URL: https://client.mathlux.com/
Submission: On May 23 via api from US — Scanned from DE

Summary

This website contacted 8 IPs in 2 countries across 6 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3032::6815:302d, located in United States and belongs to CLOUDFLARENET, US. The main domain is client.mathlux.com.
TLS certificate: Issued by GTS CA 1P5 on May 20th 2023. Valid for: 3 months.
This is the only time client.mathlux.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
3 99.86.4.9 16509 (AMAZON-02)
1 2a04:4e42::393 54113 (FASTLY)
3 54.187.159.182 16509 (AMAZON-02)
2 99.86.4.96 16509 (AMAZON-02)
1 54.201.215.5 16509 (AMAZON-02)
18 8
Apex Domain
Subdomains
Transfer
7 stripe.com
js.stripe.com — Cisco Umbrella Rank: 968
q.stripe.com — Cisco Umbrella Rank: 5765
m.stripe.com — Cisco Umbrella Rank: 935
118 KB
6 mathlux.com
client.mathlux.com
643 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1053
16 KB
1 cloudinary.com
res.cloudinary.com — Cisco Umbrella Rank: 1886
2 MB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2230
256 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
71 KB
18 6
Domain Requested by
6 client.mathlux.com client.mathlux.com
3 q.stripe.com client.mathlux.com
3 js.stripe.com client.mathlux.com
js.stripe.com
2 m.stripe.network js.stripe.com
m.stripe.network
1 m.stripe.com m.stripe.network
1 res.cloudinary.com client.mathlux.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com client.mathlux.com
18 8

This site contains no links.

Subject Issuer Validity Valid
mathlux.com
GTS CA 1P5
2023-05-20 -
2023-08-18
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2023-05-08 -
2023-07-31
3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA
2023-05-12 -
2023-08-13
3 months crt.sh
*.cloudinary.com
Go Daddy Secure Certificate Authority - G2
2022-05-30 -
2023-07-01
a year crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2023-02-14 -
2023-06-13
4 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1
2023-03-28 -
2023-07-26
4 months crt.sh

This page contains 3 frames:

Primary Page: https://client.mathlux.com/
Frame ID: 72C86632355C1A58663ABE0E06E588B5
Requests: 10 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Frame ID: A97A4ACFC60860F11AD2575C786BBB29
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 111A5A1BD3B210EA4CFB74161AD31AA0
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

MathLux

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

18
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

8
Subdomains

8
IPs

2
Countries

3028 kB
Transfer

5065 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
client.mathlux.com/
845 B
1 KB
Document
General
Full URL
https://client.mathlux.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:302d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c51b492bd879ead27a42f6f56f8eec5fb163eae122bd4bedfeaf40a3c5a6542d
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=3600
cf-cache-status
DYNAMIC
cf-ray
7cbef96d89c79174-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 23 May 2023 17:21:16 GMT
last-modified
Thu, 18 May 2023 11:16:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FIR2FQZLhomo%2BHtvVSgxX1G8T4F4sjddEWgsQepHZzTOLjN46bd7DbaDD5TocyhiI8Bm1%2BBb8jeoRPaAgbAK5INb07snJg70mlVNihQM5l%2BZPXp%2FtW%2FHwBvhHjpvK%2BA27bJ6pucioKU9NkL0q6dUkXA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31556926
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
x-cache-hits
1
x-served-by
cache-fra-eddf8230095-FRA
x-timer
S1684862476.447494,VS0,VE1
js
www.googletagmanager.com/gtag/
196 KB
71 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-WCE0EKESL6
Requested by
Host: client.mathlux.com
URL: https://client.mathlux.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d88802b5843a183a40dd616fe4e3c680b3437f298b7bff74f1461bce4cc7acc0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://client.mathlux.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 17:21:16 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
72585
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 23 May 2023 17:21:16 GMT
index-c2572b67.js
client.mathlux.com/assets/
2 MB
490 KB
Script
General
Full URL
https://client.mathlux.com/assets/index-c2572b67.js
Requested by
Host: client.mathlux.com
URL: https://client.mathlux.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:302d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e08efe9d7bb62d57ca9761bcc05d500d4ba04803dccf4bc7dc47099cc71f04cf
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://client.mathlux.com/
Origin
https://client.mathlux.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 17:21:16 GMT
strict-transport-security
max-age=31556926
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra-eddf8230091-FRA
last-modified
Thu, 18 May 2023 11:16:45 GMT
server
cloudflare
x-timer
S1684862477.500911,VS0,VE3
etag
W/"f064d1309ef2abe0c252f56aecfdb4675d8108b9d887a58c56a050e28797ec15"
vary
x-fh-requested-host, accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aJyM%2FcvSfhWsvNqIhnMlEwYO3x%2B0486%2BFF0Lf1NXLbIZHcFxnx81pDXUD%2FpKwjlhSxtPuQ1CQ46YPSyq1R2beWxYS6lq4ZEa06uL4%2FBVSzF2jpePsu7y5mO5KH7uIjHFRpiieKr0yeWKor5WDESIUH0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript; charset=utf-8
cache-control
max-age=14400
cf-ray
7cbef96dea369174-FRA
x-cache-hits
1
index-d1556dfa.css
client.mathlux.com/assets/
204 KB
32 KB
Stylesheet
General
Full URL
https://client.mathlux.com/assets/index-d1556dfa.css
Requested by
Host: client.mathlux.com
URL: https://client.mathlux.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:302d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1556dfafa7e1241404ada55bbbc91640c1d398e46d2e861aee0df53b0f79d22
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://client.mathlux.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 17:21:16 GMT
strict-transport-security
max-age=31556926
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache
MISS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra-eddf8230113-FRA
last-modified
Thu, 18 May 2023 11:16:45 GMT
server
cloudflare
x-timer
S1684862477.500950,VS0,VE195
etag
W/"74f9ab6057dca0595f711e6eaa13fe9d475733fad3f48d771a22f721ba2316f4"
vary
x-fh-requested-host, accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OJrzSbDi2DTq7pMXzZGZOaXE1naqMEzLQNiwrbsNpH5Acb2L6ySPH6CzcW%2BDZewoAPmZHAqrYQZFhVFMB8cm%2FS%2F%2B91e2BSodzpcKlA3ZgZktCW%2FDc13ct0HzD1qY2WsENSPWQmi1g5eEaW1aDXgtFK0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=14400
cf-ray
7cbef96dea349174-FRA
x-cache-hits
0
collect
region1.google-analytics.com/g/
0
256 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-WCE0EKESL6&gtm=45je35h0&_p=216958331&cid=1588709139.1684862477&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1684862476&sct=1&seg=0&dl=https%3A%2F%2Fclient.mathlux.com%2F&dt=MathLux&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WCE0EKESL6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://client.mathlux.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 May 2023 17:21:16 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://client.mathlux.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
v3
js.stripe.com/
473 KB
114 KB
Script
General
Full URL
https://js.stripe.com/v3
Requested by
Host: client.mathlux.com
URL: https://client.mathlux.com/assets/index-c2572b67.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-9.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
2f2d964f78e2b18497e29b96da6fbb9c9b5030cc82a9e95ea4fbfd22aba0217a
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://client.mathlux.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Tue, 23 May 2023 17:20:29 GMT
via
1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
49
x-cache
Hit from cloudfront
last-modified
Mon, 22 May 2023 20:41:54 GMT
server
Cloudfront
etag
W/"6b0152aa8a5bf84ef99f826e2ba5337a"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
zVob8HD-Vq5wsqBPKrEB0g6CL6FduW7roOdg19eOgi4OAipWVzZ-yA==
unsplash_twukN12EN7c_ipxkl3.png
res.cloudinary.com/dbqwhxipy/image/upload/v1682090829/
2 MB
2 MB
Image
General
Full URL
https://res.cloudinary.com/dbqwhxipy/image/upload/v1682090829/unsplash_twukN12EN7c_ipxkl3.png
Requested by
Host: client.mathlux.com
URL: https://client.mathlux.com/assets/index-d1556dfa.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
d04a85271fee33b9cd8345cb4c562b6f746d5b420848baa9f6d1850b5b99799f
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://client.mathlux.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 17:21:16 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
last-modified
Fri, 21 Apr 2023 15:27:10 GMT
server
Cloudinary
etag
"3beee742315b3c05a1c443fc51f074ef"
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=2592000
server-timing
cld-fastly;mitm=p;dur=2;cpu=1;start=2023-05-23T17:21:16.871Z;desc=hit,rtt;dur=6
accept-ranges
bytes
timing-allow-origin
*
content-length
2230422
icon-cookie-968e00a5.svg
client.mathlux.com/assets/
43 KB
33 KB
Image
General
Full URL
https://client.mathlux.com/assets/icon-cookie-968e00a5.svg
Requested by
Host: client.mathlux.com
URL: https://client.mathlux.com/assets/index-d1556dfa.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:302d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
968e00a5bd00cd6c4668ccad0eed218bdd946a9c8f1e466439c6a1c03728b94a
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://client.mathlux.com/assets/index-d1556dfa.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 17:21:16 GMT
strict-transport-security
max-age=31556926
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache
MISS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra-eddf8230067-FRA
last-modified
Thu, 18 May 2023 11:16:45 GMT
server
cloudflare
x-timer
S1684862477.856678,VS0,VE99
etag
W/"95192c228df605b017179e2bc673d9dd0708c561a0db17aa725e022d48bbb166"
vary
x-fh-requested-host, accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7AL1qmPhX2WuyydSNkginklVOvkpQuMjhk3LFmY05p3xeCsYh8zvGZCG0%2BQ4CfZGv9iqAtHFn7tRkARAxvWsqUgW3%2BVjlpAnyWPs5bcabYW%2Bl3MfYA%2B77dvTLOvCcwM2DXKvsVwfKwA2nzxsGCMaNGg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
7cbef970294791cf-FRA
x-cache-hits
0
Nunito-Regular-45ee4fa5.woff2
client.mathlux.com/assets/
43 KB
44 KB
Font
General
Full URL
https://client.mathlux.com/assets/Nunito-Regular-45ee4fa5.woff2
Requested by
Host: client.mathlux.com
URL: https://client.mathlux.com/assets/index-d1556dfa.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:302d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45ee4fa580cc27997dcb1f20dcbf98bcbcf54c47abe761932f1efdcd46a39c48
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://client.mathlux.com/assets/index-d1556dfa.css
Origin
https://client.mathlux.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 17:21:16 GMT
strict-transport-security
max-age=31556926
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra-eddf8230135-FRA
last-modified
Thu, 18 May 2023 11:16:45 GMT
server
cloudflare
x-timer
S1684862477.854453,VS0,VE2
etag
W/"eb83c72e7822cbc987450f4b6ec8efcff07f486c38aaf8807d4766a147a4c941"
vary
x-fh-requested-host, accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bLqOd8oiDjWnhbEfOTDMQyorCKsPePpvCmfalKiV%2FszBFFYGbHLjW7Ak6jfHyYB8Vq2Wuft2gjmIhtjecB9LVlKJix3VUwSb9%2B%2BWJ6POfUcVkYWfTo2eHfEV3X62WJA3l%2Fd%2FZR75Q9BdkJCcP4q86OQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
cf-ray
7cbef970294991cf-FRA
x-cache-hits
1
Nunito-Bold-c6fbafe9.woff2
client.mathlux.com/assets/
43 KB
43 KB
Font
General
Full URL
https://client.mathlux.com/assets/Nunito-Bold-c6fbafe9.woff2
Requested by
Host: client.mathlux.com
URL: https://client.mathlux.com/assets/index-d1556dfa.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:302d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6fbafe942a20aafc069f8e089f2bf67adb05961b26a71bba56adff485422b40
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://client.mathlux.com/assets/index-d1556dfa.css
Origin
https://client.mathlux.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 17:21:16 GMT
strict-transport-security
max-age=31556926
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra-eddf8230116-FRA
last-modified
Thu, 18 May 2023 11:16:45 GMT
server
cloudflare
x-timer
S1684862477.854072,VS0,VE2
etag
W/"802738e2e1e9de7751bd91c86ec75a0e107f8ffd57345ce1f015b2fea131665b"
vary
x-fh-requested-host, accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Csb9agMlGnC4E1TC%2BA8M4T%2FIoZW90Ip6y%2FWYU7DIu7HNe2AbUArK8ya%2FNl4ie8zg%2FhSLAFXK1aNFUU0LPmAty6l4AKZm3fe7llznFvX0t41S51oWQSrfjEm%2BvHXwFgNNr6yx1oaw2uM78BLLXavR47U%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
cf-ray
7cbef970294a91cf-FRA
x-cache-hits
1
m-outer-93afeeb17bc37e711759584dbfc50d47.html
js.stripe.com/v3/ Frame A97A
200 B
1 KB
Document
General
Full URL
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-9.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://client.mathlux.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
1389
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Tue, 23 May 2023 16:58:08 GMT
etag
"93afeeb17bc37e711759584dbfc50d47"
last-modified
Thu, 11 May 2023 20:01:43 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-cf-id
h4TG8gwRsKjvV1kSibHMc_wYFsmFv6xdUOLb7fh7VS_1DqmOE-MzFg==
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
m-outer-8cb24ab2d649fd36a488d04d8c457933.js
js.stripe.com/v3/fingerprinted/js/ Frame A97A
631 B
1 KB
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-9.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Tue, 23 May 2023 17:13:40 GMT
x-content-type-options
nosniff
via
1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
458
x-cache
Hit from cloudfront
content-length
631
last-modified
Mon, 22 May 2023 20:13:05 GMT
server
Cloudfront
etag
"f8f6a4584135f737b26927596ce6e0a7"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
vF9WdF7Jatfti-CEKQzqt7jmhnWwo9gi67QII0_bB-B19-AL1uvnAg==
csp-report
q.stripe.com/ Frame A97A
0
717 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: client.mathlux.com
URL: https://client.mathlux.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 23 May 2023 17:21:17 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1684862477505292
x-envoy-upstream-service-time
9
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
5
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1684862477504096
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame A97A
0
718 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: client.mathlux.com
URL: https://client.mathlux.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 23 May 2023 17:21:17 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1684862477506836
x-envoy-upstream-service-time
5
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
2
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1684862477504161
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
inner.html
m.stripe.network/ Frame 111A
930 B
2 KB
Document
General
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-96.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
243
cache-control
max-age=300, public
content-length
930
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Tue, 23 May 2023 17:17:15 GMT
etag
"fc2e029628f163bb59adc6fa5a31161c"
last-modified
Thu, 17 Mar 2022 19:03:12 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 71b147cd3102755b55ba8b6fd34e3f4a.cloudfront.net (CloudFront)
x-amz-cf-id
pvBm5h4jXKmeqAWQEp-JG6qa4aLLNG2I_8VMPPYUeCxyBkYF3lhVAg==
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
csp-report
q.stripe.com/ Frame 111A
0
492 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: client.mathlux.com
URL: https://client.mathlux.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 23 May 2023 17:21:17 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1684862477505557
x-envoy-upstream-service-time
14
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
x-stripe-server-envoy-upstream-service-time-ms
7
x-stripe-client-envoy-start-time-us
1684862477504232
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
expires
0
out-4.5.42.js
m.stripe.network/ Frame 111A
86 KB
14 KB
Script
General
Full URL
https://m.stripe.network/out-4.5.42.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-96.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Tue, 23 May 2023 17:17:26 GMT
last-modified
Thu, 17 Mar 2022 19:03:12 GMT
server
Cloudfront
via
1.1 71b147cd3102755b55ba8b6fd34e3f4a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
etag
W/"21df7244385e5c0bdf32da01d0dad6c0"
age
232
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
x-amz-cf-id
A432JruStCo0AN9A2h_tFEkqy62SJMFHOxmw6pkZFQsvwL8onWNwuQ==
6
m.stripe.com/ Frame 111A
156 B
670 B
XHR
General
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.201.215.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-201-215-5.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
802a4b9d9169fa56324aa7a03bc69cf43377af5b70fdb45197d85bf7f998af53
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
green
date
Tue, 23 May 2023 17:21:17 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1684862477610305
server
nginx
content-type
application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms
4
access-control-allow-origin
https://m.stripe.network
x-stripe-client-envoy-start-time-us
1684862477609838
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless function| gtag object| dataLayer object| google_tag_manager object| google_tag_data object| gaGlobal object| webpackChunkStripeJSouter function| noop function| Stripe

5 Cookies

Domain/Path Name / Value
.mathlux.com/ Name: _ga_WCE0EKESL6
Value: GS1.1.1684862476.1.0.1684862476.0.0.0
.mathlux.com/ Name: _ga
Value: GA1.1.1588709139.1684862477
m.stripe.com/ Name: m
Value: f6208985-a7cc-4929-9686-c9ad659779b15eff31
.client.mathlux.com/ Name: __stripe_mid
Value: 0a3b0987-c503-486a-9634-542755d98b99b9177a
.client.mathlux.com/ Name: __stripe_sid
Value: ef46413c-564c-4127-bf9f-b7365987a7e557c95c

1 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926