Submitted URL: https://plan1.mdzn.digital/
Effective URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Submission: On November 18 via api from US — Scanned from DE

Summary

This website contacted 5 IPs in 2 countries across 2 domains to perform 22 HTTP transactions. The main IP is 13.32.99.120, located in United States and belongs to AMAZON-02, US. The main domain is buy.stripe.com. The Cisco Umbrella rank of the primary domain is 239749.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on October 30th 2024. Valid for: 3 months.
This is the only time buy.stripe.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 3.33.251.168 16509 (AMAZON-02)
1 13.32.99.120 16509 (AMAZON-02)
16 143.204.215.90 16509 (AMAZON-02)
3 176.34.78.115 16509 (AMAZON-02)
1 18.202.131.124 16509 (AMAZON-02)
1 54.187.119.242 16509 (AMAZON-02)
22 5
Apex Domain
Subdomains
Transfer
22 stripe.com
buy.stripe.com — Cisco Umbrella Rank: 239749
js.stripe.com — Cisco Umbrella Rank: 1073
merchant-ui-api.stripe.com — Cisco Umbrella Rank: 6254
checkout-cookies.stripe.com — Cisco Umbrella Rank: 84571
r.stripe.com — Cisco Umbrella Rank: 2424
1 MB
1 mdzn.digital
plan1.mdzn.digital
330 B
22 2
Domain Requested by
16 js.stripe.com buy.stripe.com
js.stripe.com
3 merchant-ui-api.stripe.com buy.stripe.com
1 r.stripe.com buy.stripe.com
1 checkout-cookies.stripe.com buy.stripe.com
1 buy.stripe.com
1 plan1.mdzn.digital 1 redirects
22 6

This site contains no links.

Subject Issuer Validity Valid
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA
2024-10-30 -
2025-02-06
3 months crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2024-11-11 -
2025-02-27
4 months crt.sh

This page contains 4 frames:

Primary Page: https://buy.stripe.com/00g5n0ddHg1ngUg005
Frame ID: ECCEDA37663A96A47FD3BB44639F3D97
Requests: 19 HTTP requests in this frame

Frame: https://js.stripe.com/v3/link-login-inner-e018542e5669858aee1009bf2028213a.html
Frame ID: 8F39BBECE0B7A83B14F90BC6CB49CF0A
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/checkout-inner-origin-frame-9057a55a6a8ada41681908044861c7c9.html
Frame ID: 46F2FE9A93E82436E2F9902DAAF560EA
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: C436736ECF217665061A508BBD06D659
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Stripe Checkout

Page URL History Show full URLs

  1. https://plan1.mdzn.digital/ HTTP 301
    https://buy.stripe.com/00g5n0ddHg1ngUg005 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Page Statistics

22
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

6
Subdomains

5
IPs

2
Countries

1210 kB
Transfer

4888 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://plan1.mdzn.digital/ HTTP 301
    https://buy.stripe.com/00g5n0ddHg1ngUg005 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request 00g5n0ddHg1ngUg005
buy.stripe.com/
Redirect Chain
  • https://plan1.mdzn.digital/
  • https://buy.stripe.com/00g5n0ddHg1ngUg005
348 KB
91 KB
Document
General
Full URL
https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-120.fra60.r.cloudfront.net
Software
Cloudfront /
Resource Hash
80cb3b4fc47332cad24932391611e8de96be73368350e8b913c975ac70f6553a
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://js.stripe.com https://r.stripe.com https://checkout-cookies.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://merchant-ui-api.stripe.com; default-src 'self'; font-src 'self' https://js.stripe.com; form-action 'none'; frame-src 'self' https://js.stripe.com https://payments.stripe.com https://checkout.link.com; img-src 'self' https://q.stripe.com https://js.stripe.com https://stripe-camo.global.ssl.fastly.net https://d1wqzb5bdbcre6.cloudfront.net https://qr.stripe.com https://b.stripecdn.com https://files.stripe.com; media-src 'none'; object-src 'none'; script-src 'self' https://js.stripe.com 'sha256-BNulBYV1JXGvq9NQg7814ZyyVZCqfRI1aq5d+PSIdgI=' 'sha256-Nus40+nvvmtoWUjpw+sjNvq+3KPCIzOo2lqP2uBn+/s=' 'sha256-Rs7zoycEGz8Aoh9NxrpDQaZ9oV27ZjlGKVOcL1V1ntA='; style-src 'self' https://js.stripe.com 'sha256-0wCsuxti3m6dSdXFrCFETD2dpAVJPkB2rNReo7a96ME='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
117
alt-svc
h3=":443"; ma=86400
cache-control
max-age=60, stale-while-revalidate=900
content-encoding
br
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://js.stripe.com https://r.stripe.com https://checkout-cookies.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://merchant-ui-api.stripe.com; default-src 'self'; font-src 'self' https://js.stripe.com; form-action 'none'; frame-src 'self' https://js.stripe.com https://payments.stripe.com https://checkout.link.com; img-src 'self' https://q.stripe.com https://js.stripe.com https://stripe-camo.global.ssl.fastly.net https://d1wqzb5bdbcre6.cloudfront.net https://qr.stripe.com https://b.stripecdn.com https://files.stripe.com; media-src 'none'; object-src 'none'; script-src 'self' https://js.stripe.com 'sha256-BNulBYV1JXGvq9NQg7814ZyyVZCqfRI1aq5d+PSIdgI=' 'sha256-Nus40+nvvmtoWUjpw+sjNvq+3KPCIzOo2lqP2uBn+/s=' 'sha256-Rs7zoycEGz8Aoh9NxrpDQaZ9oV27ZjlGKVOcL1V1ntA='; style-src 'self' https://js.stripe.com 'sha256-0wCsuxti3m6dSdXFrCFETD2dpAVJPkB2rNReo7a96ME='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 18 Nov 2024 11:34:42 GMT
etag
W/"b321c7aadb7fef6bbce2473af6b0e28b"
last-modified
Fri, 15 Nov 2024 21:52:39 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
x-amz-cf-id
w6B5jn3RzWBUGhkfl4K6NXkK7eN-DP77_qaWxQgzLLfJwIaIa973FA==
x-amz-cf-pop
FRA60-P3
x-cache
RefreshHit from cloudfront
x-content-type-options
nosniff

Redirect headers

Connection
close
Content-Length
76
Content-Type
text/html; charset=utf-8
Date
Mon, 18 Nov 2024 11:36:37 GMT
Location
https://buy.stripe.com/00g5n0ddHg1ngUg005
Server
ip-100-74-4-161.eu-west-2.compute.internal
Vary
Accept-Encoding
X-Request-Id
e5d89055-c8c7-46fb-9685-18e43f936d59
checkout-app-init-67f622b0daa741f8f4c2fe56b128d4c2.js
js.stripe.com/v3/fingerprinted/js/
2 MB
480 KB
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/checkout-app-init-67f622b0daa741f8f4c2fe56b128d4c2.js
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
36cad05a81d0cf933a9273e428ba10456f6f27cc2378e0779a20b1455aa64997
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://buy.stripe.com/

Response headers

content-encoding
br
etag
W/"e133c36cc0a10c6e05fef4c790869968"
age
72
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
fSAneKnlet-TJkcBk4iArGvkjnAu40gi5bhGU3vLGEAkGqrUrUhj3g==
date
Mon, 18 Nov 2024 11:36:10 GMT
content-type
text/javascript; charset=utf-8
last-modified
Fri, 15 Nov 2024 21:14:20 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA53-C1
server
Cloudfront
checkout-app-init-a3ed69a6c55e0bf292f87a7cd30b93ab.css
js.stripe.com/v3/fingerprinted/css/
370 KB
53 KB
Stylesheet
General
Full URL
https://js.stripe.com/v3/fingerprinted/css/checkout-app-init-a3ed69a6c55e0bf292f87a7cd30b93ab.css
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
30bdbb6092e5cb5b17315456520a5c5dd0de42ff7adbcd9dbadeeb4188ea8844
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://buy.stripe.com/

Response headers

content-encoding
br
etag
W/"9f4ba8a1b4d396649d39c79d2c6a5683"
age
782
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
52oUXO2jl9PY2-eUddbgseChSNXxwhOlNpZ8907M_C2Vy0TF8_Ti1g==
date
Mon, 18 Nov 2024 11:23:45 GMT
content-type
text/css; charset=utf-8
last-modified
Fri, 15 Nov 2024 18:05:20 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA53-C1
server
Cloudfront
vendor-d96e0955dd53dca0185000b892692714.js
js.stripe.com/v3/fingerprinted/js/
644 KB
191 KB
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/vendor-d96e0955dd53dca0185000b892692714.js
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
247bd439517c6c74d52c80e8c9ff51c27785a7a98c216c085b0dac084fda20f6
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://buy.stripe.com/

Response headers

content-encoding
br
etag
W/"caa0c3e54d70fff7c012f244e2026b9c"
age
459
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
wCMqkOjEEow-CKfb3qCskMJTs7aLLIaDLjbgqfdPItxr7V5BhYk3PQ==
date
Mon, 18 Nov 2024 11:30:35 GMT
content-type
text/javascript; charset=utf-8
last-modified
Wed, 13 Nov 2024 22:04:02 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA53-C1
server
Cloudfront
stripe-37c79a72efc0e2990df78396d3f39462.js
js.stripe.com/v3/fingerprinted/js/
689 KB
180 KB
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/stripe-37c79a72efc0e2990df78396d3f39462.js?stripeCheckoutInitialized=true
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
1a46b36ec6301f7bda40b07d288c844903e321bf24a9805145e8f0495d3a3f69
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://buy.stripe.com/

Response headers

content-encoding
br
etag
W/"0402471902b989a3d0ea87b6a6ed787f"
age
2852
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
x61UcGCyWawAmDGtcnAz4JzB6SkANQH6V4yGqWM5EyaC5d6LaXEzgg==
date
Mon, 18 Nov 2024 10:50:09 GMT
content-type
text/javascript; charset=utf-8
last-modified
Fri, 15 Nov 2024 21:14:24 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA53-C1
server
Cloudfront
00g5n0ddHg1ngUg005
merchant-ui-api.stripe.com/payment-links/
76 B
875 B
Fetch
General
Full URL
https://merchant-ui-api.stripe.com/payment-links/00g5n0ddHg1ngUg005
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
176.34.78.115 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-176-34-78-115.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
22b3900622cc77fbdd9ba5719fbe2da4074867e0b9407e1242a1e504e6ac6599
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'; upgrade-insecure-requests; report-uri /csp-violation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://buy.stripe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/x-www-form-urlencoded

Response headers

x-robots-tag
none
access-control-max-age
300
x-wc
AB
report-to
{"group":"coop","max_age":8640,"endpoints":[{"url":"https://q.stripe.com/coop-report"}],"include_subdomains":true}
access-control-allow-methods
GET, POST
request-id
req_2daOqo4IUOG0GT
expires
0
x-content-type-options
nosniff
date
Mon, 18 Nov 2024 11:36:39 GMT
content-type
application/json; charset=UTF-8
vary
Origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
reporting-endpoints
coop="https://q.stripe.com/coop-report"
content-security-policy
base-uri 'none'; default-src 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'; upgrade-insecure-requests; report-uri /csp-violation
cache-control
max-age=0, no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
same-site
referrer-policy
strict-origin-when-cross-origin
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="coop"
content-length
76
server
nginx
00g5n0ddHg1ngUg005
merchant-ui-api.stripe.com/payment-links/
249 B
1 KB
Fetch
General
Full URL
https://merchant-ui-api.stripe.com/payment-links/00g5n0ddHg1ngUg005
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
176.34.78.115 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-176-34-78-115.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
61c30dcf2bb45d287976d65e87e9e2a2b7f2d649978bec3980d60824c0e29a01
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'; upgrade-insecure-requests; report-uri /csp-violation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://buy.stripe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/x-www-form-urlencoded

Response headers

x-robots-tag
none
access-control-max-age
300
x-wc
AB
report-to
{"group":"coop","max_age":8640,"endpoints":[{"url":"https://q.stripe.com/coop-report"}],"include_subdomains":true}
access-control-allow-methods
GET, POST
request-id
req_IGIPadH6tnJyWX
expires
0
x-content-type-options
nosniff
date
Mon, 18 Nov 2024 11:36:39 GMT
content-type
application/json; charset=UTF-8
vary
Origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
reporting-endpoints
coop="https://q.stripe.com/coop-report"
content-security-policy
base-uri 'none'; default-src 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'; upgrade-insecure-requests; report-uri /csp-violation
cache-control
max-age=0, no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
same-site
referrer-policy
strict-origin-when-cross-origin
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="coop"
content-length
249
server
nginx
get-cookie
merchant-ui-api.stripe.com/link/
35 B
879 B
Fetch
General
Full URL
https://merchant-ui-api.stripe.com/link/get-cookie
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
176.34.78.115 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-176-34-78-115.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8d0c04f065692bfeb27d08b1aa3c98a734abdfdabd44cc5f5757e20ac6ff7ff3
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'; upgrade-insecure-requests; report-uri /csp-violation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://buy.stripe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/x-www-form-urlencoded

Response headers

x-robots-tag
none
access-control-max-age
300
x-wc
AB
report-to
{"group":"coop","max_age":8640,"endpoints":[{"url":"https://q.stripe.com/coop-report"}],"include_subdomains":true}
access-control-allow-methods
GET, POST
request-id
req_hj5nXC8jzdYKYL
expires
0
x-content-type-options
nosniff
date
Mon, 18 Nov 2024 11:36:39 GMT
content-type
application/json; charset=UTF-8
vary
Origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
reporting-endpoints
coop="https://q.stripe.com/coop-report"
content-security-policy
base-uri 'none'; default-src 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'; upgrade-insecure-requests; report-uri /csp-violation
cache-control
max-age=0, no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
same-site
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
access-control-allow-origin
https://buy.stripe.com
cross-origin-opener-policy-report-only
same-origin; report-to="coop"
content-length
35
server
nginx
get-cookie
checkout-cookies.stripe.com/api/
35 B
854 B
Fetch
General
Full URL
https://checkout-cookies.stripe.com/api/get-cookie
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.202.131.124 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-131-124.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8d0c04f065692bfeb27d08b1aa3c98a734abdfdabd44cc5f5757e20ac6ff7ff3
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'none'; script-src 'none' 'report-sample'; style-src 'none'; upgrade-insecure-requests; report-uri /csp-violation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://buy.stripe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/x-www-form-urlencoded

Response headers

x-robots-tag
none
access-control-max-age
300
x-wc
AB
report-to
{"group":"coop","max_age":8640,"endpoints":[{"url":"https://q.stripe.com/coop-report"}],"include_subdomains":true}
access-control-allow-methods
GET, POST
x-content-type-options
nosniff
expires
0
date
Mon, 18 Nov 2024 11:36:39 GMT
content-type
application/json; charset=UTF-8
vary
Origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
reporting-endpoints
coop="https://q.stripe.com/coop-report"
content-security-policy
base-uri 'none'; default-src 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'none'; script-src 'none' 'report-sample'; style-src 'none'; upgrade-insecure-requests; report-uri /csp-violation
cache-control
max-age=0, no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
same-site
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
access-control-allow-origin
https://buy.stripe.com
cross-origin-opener-policy-report-only
same-origin; report-to="coop"
content-length
35
server
nginx
.deploy_status_henson.json
js.stripe.com/v3/
474 B
943 B
Fetch
General
Full URL
https://js.stripe.com/v3/.deploy_status_henson.json
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
9a2aab98b1f5355cac61b637a10d7c154d7dc417b15fcb877ea260b6331a8102
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://buy.stripe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/x-www-form-urlencoded

Response headers

etag
"7637cd268ae5c7c7d07777bcc2795139"
age
31
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
F-i_jnsVSQj6y--yRwFo-qPzGYGx7lTYVtMCpuQ3vmudyU-ADa4UQA==
date
Mon, 18 Nov 2024 11:36:39 GMT
content-type
application/json
last-modified
Fri, 15 Nov 2024 21:52:41 GMT
vary
accept-encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=60
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
474
x-amz-cf-pop
FRA53-C1
server
Cloudfront
link-login-inner-e018542e5669858aee1009bf2028213a.html
js.stripe.com/v3/ Frame 8F39
0
0
Document
General
Full URL
https://js.stripe.com/v3/link-login-inner-e018542e5669858aee1009bf2028213a.html
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self' 'sha256-PEyE9oLMt1x4g8IsfVcuMBFIbLjX1ZvTPGmxrtihSak='; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
77
alt-svc
h3=":443"; ma=86400
cache-control
max-age=60, stale-while-revalidate=900
content-encoding
gzip
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self' 'sha256-PEyE9oLMt1x4g8IsfVcuMBFIbLjX1ZvTPGmxrtihSak='; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 18 Nov 2024 11:35:56 GMT
etag
W/"43aa50925558a34ae1bac3bcfe8f29d5"
last-modified
Fri, 15 Nov 2024 21:14:25 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
x-amz-cf-id
_i7-oy3ssMfbAkpB5JrQ6D4snFHnl7zotVaW66doNnbg0UjPGMVMNg==
x-amz-cf-pop
FRA53-C1
x-cache
RefreshHit from cloudfront
x-content-type-options
nosniff
checkout-inner-origin-frame-9057a55a6a8ada41681908044861c7c9.html
js.stripe.com/v3/ Frame 46F2
0
0
Document
General
Full URL
https://js.stripe.com/v3/checkout-inner-origin-frame-9057a55a6a8ada41681908044861c7c9.html
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://api.stripe.com https://r.stripe.com https://js.stripe.com; default-src 'none'; font-src 'none'; form-action 'none'; img-src 'none'; object-src 'none'; script-src 'self' 'sha256-GI/6qbQadwTYzpPiGKGR77ieM0Ghh2jYL5DNcnLfW00='; style-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://buy.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
1394
alt-svc
h3=":443"; ma=86400
cache-control
max-age=31536000
content-encoding
br
content-security-policy
base-uri 'none'; connect-src https://api.stripe.com https://r.stripe.com https://js.stripe.com; default-src 'none'; font-src 'none'; form-action 'none'; img-src 'none'; object-src 'none'; script-src 'self' 'sha256-GI/6qbQadwTYzpPiGKGR77ieM0Ghh2jYL5DNcnLfW00='; style-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 18 Nov 2024 11:13:36 GMT
etag
W/"fda3d45a8c9206183d4f01cab530c0c7"
last-modified
Fri, 15 Nov 2024 21:14:10 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
x-amz-cf-id
Qi75cQVS2noN9mFVVwt_WCt6q-rZt-pJq2fp97DspJGDThZncA2j7Q==
x-amz-cf-pop
FRA53-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
6284-4946e11c3b01c48a8aa6fdedc51610af.js
js.stripe.com/v3/fingerprinted/js/
48 KB
14 KB
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/6284-4946e11c3b01c48a8aa6fdedc51610af.js
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
b1d9c2f6da12b6c765d629e8c5d852b7cffa9b2146b77ea7f23d728cd784cd99
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://buy.stripe.com/

Response headers

content-encoding
gzip
etag
W/"8dbd9f06269bebf13271d604683a25c1"
age
66
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
J59m4yzCm5yy3k82lEAAFHZUkYyS5YT3X8i5aXGIO2FnKAEW90xQgg==
date
Mon, 18 Nov 2024 11:36:39 GMT
last-modified
Tue, 12 Nov 2024 21:47:45 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA53-C1
server
Cloudfront
hosted-transform-error-3c0e6ce3708de44b0ab7f6fbac90bcea.js
js.stripe.com/v3/fingerprinted/js/
414 KB
86 KB
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/hosted-transform-error-3c0e6ce3708de44b0ab7f6fbac90bcea.js
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
5fb6fafa1d53940de4f2d6f8a49443e2af3249ec0bf23a36c586a22e0792c84f
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://buy.stripe.com/

Response headers

content-encoding
br
etag
W/"89a4534f44478f4eaaae44cd84307ab6"
age
1235
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
Ex9my3vwH9oy1tdGc2K-3IEh4K94XOHVtnyNRbfxu0HXzlgBYyE4Ow==
date
Mon, 18 Nov 2024 11:36:39 GMT
last-modified
Fri, 15 Nov 2024 18:05:33 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA53-C1
server
Cloudfront
387-4c3d897fc52d80cb4b5fdc1fdf58d646.js
js.stripe.com/v3/fingerprinted/js/
149 KB
37 KB
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/387-4c3d897fc52d80cb4b5fdc1fdf58d646.js
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
b52c33d9d5730f7814f910f993e778793d3edbf88d628c013825b6a5bc93efaa
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://buy.stripe.com/

Response headers

content-encoding
gzip
etag
W/"460c96df2655f2c674dd81329ab7d3fc"
age
2853
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
nHz7PvuW-X7A9ziKCrD-kKZK6PkVZ2OWZQAHhK3ydy-JIHn2QjlP8g==
date
Mon, 18 Nov 2024 10:50:09 GMT
last-modified
Wed, 13 Nov 2024 22:03:56 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA53-C1
server
Cloudfront
phone-numbers-lib-b60a953b4d57b4225d946595aad86895.js
js.stripe.com/v3/fingerprinted/js/
3 KB
1 KB
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/phone-numbers-lib-b60a953b4d57b4225d946595aad86895.js
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
140b7d9ad4d775fa4f48b8843b891c86daef9cdb41cbb3fc12d925931e931a84
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://buy.stripe.com/

Response headers

content-encoding
br
etag
W/"bfe3682843d743f33c50c86c54dada98"
age
723
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
0z0TRi8W0czjc_pnPFUzbCcS_Pzz0TZ29sN3ePA2zkM8Dozujh4HwA==
date
Mon, 18 Nov 2024 11:24:51 GMT
last-modified
Wed, 13 Nov 2024 22:04:01 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA53-C1
server
Cloudfront
8929-5dacf0328613ea4973132b510bc60956.js
js.stripe.com/v3/fingerprinted/js/
40 KB
12 KB
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/8929-5dacf0328613ea4973132b510bc60956.js
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
96c69a8ec630d6ad8ea499ba2987446d96c6d9df10d6320676d60354e9580131
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://buy.stripe.com/

Response headers

content-encoding
gzip
etag
W/"9b977a7e880e4270f634954a975822af"
age
2841
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
jGcvVdwrxt83geG5JiQpA0RQO05fWQdaB_glS_mY81HGjTsC8fsX1g==
date
Mon, 18 Nov 2024 10:50:09 GMT
last-modified
Wed, 13 Nov 2024 22:03:57 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA53-C1
server
Cloudfront
icon-499417dc44bee18e95cf0fc447e6c4f1.css
js.stripe.com/v3/fingerprinted/css/
13 KB
2 KB
Stylesheet
General
Full URL
https://js.stripe.com/v3/fingerprinted/css/icon-499417dc44bee18e95cf0fc447e6c4f1.css
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
810783545e542021548a25ad3302e93005971f45447aec726f9ab97b1483be40
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://buy.stripe.com/

Response headers

content-encoding
gzip
etag
W/"d197d27937161ca8cef8726d564186bf"
age
3272
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
kyToJSJk2AwHBCOgcIT2qRPA0RkXuWGFmxmLO0kFd8rfxqz2ywUWww==
date
Mon, 18 Nov 2024 10:42:15 GMT
last-modified
Wed, 13 Nov 2024 22:03:48 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA53-C1
server
Cloudfront
icon-1f88f9477c6e87030994c12968958fce.js
js.stripe.com/v3/fingerprinted/js/
138 KB
41 KB
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/icon-1f88f9477c6e87030994c12968958fce.js
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
a7d1b2b4a16d27bb2046207aaa8de22a3b6235db0d417f2d648b77a79c0cdb2f
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://buy.stripe.com/

Response headers

content-encoding
br
etag
W/"51f8cc75c6b4ac41cd74d64ff8cd2293"
age
3272
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
GfRSgkg4yoYl1WUcIdOpAlLSkF2EGl-wq-eSuaPOOTFz_fj8PAzYTg==
date
Mon, 18 Nov 2024 10:42:15 GMT
last-modified
Fri, 15 Nov 2024 21:14:23 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA53-C1
server
Cloudfront
favicon.ico
js.stripe.com/v3/
15 KB
15 KB
Other
General
Full URL
https://js.stripe.com/v3/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
56e9db1f01ad56002df3b97b46923db0c98fc10a3aa949d8500cb6b12e92246c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://buy.stripe.com/

Response headers

etag
"788402a97fdf8b2c198e9dd94d3530b2"
age
54
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
-oEseFHIB_RZ1mgwaiusrsZhb37wWRv-q07uN8sZzNv1oJUXws7bjw==
date
Mon, 18 Nov 2024 11:35:48 GMT
content-type
image/vnd.microsoft.icon
last-modified
Wed, 13 Nov 2024 22:03:48 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=60
timing-allow-origin
*
via
1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
15406
x-amz-cf-pop
FRA53-C1
server
Cloudfront
b
r.stripe.com/
0
438 B
Fetch
General
Full URL
https://r.stripe.com/b
Requested by
Host: buy.stripe.com
URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://buy.stripe.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/x-www-form-urlencoded

Response headers

x-stripe-proxy-response
upstream
x-envoy-attempt-count
1
access-control-allow-methods
POST
x-stripe-bg-intended-route-color
blue
x-stripe-outbound-proxy-type
envoy
x-stripe-inbound-proxy-type
mesh-proxy
date
Mon, 18 Nov 2024 11:36:41 GMT
content-type
text/plain
x-stripe-server-envoy-upstream-service-time-ms
3
access-control-allow-credentials
true
x-stripe-upstream-host
10.73.95.148:1643
access-control-allow-origin
https://buy.stripe.com
content-length
0
x-stripe-server-envoy-start-time-us
1731929801306664
x-stripe-client-envoy-start-time-us
1731929801306486
server
nginx
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame C436
0
0
Document
General
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/stripe-37c79a72efc0e2990df78396d3f39462.js?stripeCheckoutInitialized=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
143.204.215.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-90.fra53.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://buy.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
1967
alt-svc
h3=":443"; ma=86400
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 18 Nov 2024 11:03:57 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Tue, 12 Nov 2024 21:47:50 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-cf-id
Zf-3BZ6YNjUl6de5Qij4GZCr-nXTu-6ZwGxJgDmDNE5n5dzvyzwvkQ==
x-amz-cf-pop
FRA53-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| __tti object| webpackChunkStripeJShosted function| __nativePromise object| webpackChunkStripeJSouter function| noop function| Stripe function| _ object| __SENTRY__

0 Cookies

3 Console Messages

Source Level URL
Text
other warning URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Message:
<link rel=preload> uses an unsupported `as` value
other warning URL: https://buy.stripe.com/00g5n0ddHg1ngUg005
Message:
<link rel=preload> uses an unsupported `as` value
network error URL: https://merchant-ui-api.stripe.com/payment-links/00g5n0ddHg1ngUg005
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://js.stripe.com https://r.stripe.com https://checkout-cookies.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://merchant-ui-api.stripe.com; default-src 'self'; font-src 'self' https://js.stripe.com; form-action 'none'; frame-src 'self' https://js.stripe.com https://payments.stripe.com https://checkout.link.com; img-src 'self' https://q.stripe.com https://js.stripe.com https://stripe-camo.global.ssl.fastly.net https://d1wqzb5bdbcre6.cloudfront.net https://qr.stripe.com https://b.stripecdn.com https://files.stripe.com; media-src 'none'; object-src 'none'; script-src 'self' https://js.stripe.com 'sha256-BNulBYV1JXGvq9NQg7814ZyyVZCqfRI1aq5d+PSIdgI=' 'sha256-Nus40+nvvmtoWUjpw+sjNvq+3KPCIzOo2lqP2uBn+/s=' 'sha256-Rs7zoycEGz8Aoh9NxrpDQaZ9oV27ZjlGKVOcL1V1ntA='; style-src 'self' https://js.stripe.com 'sha256-0wCsuxti3m6dSdXFrCFETD2dpAVJPkB2rNReo7a96ME='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

buy.stripe.com
checkout-cookies.stripe.com
js.stripe.com
merchant-ui-api.stripe.com
plan1.mdzn.digital
r.stripe.com
13.32.99.120
143.204.215.90
176.34.78.115
18.202.131.124
3.33.251.168
54.187.119.242
140b7d9ad4d775fa4f48b8843b891c86daef9cdb41cbb3fc12d925931e931a84
1a46b36ec6301f7bda40b07d288c844903e321bf24a9805145e8f0495d3a3f69
22b3900622cc77fbdd9ba5719fbe2da4074867e0b9407e1242a1e504e6ac6599
247bd439517c6c74d52c80e8c9ff51c27785a7a98c216c085b0dac084fda20f6
30bdbb6092e5cb5b17315456520a5c5dd0de42ff7adbcd9dbadeeb4188ea8844
36cad05a81d0cf933a9273e428ba10456f6f27cc2378e0779a20b1455aa64997
56e9db1f01ad56002df3b97b46923db0c98fc10a3aa949d8500cb6b12e92246c
5fb6fafa1d53940de4f2d6f8a49443e2af3249ec0bf23a36c586a22e0792c84f
61c30dcf2bb45d287976d65e87e9e2a2b7f2d649978bec3980d60824c0e29a01
80cb3b4fc47332cad24932391611e8de96be73368350e8b913c975ac70f6553a
810783545e542021548a25ad3302e93005971f45447aec726f9ab97b1483be40
8d0c04f065692bfeb27d08b1aa3c98a734abdfdabd44cc5f5757e20ac6ff7ff3
96c69a8ec630d6ad8ea499ba2987446d96c6d9df10d6320676d60354e9580131
9a2aab98b1f5355cac61b637a10d7c154d7dc417b15fcb877ea260b6331a8102
a7d1b2b4a16d27bb2046207aaa8de22a3b6235db0d417f2d648b77a79c0cdb2f
b1d9c2f6da12b6c765d629e8c5d852b7cffa9b2146b77ea7f23d728cd784cd99
b52c33d9d5730f7814f910f993e778793d3edbf88d628c013825b6a5bc93efaa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855