co/
accept-language: de-DE,de;q=0.9
authorization: Bearer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_request", error_description="Only valid bearer authentication supported"
x-content-type-options: nosniff
via: HTTP/2 edgeproxy, 1.1 google
server: envoy
date: Fri, 28 Oct 2022 15:37:18 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
content-length: 112
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 164ms
51ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://sdk.scdn.co
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-origin: *
access-control-max-age: 604800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 28 Oct 2022 15:37:18 GMT
server: envoy
strict-transport-security: max-age=31536000
via: HTTP/2 edgeproxy, 1.1 google
x-content-type-options: nosniff

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ 13 KB
3 KB 48ms
47ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Oct 2022 15:37:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: r7t3xbAZ3QK/7lQuu5X7ww==
age: 11933
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2950
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:51 GMT
server: cloudflare
etag: 0x8D96DBF68EC8D5B
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 7225e320-601e-0009-2cc3-06c268000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7614c08659aa9b83-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ 62 KB
15 KB 50ms
50ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54b63109325575d74839e7eb0f5ce7831eb488d70ff7549b77b20463351a3433

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Oct 2022 15:37:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: RtPHV1sR9C68lWN3mtdsMA==
age: 11933
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 14838
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:51 GMT
server: cloudflare
etag: 0x8D96DBF689DC22A
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: b65b1a07-a01e-00be-3f2b-57cd6d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7614c08659ac9b83-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ 20 KB
4 KB 67ms
67ms Fetch
text/css 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Oct 2022 15:37:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Ye6OeZcNyuFoWog7CYs00A==
age: 11933
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:12:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: c444dd9b-901e-001c-72fe-0500f1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 7614c08659af9b83-FRA

GET
H3 400 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame 7BD6 99 B
136 B 49ms
49ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

2930399e94032c46e37527b481565b4768465ec21431f9e8c8fbc54c132702e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://sdk.scdn.co/
accept-language: de-DE,de;q=0.9
authorization: Bearer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_request", error_description="Only valid bearer authentication supported"
x-content-type-options: nosniff
via: HTTP/2 edgeproxy, 1.1 google
server: envoy
date: Fri, 28 Oct 2022 15:37:19 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
content-length: 112
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H3 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 49ms
49ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://sdk.scdn.co
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-origin: *
access-control-max-age: 604800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 28 Oct 2022 15:37:19 GMT
server: envoy
strict-transport-security: max-age=31536000
via: HTTP/2 edgeproxy, 1.1 google
x-content-type-options: nosniff

GET
H3 400 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame 7BD6 99 B
136 B 127ms
127ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

2930399e94032c46e37527b481565b4768465ec21431f9e8c8fbc54c132702e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://sdk.scdn.co/
accept-language: de-DE,de;q=0.9
authorization: Bearer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_request", error_description="Only valid bearer authentication supported"
x-content-type-options: nosniff
via: HTTP/2 edgeproxy, 1.1 google
server: envoy
date: Fri, 28 Oct 2022 15:37:20 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
content-length: 112
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H3 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 52ms
51ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://sdk.scdn.co
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-origin: *
access-control-max-age: 604800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 28 Oct 2022 15:37:21 GMT
server: envoy
strict-transport-security: max-age=31536000
via: HTTP/2 edgeproxy, 1.1 google
x-content-type-options: nosniff

Verdicts & Comments Add Verdict or Comment

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.creative.artisantalent.com/	1970-01-20 07:02:53	Name: __cf_bm Value: gKitfBXFaQlfPhG2EikUrJ1qwmhL3U.nXC8Tav7rLmA-1666971437-0-ARVNwJHgtKCI1Bv3o11RIJZsPaj45I/WaOdGF3cILPKKtkw/PBBHFB9Ocv2KplndUqoBCSxI084yNdJ9kmzS+Dk=
.creative.artisantalent.com/	1969-12-31 23:59:59	Name: __cfruid Value: 499d46bb24b03a74e1747ed41448477e4f09b4a0-1666971437
.spotify.design/	1970-01-20 15:48:27	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Fri+Oct+28+2022+15%3A37%3A19+GMT%2B0000+(GMT)&version=6.23.0&hosts=&consentId=ec7f231b-0bee-423e-8294-90d720a15523&interactionCount=0&landingPath=https%3A%2F%2Fspotify.design%2Farticle%2Fbackstage-tickets-to-the-world-of-service-design-at-spotify%3Futm_campaign%3DNewsletters%2520-%25202020%26utm_medium%3Demail%26_hsmi%3D231531564%26_hsenc%3Dp2ANqtz--HaGHwCI3g6rjlN-L93eTU-m1OanJd2sdGMOwEA8D7uAnvxsKUG_rcvZYn62FyLMLg7iOmb8S53SoKJGnDWv98vU4nog%26utm_content%3D231531564%26utm_source%3Dhs_email&groups=s00%3A1%2Cf00%3A0%2Cm00%3A0%2Ct00%3A0%2Ci00%3A0%2CSTACK3%3A0%2CSTACK11%3A0%2CSTACK20%3A0

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://sdk.scdn.co/embedded/index.js(Line 2) Message: It is recommended that a robustness level be specified. Not specifying the robustness level could result in unexpected behavior.
network	error	URL: https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.spotify.com
apresolve.spotify.com
cdn.cookielaw.org
creative.artisantalent.com
geolocation.onetrust.com
images.ctfassets.net
sdk.scdn.co
spotify.design
www.google-analytics.com
www.googletagmanager.com
2001:4860:4802:32::15
2600:1901:0:524d::
2600:1901:1:c36::
2600:9000:225e:a200:12:94b3:c380:93a1
2606:2c40::c73c:67e4
2606:4700:4400::ac40:929e
2606:4700::6810:9440
2a00:1450:4001:806::2008
2a00:1450:4001:80f::200e
2a04:4e42:62::760
0e1e4f36fc8076dd1b5f30ac8aeaeed4b5927e475d0d4e7b8d63a33beb2fd0b5
0e2478e89e0d9c07dfc5e9abc37e94761a5423493e7ed6e5e7a1f67995306dc1
16f860a080d405f412750f83c4ee2168302cd1f3347416b5b3ae50bae3571b28
1fe1bade116972d1bed66fce030b95b9526c8e3c85ead56edfb92a8436f62f07
1fee0b34c67a3e22047b627896862289225552817e79f658ade465b28c7103e0
27b802c5ce4ff03a576ab4d83a834448b2a7b8c2a82557c0353f2530b25c613b
2930399e94032c46e37527b481565b4768465ec21431f9e8c8fbc54c132702e3
2a1ce18bc426fb132290d105c6b856026027f0319c65bf9fadb12c45b8f7eac9
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
2fadbba039f859db355efc06294158f83db0b605d83f8e503b2f390a81dc3e05
3148b446208b70913cd7a7a17687bb41b36aab8c5686291f4ae14c9ebd2ab458
31cfb92be587f8f1465be4b3a6d1206750310b90f6692e6f6e1aa7474c3c1df8
32d8921f22ab8d81614e979a04445e6695d877343cc11b5b755d773ed5a01986
362565e44e7d52800381c7a502834830e6ecbe6742214f87e32e8c2c79f856d2
38482851c7c9a229cdb41222ea5129241b75a6fec9d6be71c1210fd8f89e543c
45182295a1414af7485522bff03d410cba4efb37a2a62d2419a48e557d7f0a34
4bd07dd1a730c98652606bbf06d96a04c881086549c98f81704d6c137195d014
4de9be81b0658742b5408696d30882950dee00bd1a66c63b0d6eacdc00f78035
4e3178d4c0da5ab0364b00e9deb2465535b9b667ee20386523e5f1836e653037
54b63109325575d74839e7eb0f5ce7831eb488d70ff7549b77b20463351a3433
56eef5eb5631927cc189752237b6a6077e12f6b611eb16318d7939972d946d7f
5c71a7af15fbd22766e5c254708cdb5e9c8fa718ab59a849e02287fdd31d84dc
667d9859304d6363e1a07cd061358f2be038d077f0ad4fba2e3e113ab3297430
68d5bef571c6a9e14d8a182bc2ed9cbe64d353a86dcba0387440760cbeed8f53
72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4
81ca50f5e95fc4d4957d73edb72bca422928ed071a39bc3c7f6e66c0586c839f
8327af006cd7a29a5a471d351d121642d6269c22b978bcf2e075b068eb6fa352
88a3c54f8e33fc7beef8ac5096a51f0133d4273efee16d106d38486ce997ea9a
8dd8d26fd3602896e53d7e10b8d6436b1f0fef79454525b1cfa4293ceaae93ae
8f4ade5c0b8fdedeefdd3a199c26f0e8abd2d526fd30f84a4ced9931be959c16
9856781a9cfae7a222da2e948c2f9ebdf682287b1cbd238b2479606d674cebd9
99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1
a69138d0d40754726a2300f4985df53d56503eb588d6e4391acfb415aa4714f3
a9d8ae96f7d8b1c672c9cdf8709e876e76172e41c2d9f15a842fc6d9c6f5573d
ad8191b5bcad004f9a2225a3a796afb6a28d9e66aa63cfda8283a8386c8173b3
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b9a1e0336031deb3bbea8e3dfe8fccc81aa5532f541a9e607aca4abb68f8229d
bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0
bd1dd7cfc5a5ff4e939bebf07c9409fb08e41da3175ea676dbcb9d9f64d21d18
bdbe281e793c9504037d7fc0a84da7a3bb55cacd0c366aa54a4c832777ee421d
c2895afc5eda9b7b17c492e2c50cb4102f224b792b33d23c310fbd664e1c6a78
dc3773164d8fdac551ab6e8a70bfee5e9385a94aa05e0153268b016d58935f6b
dd36cadd2847108bba1ff47933cc31442da957f98794156810de18e92083e31e
e291612711e081df634f08361cb9f3e0785c6f2d8da67e30839b0e27780aa883
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e59780e4246c0918b42f104a9373facf41afb5e694222adcc4d3e31ef993e2d6
ea393486f21307f8441a06a46571a3a8c04444827f5bbec4eac4cc39292261fb
f535a51459b52869c655d036a26642811651265429aecc1ce589733146bbd757
f63d80cf2d03ecb96401261a4e7c83d48fce19e5478bc3a843275cae664ba525
f68fbaf87d549de8771d522fd15ead75129030ac35afc77d01fa11b7c1a0a14c
fbfa6fe07a55294eb6ce90f4d673b006ef42439a07ac38f377d4783aab73fc1b

spotify.design Open in urlscan Pro 2001:4860:4802:32::15 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

71 Requests

100 %HTTPS

100 %IPv6

9 Domains

10 Subdomains

10 IPs

2 Countries

1444 kBTransfer

4813 kBSize

3 Cookies

20 Outgoing links

Page URL History

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

spotify.design Open in urlscan Pro
2001:4860:4802:32::15 Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

100 %
HTTPS

100 %
IPv6

9
Domains

10
Subdomains

10
IPs

2
Countries

1444 kB
Transfer

4813 kB
Size

3
Cookies

71 HTTP transactions
0 data transactions