urlscan.io logo urlscan.io
SecurityTrails logo

secure.aha.io Open in urlscan Pro
54.84.62.26  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ahasupport.zendesk.com/
Effective URL: https://secure.aha.io/session/new?brand_id=2460856&locale_id=1&return_to=https%3A%2F%2Fahasupport.zendesk.com&sso=zend...
Submission: On May 05 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 54.84.62.26, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is secure.aha.io. The Cisco Umbrella rank of the primary domain is 285419.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on March 8th 2022. Valid for: a year.
This is the only time secure.aha.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 104.16.51.111 13335 (CLOUDFLAR...)
1 54.84.62.26 14618 (AMAZON-AES)
6 143.204.98.61 16509 (AMAZON-02)
7 2
Apex Domain
Subdomains		 Transfer
7 aha.io
secure.aha.io — Cisco Umbrella Rank: 285419
cdn.aha.io — Cisco Umbrella Rank: 469355
1 MB
2 zendesk.com
ahasupport.zendesk.com
2 KB
7 2
Domain Requested by
6 cdn.aha.io secure.aha.io
2 ahasupport.zendesk.com 2 redirects
1 secure.aha.io
7 3

This site contains links to these domains. Also see Links.

Domain
aha.io
www.aha.io
Subject Issuer Validity Valid
*.aha.io
Sectigo RSA Organization Validation Secure Server CA		 2022-03-08 -
2023-04-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://secure.aha.io/session/new?brand_id=2460856&locale_id=1&return_to=https%3A%2F%2Fahasupport.zendesk.com&sso=zendesk&timestamp=1651713114
Frame ID: 446F092AF129277B22D2984E0A5EF923
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log in to your workspace | Aha!

Page URL History Show full URLs

  1. https://ahasupport.zendesk.com/ HTTP 301
    https://ahasupport.zendesk.com/access?theme=hc HTTP 302
    https://secure.aha.io/session/new?brand_id=2460856&locale_id=1&return_to=https%3A%2F%2Fahasupport.... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

1291 kB
Transfer

5240 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ahasupport.zendesk.com/ HTTP 301
    https://ahasupport.zendesk.com/access?theme=hc HTTP 302
    https://secure.aha.io/session/new?brand_id=2460856&locale_id=1&return_to=https%3A%2F%2Fahasupport.zendesk.com&sso=zendesk&timestamp=1651713114 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request new
secure.aha.io/session/
Redirect Chain
  • https://ahasupport.zendesk.com/
  • https://ahasupport.zendesk.com/access?theme=hc
  • https://secure.aha.io/session/new?brand_id=2460856&locale_id=1&return_to=https%3A%2F%2Fahasupport.zendesk.com&sso=zendesk&timestamp=1651713114
5 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.aha.io/session/new?brand_id=2460856&locale_id=1&return_to=https%3A%2F%2Fahasupport.zendesk.com&sso=zendesk&timestamp=1651713114
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.84.62.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-62-26.compute-1.amazonaws.com
Software
openresty /
Resource Hash
29e3e6804c594a87a1005d43eb8913f27279e8da375cab22e979ed7833b251d6
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://cdn.aha.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://aha.io https://push-iad-prod1.aha.io https://www.google.com https://www.gstatic.com https://js.recurly.com https://player.vimeo.com https://www.google-analytics.com https://www.googleadservices.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://aha.io https://secure.aha.io https://push-iad-prod1.aha.io https://www.google.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.gstatic.com; connect-src 'self' https://aha.io https://push-iad-prod1.aha.io wss://push-iad-prod1.aha.io https://secure.aha.io https://cdn.aha.io wss://cdn.aha.io https://accounts.google.com https://sentry.io https://rum-http-intake.logs.datadoghq.com https://api.recurly.com https://www.google-analytics.com https://stats.g.doubleclick.net https: https://big.aha.io; frame-src 'self' https://www.aha.io https://player.vimeo.com https://docs.google.com https://api.recurly.com https://big.ideas.aha.io https://big.aha.io https://*.duosecurity.com https://www.aha.io https://*.ideas.aha.io; img-src 'self' data: blob: https: https://aha.io https://secure.aha.io https://cdn.aha.io; font-src 'self' data: https://aha.io https://cdn.aha.io https://fonts.gstatic.com; object-src 'self' https://www.gstatic.com; report-uri /csp_report;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
content-encoding
gzip
content-security-policy
default-src 'self' https://cdn.aha.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://aha.io https://push-iad-prod1.aha.io https://www.google.com https://www.gstatic.com https://js.recurly.com https://player.vimeo.com https://www.google-analytics.com https://www.googleadservices.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://aha.io https://secure.aha.io https://push-iad-prod1.aha.io https://www.google.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.gstatic.com; connect-src 'self' https://aha.io https://push-iad-prod1.aha.io wss://push-iad-prod1.aha.io https://secure.aha.io https://cdn.aha.io wss://cdn.aha.io https://accounts.google.com https://sentry.io https://rum-http-intake.logs.datadoghq.com https://api.recurly.com https://www.google-analytics.com https://stats.g.doubleclick.net https: https://big.aha.io; frame-src 'self' https://www.aha.io https://player.vimeo.com https://docs.google.com https://api.recurly.com https://big.ideas.aha.io https://big.aha.io https://*.duosecurity.com https://www.aha.io https://*.ideas.aha.io; img-src 'self' data: blob: https: https://aha.io https://secure.aha.io https://cdn.aha.io; font-src 'self' data: https://aha.io https://cdn.aha.io https://fonts.gstatic.com; object-src 'self' https://www.gstatic.com; report-uri /csp_report;
content-type
text/html; charset=utf-8
date
Thu, 05 May 2022 01:11:55 GMT
etag
W/"29e3e6804c594a87a1005d43eb8913f2"
expires
Fri, 01 Jan 1970 00:00:00 GMT
feature-policy
geolocation 'none'; microphone 'none'; payment 'none'
link
<https://cdn.aha.io/assets/application_library_styles-3896bb90355dcda5d65e.css>; rel=preload; as=style; nopush,<https://cdn.aha.io/assets/application-ef8192d0d8fed00213df.css>; rel=preload; as=style; nopush,<https://cdn.aha.io/assets/runtime-254a032d2001f90bbc0d.js>; rel=preload; as=script; nopush,<https://cdn.aha.io/assets/vendor-50e148a1baf26c9603b6.js>; rel=preload; as=script; nopush,<https://cdn.aha.io/assets/external_app-5daf45fb06ebabd97db6.js>; rel=preload; as=script; nopush
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
openresty
strict-transport-security
max-age=63072000; includeSubdomains;
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
285d7756-ee38-48cc-a68d-23dba000389c
x-runtime
0.036996
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
70659ad52ef5923b-FRA
content-length
224
content-type
text/html; charset=UTF-8
date
Thu, 05 May 2022 01:11:54 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
https://secure.aha.io/session/new?brand_id=2460856&locale_id=1&return_to=https%3A%2F%2Fahasupport.zendesk.com&sso=zendesk&timestamp=1651713114
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
CP="NOI DSP COR NID ADMa OPTa OUR NOR"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8EEutJuyYKz19tRMT9fmi9bezA2ahP72qF7erYtCv0nM0ARS7%2Bgd1yJSvn81EmMkWpq4xTofQW9lJAQ0421PgzxLFH7P0%2FK5tpfJcHD9FK%2BT%2FtuBeDLEFfwiKrV1hCrIRZ%2B7MnS5pRM%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000;
x-content-type-options
nosniff
x-envoy-decorator-operation
classic.classic.svc.cluster.local:80/*
x-envoy-upstream-service-time
68
x-request-id
70659ad52ef5923b-SEA 70659ad52ef5923b-SEA
x-runtime
0.066238
x-zendesk-origin-server
classic-app-server-6545bb56b9-zpsx2
x-zendesk-zorg
yes
zendesk-api-version
2022-01-01
application_library_styles-3896bb90355dcda5d65e.css
cdn.aha.io/assets/ 		1 MB
223 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.aha.io/assets/application_library_styles-3896bb90355dcda5d65e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-61.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b2b2181fc915e8039a0beccdce4250232298e3979fe2654fe30e297ca8827ee3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.aha.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 01:11:55 GMT
content-encoding
gzip
etag
W/"a5e6c3d27c91c9f0fd18500557d6461b"
last-modified
Wed, 27 Apr 2022 20:15:19 GMT
server
AmazonS3
age
3395
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
kpRWSL-l1O8UXd_dwy775cqPkqOdL6e8qJI-nMQjNyaUqraNGxR7gg==
application-ef8192d0d8fed00213df.css
cdn.aha.io/assets/ 		1 MB
189 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.aha.io/assets/application-ef8192d0d8fed00213df.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-61.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ef8d4851cc6bb0cc0c7d0b07312368882859b257797cf4d747142c84753c4f44

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.aha.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 00:29:57 GMT
content-encoding
gzip
etag
W/"fc90841a9cb6732b8a384e1322519c64"
last-modified
Tue, 03 May 2022 22:55:59 GMT
server
AmazonS3
age
2518
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
2HidQVrOuw9ffKuoDJnheqnCqHGzaU4U70dHrDSPxiIpwHwox8i1bg==
runtime-254a032d2001f90bbc0d.js
cdn.aha.io/assets/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.aha.io/assets/runtime-254a032d2001f90bbc0d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-61.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
87a76c4d505a22e3b32405e80d4d9d1045a837c79a8634fc01ada12ce80a1e01

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.aha.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 00:27:37 GMT
content-encoding
gzip
etag
W/"a1bf89bd7b75952ef28f8e9e9d90d1b2"
last-modified
Wed, 04 May 2022 23:21:38 GMT
server
AmazonS3
age
2678
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
aIpjYu968MdmDF_YgkKnPBw5lNOXAa-zxVzajZmOAO2iDRR02dvXpg==
vendor-50e148a1baf26c9603b6.js
cdn.aha.io/assets/ 		3 MB
863 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.aha.io/assets/vendor-50e148a1baf26c9603b6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-61.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c81b47ad87f87d0851d68e2b1a434b53dbfa278ad1d9e01c52ab62ab3bb6343e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.aha.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 00:18:33 GMT
content-encoding
gzip
etag
W/"eeaad01b67715d9321431e788a49b86d"
last-modified
Tue, 26 Apr 2022 00:22:45 GMT
server
AmazonS3
age
3267
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
BuzuaObijA0EjeHO7G5-uevdJSTs8JB86SVScEusrZw5e84mGIjX9Q==
external_app-5daf45fb06ebabd97db6.js
cdn.aha.io/assets/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.aha.io/assets/external_app-5daf45fb06ebabd97db6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-61.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
67e8e299d20dc2bb7f7237edae0c8b5568869b9de3ed9bc1819b9d3a34f9c89b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.aha.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 00:29:58 GMT
content-encoding
gzip
etag
W/"e8b01a3c0b894764aa7008f4824b1644"
last-modified
Wed, 04 May 2022 23:21:27 GMT
server
AmazonS3
age
2518
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
y2RJ1Xb8xNrBWR5ukFT1AxxprDPHi0CmAb0bl398FHP4g0wiqzHKVQ==
aha-name.62ee9d95d696b758ac372ffe06d1424c.svg
cdn.aha.io/assets/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.aha.io/assets/aha-name.62ee9d95d696b758ac372ffe06d1424c.svg
Requested by
Host: secure.aha.io
URL: https://secure.aha.io/session/new?brand_id=2460856&locale_id=1&return_to=https%3A%2F%2Fahasupport.zendesk.com&sso=zendesk&timestamp=1651713114
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-61.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
65ff708f7649a911c0a3e573a56c50f5ffb51ff1dee3e3e8618d02dfc756fd8c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.aha.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 01:11:55 GMT
content-encoding
gzip
etag
W/"62ee9d95d696b758ac372ffe06d1424c"
last-modified
Tue, 26 Apr 2022 00:22:17 GMT
server
AmazonS3
age
235
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
oGJhkuQM5qqUBswRvqad51dUJdYF3c9XhKf84wxJdfO0MLQmmIrjSg==

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails string| sentryRelease object| webpackAhaJsonp object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| $ function| jQuery function| moment object| __SENTRY__ object| Duo function| require object| Configatron

4 Cookies

Domain/Path Name / Value
ahasupport.zendesk.com/ Name: _zendesk_shared_session
Value: -ZDNTbmJ6T1daQUlDMWppUG9Xak9ucFdPSWhjZmVNS0RwdkZ6U3cxeXhPcFQ3aWlFQlE5aFovbSt1ZGRZbFdzamdRQkJ5UW5WUitZdjBiTEY1d2hRbzJsMklDSGI5OHB2N3VZNnE4Tk5IMDJFb0paTy9semhQVDA2b24vYVArOUNabktEL2RRQlZ5V3JtUlFHbFpaWXBRPT0tLXJNUlI5MWxnSVc4SXVpamNqOGlOWVE9PQ%3D%3D--750b1ba46c9060d5f30884f3ef974da88737d509
.ahasupport.zendesk.com/ Name: __cfruid
Value: 6b10a8604b49a486b866218fc37ae70f553f059d-1651713114
ahasupport.zendesk.com/ Name: _zendesk_session
Value: BAh7C0kiD3Nlc3Npb25faWQGOgZFVEkiJTlmY2E3ZmI3MmUwYTFhZGI5Y2MwNWFiMDVlYTRmYmU3BjsAVEkiDGFjY291bnQGOwBGaQPRAAVJIgpyb3V0ZQY7AEZpA8z2BEkiDmlzX21vYmlsZQY7AFRGSSITd2FyZGVuLm1lc3NhZ2UGOwBUewBJIg5yZXR1cm5fdG8GOwBGSSIjaHR0cHM6Ly9haGFzdXBwb3J0LnplbmRlc2suY29tBjsAVA%3D%3D--0c418f93ede1b5f6381b4246d421e607f765575d
secure.aha.io/ Name: _aha_app_2
Value: ZXhhdNmv3Wn1fOmWN3USsmAtbJvvhWnxRKwy1DOMTQbWbjdQ2bT1V1FenDNOpyD1yojOZ0BY9BuA6U7mpoz8i5G1NErefGqCvIzhdyiLLqxws7PNR0GmGUoi6YYSpTtD5qJPmefxQ5qkhnMay4rD8i4zSXoAdwiBdytlxBk0xmSpY%2B%2BM%2FJNS1OJyyurFYz21oHE4nY6fiVswJYEUgLGfoEYmpIrsMxkKMfxfAy8kIIZk9uDxMA1o2lkDwcFE%2Bnn%2Ba%2BFxFOPAcsXrigJTKvHggn8ZjFtgb2oRN21izas8y490Zh6UYztbjzYEBHswmahnqsYpswduTA2oLQQNITU%3D--8ebIG34gpalJyMBJ--OT7apkajmpsSJ00A2%2FHuag%3D%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://cdn.aha.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://aha.io https://push-iad-prod1.aha.io https://www.google.com https://www.gstatic.com https://js.recurly.com https://player.vimeo.com https://www.google-analytics.com https://www.googleadservices.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://aha.io https://secure.aha.io https://push-iad-prod1.aha.io https://www.google.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.gstatic.com; connect-src 'self' https://aha.io https://push-iad-prod1.aha.io wss://push-iad-prod1.aha.io https://secure.aha.io https://cdn.aha.io wss://cdn.aha.io https://accounts.google.com https://sentry.io https://rum-http-intake.logs.datadoghq.com https://api.recurly.com https://www.google-analytics.com https://stats.g.doubleclick.net https: https://big.aha.io; frame-src 'self' https://www.aha.io https://player.vimeo.com https://docs.google.com https://api.recurly.com https://big.ideas.aha.io https://big.aha.io https://*.duosecurity.com https://www.aha.io https://*.ideas.aha.io; img-src 'self' data: blob: https: https://aha.io https://secure.aha.io https://cdn.aha.io; font-src 'self' data: https://aha.io https://cdn.aha.io https://fonts.gstatic.com; object-src 'self' https://www.gstatic.com; report-uri /csp_report;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block