urlscan.io logo urlscan.io
SecurityTrails logo

selfservice.bonita.de Open in urlscan Pro
49.12.179.24  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://selfservice.bonita.de/news.php
Effective URL: https://selfservice.bonita.de/index.php?lr=timeout
Submission: On October 25 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 22 HTTP transactions. The main IP is 49.12.179.24, located in Germany and belongs to HETZNER-AS, DE. The main domain is selfservice.bonita.de.
TLS certificate: Issued by R10 on October 1st 2024. Valid for: 3 months.
This is the only time selfservice.bonita.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 24 49.12.179.24 24940 (HETZNER-AS)
22 1
Apex Domain
Subdomains		 Transfer
24 bonita.de
selfservice.bonita.de
1 MB
22 1
Domain Requested by
24 selfservice.bonita.de 2 redirects selfservice.bonita.de
22 1

This site contains links to these domains. Also see Links.

Domain
www.bonita.de
Subject Issuer Validity Valid
selfservice.bonita.de
R10		 2024-10-01 -
2024-12-30		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://selfservice.bonita.de/index.php?lr=timeout
Frame ID: D9EB2C20AB2F37749B969EF54C4750ED
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Startseite - BONITA-Portal

Page URL History Show full URLs

  1. http://selfservice.bonita.de/news.php HTTP 307
    https://selfservice.bonita.de/news.php HTTP 302
    https://selfservice.bonita.de/logout.php?lr=timeout HTTP 302
    https://selfservice.bonita.de/index.php?lr=timeout Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • cookieconsent\.min\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1524 kB
Transfer

1486 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://selfservice.bonita.de/news.php HTTP 307
    https://selfservice.bonita.de/news.php HTTP 302
    https://selfservice.bonita.de/logout.php?lr=timeout HTTP 302
    https://selfservice.bonita.de/index.php?lr=timeout Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
selfservice.bonita.de/
Redirect Chain
  • http://selfservice.bonita.de/news.php
  • https://selfservice.bonita.de/news.php
  • https://selfservice.bonita.de/logout.php?lr=timeout
  • https://selfservice.bonita.de/index.php?lr=timeout
14 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
58be4535900cc859d0dbf03e8601a4fb47238953b9ecc4f07c5f6b12342377ef
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control
no-store, no-cache, must-revalidate private, no-cache, no-store, must-revalidate, no-transform
Connection
Keep-Alive
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Content-Type
text/html; charset=UTF-8
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Cross-Origin-Resource-Policy
same-site
Date
Fri, 25 Oct 2024 11:56:52 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=98
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Pragma
no-cache no-cache
Referrer-Policy
same-origin
Server
Apache
Strict-Transport-Security
max-age=63072000; includeSubdomains
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate private, no-cache, no-store, must-revalidate, no-transform
Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Content-Type
text/html; charset=UTF-8
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Cross-Origin-Resource-Policy
same-site
Date
Fri, 25 Oct 2024 11:56:52 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=99
Location
index.php?lr=timeout
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Pragma
no-cache no-cache
Referrer-Policy
same-origin
Server
Apache
Strict-Transport-Security
max-age=63072000; includeSubdomains
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block
bootstrap.min.css
selfservice.bonita.de/extensions/bootstrap/css/ 		158 KB
159 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/extensions/bootstrap/css/bootstrap.min.css
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
14ea881055fd63ef07a234ed994de7b3f0df899012ae847825898dcd7a1c500c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=97
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:49 GMT
Content-Type
text/css
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
161402
X-XSS-Protection
1; mode=block
Server
Apache
flag-icon.min.css
selfservice.bonita.de/extensions/flag-icon-css/css/ 		33 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/extensions/flag-icon-css/css/flag-icon.min.css
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
1108d9c16e258ebb7d76ca276f25feb22ea46f182455d7b8ed3cbd1507a19d48
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=100
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:49 GMT
Content-Type
text/css
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
33481
X-XSS-Protection
1; mode=block
Server
Apache
cookieconsent.min.css
selfservice.bonita.de/extensions/cookieconsent/ 		4 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/extensions/cookieconsent/cookieconsent.min.css
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=100
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:49 GMT
Content-Type
text/css
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
3938
X-XSS-Protection
1; mode=block
Server
Apache
portal.layout.css
selfservice.bonita.de/Core/css/ 		27 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/Core/css/portal.layout.css?v=c0e5cc00
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
ccd457c307bca56251b03af7bcba01d1cab32758d6ac8c6de5aefb8b33520348
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=100
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:49 GMT
Content-Type
text/css
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
27638
X-XSS-Protection
1; mode=block
Server
Apache
portal.theme.bonita.css
selfservice.bonita.de/resources/themes/ 		8 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/resources/themes/portal.theme.bonita.css
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
c097a555c50b0707e29ce398d80e2571ad1612e0d773cc3afb3125d48978d6ba
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=100
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 27 Apr 2022 18:23:37 GMT
Content-Type
text/css
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
8177
X-XSS-Protection
1; mode=block
Server
Apache
fontawesome.min.js
selfservice.bonita.de/extensions/fontawesome/js/ 		56 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/extensions/fontawesome/js/fontawesome.min.js
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
965beb1a26169767a7d009c4650302d17d0381faf398feb357f18d22200ce424
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=99
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:48 GMT
Content-Type
application/javascript
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
56936
X-XSS-Protection
1; mode=block
Server
Apache
regular.min.js
selfservice.bonita.de/extensions/fontawesome/js/ 		158 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/extensions/fontawesome/js/regular.min.js
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
64bbd2b858f71e8f5375f8cb6416a0da6087c8805567fa4fb2637c761242880b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=98
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:48 GMT
Content-Type
application/javascript
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
162174
X-XSS-Protection
1; mode=block
Server
Apache
jquery.min.js
selfservice.bonita.de/extensions/jquery/ 		87 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/extensions/jquery/jquery.min.js
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
22098889a3d150df9706ff90386764f183274d40903f5eee2ec97fef24e2c5b4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=100
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:49 GMT
Content-Type
application/javascript
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
89411
X-XSS-Protection
1; mode=block
Server
Apache
jquery.serializejson.min.js
selfservice.bonita.de/extensions/jquery.serializeJSON/ 		5 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/extensions/jquery.serializeJSON/jquery.serializejson.min.js
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
a517390497479538bf86236a795f90bd592320b57ff41bc6065c3009133f16d3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=99
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:49 GMT
Content-Type
application/javascript
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
5300
X-XSS-Protection
1; mode=block
Server
Apache
common.min.js
selfservice.bonita.de/Core/js/ 		9 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/Core/js/common.min.js?v=c0e5cc00
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
5f6368b4e2e166b04f4358ade813dd39e641a13a918cb35153d75e4c139c42eb
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=99
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:49 GMT
Content-Type
application/javascript
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
9200
X-XSS-Protection
1; mode=block
Server
Apache
bootstrap.bundle.min.js
selfservice.bonita.de/extensions/bootstrap/js/ 		82 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/extensions/bootstrap/js/bootstrap.bundle.min.js
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
bd057d944e7835799bf6e5ef87bd0213e02dd446755326330b3c29b0c3c15bf1
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=96
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:49 GMT
Content-Type
application/javascript
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
84371
X-XSS-Protection
1; mode=block
Server
Apache
cookieconsent.min.js
selfservice.bonita.de/extensions/cookieconsent/ 		19 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/extensions/cookieconsent/cookieconsent.min.js
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=95
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:49 GMT
Content-Type
application/javascript
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
19802
X-XSS-Protection
1; mode=block
Server
Apache
cookie.min.js
selfservice.bonita.de/Core/js/ 		834 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/Core/js/cookie.min.js?v=c0e5cc00
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
3ef7a29d94760ea6eeb4a25208510856b37cb260096897fd9b6a889d066b8d3a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=98
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:49 GMT
Content-Type
application/javascript
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
834
X-XSS-Protection
1; mode=block
Server
Apache
Logo.php
selfservice.bonita.de/Core/Api/ 		2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://selfservice.bonita.de/Core/Api/Logo.php?act=load&sel=5
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
622ec1551394b09d724141edfc9313df69306355bc9a0f60a10b3b19e8629257
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=99
Date
Fri, 25 Oct 2024 11:56:52 GMT
Content-Disposition
attachment
Content-Type
image/png
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
2361
X-XSS-Protection
1; mode=block
Server
Apache
auth.min.js
selfservice.bonita.de/Core/js/ 		12 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/Core/js/auth.min.js?v=c0e5cc00
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
5988da7cc58d67236660405746ba99dd1ec1a6972c263d8019aae65b4831ec9d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=98
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:49 GMT
Content-Type
application/javascript
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
11921
X-XSS-Protection
1; mode=block
Server
Apache
zxcvbn.js
selfservice.bonita.de/extensions/zxcvbn/ 		803 KB
804 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/extensions/zxcvbn/zxcvbn.js
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
de84c4140adfa63d331c59ff9f3ff2000d6bcf7dbd729f8265afb9d0abfd7359
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=99
Date
Fri, 25 Oct 2024 11:56:52 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:48 GMT
Content-Type
application/javascript
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
821851
X-XSS-Protection
1; mode=block
Server
Apache
jquery.serializejson.min.js
selfservice.bonita.de/extensions/jquery.serializeJSON/ 		5 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/extensions/jquery.serializeJSON/jquery.serializejson.min.js
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/index.php?lr=timeout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
a517390497479538bf86236a795f90bd592320b57ff41bc6065c3009133f16d3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=98
Date
Fri, 25 Oct 2024 11:56:53 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:49 GMT
Content-Type
application/javascript
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
5300
X-XSS-Protection
1; mode=block
Server
Apache
Cookie.php
selfservice.bonita.de/Core/Api/ 		649 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/Core/Api/Cookie.php
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/extensions/jquery/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
611042da155fc757f061c18f9047ca625d66936b00c7536fc039b5421b0c4b48
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selfservice.bonita.de/index.php?lr=timeout
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
*/*
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=97
Date
Fri, 25 Oct 2024 11:56:53 GMT
Content-Disposition
attachment
Content-Type
application/json; charset=UTF-8
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
X-XSS-Protection
1; mode=block
Server
Apache
index.json
selfservice.bonita.de/language/de/js/ 		697 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/language/de/js/index.json
Requested by
Host: selfservice.bonita.de
URL: https://selfservice.bonita.de/extensions/jquery/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
e65c328c2b65e19d40691bb74ef85e36054a37b50b49e55c066215078ca5bcb4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://selfservice.bonita.de/index.php?lr=timeout
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=97
Date
Fri, 25 Oct 2024 11:56:53 GMT
Last-Modified
Wed, 18 Sep 2024 06:00:48 GMT
Content-Type
application/json
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
697
X-XSS-Protection
1; mode=block
Server
Apache
Logo.php
selfservice.bonita.de/Core/Api/ 		948 B
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/Core/Api/Logo.php?act=fav
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
41449100c4f22deb5fc2483603431bc9b4837e7792e56da165e52fb9654f031f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=94
Date
Fri, 25 Oct 2024 11:56:53 GMT
Content-Disposition
attachment
Content-Type
image/png
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
948
X-XSS-Protection
1; mode=block
Server
Apache
Logo.php
selfservice.bonita.de/Core/Api/ 		948 B
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://selfservice.bonita.de/Core/Api/Logo.php?act=fav
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
49.12.179.24 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.24.179.12.49.clients.your-server.de
Software
Apache /
Resource Hash
41449100c4f22deb5fc2483603431bc9b4837e7792e56da165e52fb9654f031f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://selfservice.bonita.de/index.php?lr=timeout

Response headers

X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=93
Date
Fri, 25 Oct 2024 11:56:53 GMT
Content-Disposition
attachment
Content-Type
image/png
Cross-Origin-Embedder-Policy-Report-Only
require-corp; report-to default;
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=63072000; includeSubdomains
Content-Security-Policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Cache-Control
private, no-cache, no-store, must-revalidate, no-transform
Pragma
no-cache
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Referrer-Policy
same-origin
Permissions-Policy
accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); cross-origin-isolated=(self); display-capture=(self); document-domain=(self); encrypted-media=(self); execution-while-not-rendered=(self); execution-while-out-of-viewport=(self); fullscreen=(self); geolocation=(); gyroscope=(); keyboard-map=(self); magnetometer=(); microphone=(); midi=(); navigation-override=(); payment=(); picture-in-picture=(self); publickey-credentials-get=(); screen-wake-lock=(self); sync-xhr=(self); usb=(); web-share=(); xr-spatial-tracking=(); clipboard-read=(self); clipboard-write=(self); gamepad=(); speaker-selection=(self)
Cross-Origin-Opener-Policy-Report-Only
same-origin-allow-popups; report-to default;
Content-Length
948
X-XSS-Protection
1; mode=block
Server
Apache

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| Common object| bootstrap function| zxcvbn object| FontAwesomeConfig object| ___FONT_AWESOME___ object| FontAwesome object| cookieconsent object| Cookie object| Auth

1 Cookies

Domain/Path Name / Value
selfservice.bonita.de/ Name: _pusi
Value: ee9e4a1d7ca0724cac64625e4b97c956

3 Console Messages

Source Level URL
Text
security error
Message:
Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
security error URL: https://selfservice.bonita.de/index.php?lr=timeout
Message:
The source list for the Content Security Policy directive 'media-src' contains an invalid source: ''self'. It will be ignored.
recommendation verbose URL: https://selfservice.bonita.de/index.php?lr=timeout
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self'; worker-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

selfservice.bonita.de
49.12.179.24
1108d9c16e258ebb7d76ca276f25feb22ea46f182455d7b8ed3cbd1507a19d48
14ea881055fd63ef07a234ed994de7b3f0df899012ae847825898dcd7a1c500c
22098889a3d150df9706ff90386764f183274d40903f5eee2ec97fef24e2c5b4
3ef7a29d94760ea6eeb4a25208510856b37cb260096897fd9b6a889d066b8d3a
41449100c4f22deb5fc2483603431bc9b4837e7792e56da165e52fb9654f031f
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
58be4535900cc859d0dbf03e8601a4fb47238953b9ecc4f07c5f6b12342377ef
5988da7cc58d67236660405746ba99dd1ec1a6972c263d8019aae65b4831ec9d
5f6368b4e2e166b04f4358ade813dd39e641a13a918cb35153d75e4c139c42eb
611042da155fc757f061c18f9047ca625d66936b00c7536fc039b5421b0c4b48
622ec1551394b09d724141edfc9313df69306355bc9a0f60a10b3b19e8629257
64bbd2b858f71e8f5375f8cb6416a0da6087c8805567fa4fb2637c761242880b
965beb1a26169767a7d009c4650302d17d0381faf398feb357f18d22200ce424
a517390497479538bf86236a795f90bd592320b57ff41bc6065c3009133f16d3
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
bd057d944e7835799bf6e5ef87bd0213e02dd446755326330b3c29b0c3c15bf1
c097a555c50b0707e29ce398d80e2571ad1612e0d773cc3afb3125d48978d6ba
ccd457c307bca56251b03af7bcba01d1cab32758d6ac8c6de5aefb8b33520348
de84c4140adfa63d331c59ff9f3ff2000d6bcf7dbd729f8265afb9d0abfd7359
e65c328c2b65e19d40691bb74ef85e36054a37b50b49e55c066215078ca5bcb4