urlscan.io logo urlscan.io
SecurityTrails logo

my.friday.app Open in urlscan Pro
65.9.69.95  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://my.fridayfeedback.com/
Effective URL: https://my.friday.app/
Submission: On May 26 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 2 countries across 14 domains to perform 45 HTTP transactions. The main IP is 65.9.69.95, located in United States and belongs to AMAZON-02, US. The main domain is my.friday.app.
TLS certificate: Issued by Amazon on July 14th 2020. Valid for: a year.
This is the only time my.friday.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    34.213.106.51 (Boardman, United States)

ASN16509 (AMAZON-02, US)
my.fridayfeedback.com
5    65.9.69.95 (United States)

ASN16509 (AMAZON-02, US)
my.friday.app
1    2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
5    151.101.112.176 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
js.stripe.com
m.stripe.network
6    2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.google.com
1    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    13.225.74.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-74-108.fra2.r.cloudfront.net
cdn.userleap.com
1    2600:9000:20eb:6800:e:a8c5:71c0:21 (United States)

ASN16509 (AMAZON-02, US)
d11nren7v6sgqv.cloudfront.net
2    2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    35.201.81.77 (Kansas City, United States)

ASN15169 (GOOGLE, US)
api.rollbar.com
1    34.200.162.142 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
t.friday.app
4    34.225.60.149 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
api.userleap.com
4    13.224.99.113 (United States)

ASN16509 (AMAZON-02, US)
beacon-v2.helpscout.net
1    34.223.160.247 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-223-160-247.us-west-2.compute.amazonaws.com
m.stripe.com
4    13.226.156.186 (United States)

ASN16509 (AMAZON-02, US)
d3hb14vkzrxvla.cloudfront.net
1    2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
1    2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    3.219.14.214 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
beaconapi.helpscout.net
Domain Requested by
6 maps.google.com my.friday.app
maps.google.com
5 my.friday.app my.friday.app
4 d3hb14vkzrxvla.cloudfront.net cdnjs.cloudflare.com
4 beacon-v2.helpscout.net my.friday.app
beacon-v2.helpscout.net
4 api.userleap.com cdnjs.cloudflare.com
3 js.stripe.com my.friday.app
js.stripe.com
3 fonts.googleapis.com my.friday.app
2 beaconapi.helpscout.net cdnjs.cloudflare.com
2 m.stripe.network js.stripe.com
m.stripe.network
2 api.rollbar.com cdnjs.cloudflare.com
1 fonts.gstatic.com fonts.googleapis.com
1 maps.googleapis.com maps.google.com
1 m.stripe.com m.stripe.network
1 t.friday.app my.friday.app
1 www.google-analytics.com my.friday.app
1 d11nren7v6sgqv.cloudfront.net my.friday.app
1 cdn.userleap.com my.friday.app
1 cdnjs.cloudflare.com my.friday.app
1 my.fridayfeedback.com 1 redirects
0 endpoint1.collection.us2.sumologic.com Failed cdnjs.cloudflare.com
45 20

This site contains no links.

Subject Issuer Validity Valid
fridayfeedback.com
Amazon		 2020-07-14 -
2021-08-14		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2021-05-03 -
2021-07-26		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2021-04-14 -
2021-08-04		 4 months crt.sh
*.google.com
GTS CA 1O1		 2021-05-03 -
2021-07-26		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh
userleap.com
Amazon		 2020-12-09 -
2022-01-07		 a year crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2021-02-22 -
2022-02-21		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-05-03 -
2021-07-26		 3 months crt.sh
api.rollbar.com
DigiCert SHA2 Secure Server CA		 2020-07-13 -
2022-07-27		 2 years crt.sh
*.helpscout.net
Amazon		 2021-04-25 -
2022-05-24		 a year crt.sh
*.userleap.com
Amazon		 2021-03-01 -
2022-03-30		 a year crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-04-16 -
2021-08-04		 4 months crt.sh

This page contains 4 frames:

Primary Page: https://my.friday.app/
Frame ID: 76228685D9A60BC0D9329B212B737630
Requests: 33 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-257db74dfc4594d2bb652dc7b646dbc5.html
Frame ID: CA378B5FE8EEA032FDAA70253959A4C8
Requests: 2 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 4D5CEB35430CB829E8210D9B00E38450
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Barlow:500&display=swap
Frame ID: 6381A226807A44CCE272ECB46B4748F9
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://my.fridayfeedback.com/ HTTP 301
    http://my.friday.app/ HTTP 307
    https://my.friday.app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
  • headers server /^AmazonS3$/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i

Page Statistics

45
Requests

96 %
HTTPS

42 %
IPv6

14
Domains

20
Subdomains

19
IPs

2
Countries

2902 kB
Transfer

10459 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://my.fridayfeedback.com/ HTTP 301
    http://my.friday.app/ HTTP 307
    https://my.friday.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
my.friday.app/
Redirect Chain
  • https://my.fridayfeedback.com/
  • http://my.friday.app/
  • https://my.friday.app/
12 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://my.friday.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.69.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f97053df4100c59ec5a148004060de16cd54b89129380e21a3c4d5c4f058804
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://*.joinspace.co; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
my.friday.app
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
text/html
last-modified
Wed, 26 May 2021 14:56:35 GMT
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-security-policy
default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://*.joinspace.co; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
referrer-policy
same-origin
content-encoding
gzip
date
Wed, 26 May 2021 18:26:45 GMT
cache-control
max-age=3600
etag
W/"a07b221709d8e6a28b2ee93ee7652754"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
via
1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
a3UfephdIhYupXsvGnX4fB-7iFgbsDNFCWpAeinOfbIjIadgxrNHCg==

Redirect headers

Location
https://my.friday.app/
Non-Authoritative-Reason
HSTS
icon
fonts.googleapis.com/ 		568 B
461 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: my.friday.app
URL: https://my.friday.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
08c8a6b9d55c71f4802ed4d7fc8ea16fd67585c92d74e488076fed2ef0907f01
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 26 May 2021 18:26:45 GMT
server
ESF
date
Wed, 26 May 2021 18:26:45 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 26 May 2021 18:26:45 GMT
/
js.stripe.com/v3/ 		237 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: my.friday.app
URL: https://my.friday.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c7119fd70f6d0d56dfe45d1d70523f07c1484c738e714d60e2f117da5730609d
Security Headers
Name Value
Content-Security-Policy connect-src 'self' https://api.stripe.com https://errors.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; media-src 'none'; object-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 26 May 2021 18:26:45 GMT
content-encoding
br
vary
Accept-Encoding
age
158
via
1.1 varnish
x-cache
HIT
content-length
56215
x-amz-id-2
Rt+OCHTsU/FpymKGzyZ+f7+uKePt3xXEF6pg1PAVb8FUWUUYA1iGS7S7f8U0QMj/rd/2RURovpw=
x-served-by
cache-hhn4067-HHN
timing-allow-origin
*
last-modified
Tue, 25 May 2021 19:52:45 GMT
server
AmazonS3
etag
"ad1b1b4211b7650cbfc7ca6be4f60286"
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-amz-request-id
90DZV26X4A2PCJ5E
access-control-allow-origin
*
cache-control
public, max-age=300
content-security-policy
connect-src 'self' https://api.stripe.com https://errors.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; media-src 'none'; object-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-cache-hits
210
js
maps.google.com/maps/api/ 		135 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps/api/js?key=AIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&libraries=places
Requested by
Host: my.friday.app
URL: https://my.friday.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
89b21c11fc01417923e2f25c3f5a17c0b2bf21cde9f6a30281cc2f68f9ace61d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 26 May 2021 18:26:45 GMT
content-encoding
gzip
vary
Accept-Language
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
server-timing
gfet4t7; dur=18
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45025
x-xss-protection
0
expires
Wed, 26 May 2021 18:56:45 GMT
2.7647abd0.chunk.css
my.friday.app/static/css/ 		61 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.friday.app/static/css/2.7647abd0.chunk.css
Requested by
Host: my.friday.app
URL: https://my.friday.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.69.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b74e9d952887788ab7ea602cfa09e0f65506364079bd48f46f0b5e43664758ed
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://*.joinspace.co; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/static/css/2.7647abd0.chunk.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
my.friday.app
referer
https://my.friday.app/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-C1
x-cache
RefreshHit from cloudfront
date
Wed, 26 May 2021 18:26:46 GMT
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 26 May 2021 14:56:35 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"677db9729bde991211e4dad54cd2f7ef"
vary
Accept-Encoding
content-type
text/css
via
1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
cache-control
max-age=3600
content-security-policy
default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://*.joinspace.co; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
x-amz-cf-id
Mitp_dG3UKdaPmkB-Nh9OmrME2H1xJOJOeeav_fb3DdIzsSP1Douuw==
main.434e3deb.chunk.css
my.friday.app/static/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.friday.app/static/css/main.434e3deb.chunk.css
Requested by
Host: my.friday.app
URL: https://my.friday.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.69.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ac1628de43e66fdd8eec80e94ab633f4539a7bede531bf172b2348a61bf1c12c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://*.joinspace.co; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/static/css/main.434e3deb.chunk.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
my.friday.app
referer
https://my.friday.app/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-C1
x-cache
RefreshHit from cloudfront
date
Wed, 26 May 2021 18:26:46 GMT
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 26 May 2021 14:56:35 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"e9abccdce26dfacf62580fb4e9039372"
vary
Accept-Encoding
content-type
text/css
via
1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
cache-control
max-age=3600
content-security-policy
default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://*.joinspace.co; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
x-amz-cf-id
WcgOO-B5Vm87a7e6lfGSrKze1lFJpBbFLNKAsrkC6ZtM-vMEUHoa1w==
2.0d8f90b4.chunk.js
my.friday.app/static/js/ 		6 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.friday.app/static/js/2.0d8f90b4.chunk.js
Requested by
Host: my.friday.app
URL: https://my.friday.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.69.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01f61f3f04a6728122776b54842bfc66ec9c66f78fa436ca547cda1ae3e7ad1d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://*.joinspace.co; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/static/js/2.0d8f90b4.chunk.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
my.friday.app
referer
https://my.friday.app/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
795
x-cache
Hit from cloudfront
date
Wed, 26 May 2021 18:13:31 GMT
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 26 May 2021 14:56:36 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"9436e92c8b434ba95590a8fabca6c963"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
cache-control
max-age=3600
content-security-policy
default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://*.joinspace.co; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
69RIAEv8BibEOJ4etVEnbewMb7L5lYeYcjq5dbRIFhe4lo1j_dyl1g==
main.cf2d5a2a.chunk.js
my.friday.app/static/js/ 		2 MB
422 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.friday.app/static/js/main.cf2d5a2a.chunk.js
Requested by
Host: my.friday.app
URL: https://my.friday.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.69.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9e45e5a26a5136ef24a418335f0e712b851f2956be05c46a03bab97bb8b8916a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://*.joinspace.co; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:path
/static/js/main.cf2d5a2a.chunk.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
my.friday.app
referer
https://my.friday.app/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://my.friday.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-C1
x-cache
Hit from cloudfront
date
Wed, 26 May 2021 18:26:45 GMT
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 26 May 2021 14:56:36 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"45d24fa8e254f8eacd2d3d039fae0165"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
cache-control
max-age=3600
content-security-policy
default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://*.joinspace.co; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
x-amz-cf-id
SIQLDfi7LdZjIYuQA7_KtsY35fh2vkoYg4v6PZPL36v2l0TPlAazcg==
rollbar.min.js
cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/ 		73 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/rollbar.min.js
Requested by
Host: my.friday.app
URL: https://my.friday.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
976276e6b8e6b093abfe1a756a4efec5b0faec3710523c28ddaeff6a0dd6ec0a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Origin
https://my.friday.app
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 26 May 2021 18:26:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
564602
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
19937
cf-request-id
0a4b86e7010000073e5c8f2000000001
timing-allow-origin
*
last-modified
Fri, 24 Jul 2020 00:32:32 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f1a2c20-1247c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=JofUOiqMDJmN9ne0H040eWtBq7PrpSHD5aqWS4fXhOVEnnqGkBzsaanLdDfEIg%2BHuCd5WQh7GEqzSHFOxN2Y6YLdvuFgkis6hG3ZeljSH1we%2BrQP88loqCU%2BJh3mZ7CiuNgaAI2pkon4Vt6BLg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
65590db80d7b073e-FRA
expires
Mon, 16 May 2022 18:26:45 GMT
shim.js
cdn.userleap.com/ 		190 KB
191 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.userleap.com/shim.js?id=gbcITUYidA
Requested by
Host: my.friday.app
URL: https://my.friday.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.74.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-74-108.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
160c7a3aed5254b183593c9aa097053bf4400635772f775dd301000d09fbff32

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
rtFLDZfvgl9A9L8rO9aZbFmqR_BBckiL
via
1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront)
last-modified
Fri, 14 May 2021 21:47:39 GMT
server
AmazonS3
age
9192
etag
"bdb41db98dd38f3b512ce5d708f3c027"
x-cache
Hit from cloudfront
content-type
application/octet-stream
date
Wed, 26 May 2021 15:53:33 GMT
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
194825
x-amz-cf-id
0-FUf4EOm2XUL9a2CNmoGRkBR1LGqhxPHcP4gE8Ks3VjoVjDDQdwYQ==
t_2_11_0.js
d11nren7v6sgqv.cloudfront.net/ 		97 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d11nren7v6sgqv.cloudfront.net/t_2_11_0.js
Requested by
Host: my.friday.app
URL: https://my.friday.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:6800:e:a8c5:71c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9cdc0eac8b82e4eddf8307971b97ff9677ac0321eac6e03c38d4a0382c57519a

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 26 May 2021 18:26:46 GMT
via
1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront)
last-modified
Wed, 16 Oct 2019 23:29:23 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
etag
"72fa886655afeaa0fa20003e48d4111c"
x-cache
RefreshHit from cloudfront
content-type
binary/octet-stream
accept-ranges
bytes
content-length
98838
x-amz-cf-id
OsRKkj5XdARrc9fG_wSN2hyUaqctF5NBNlu10pFpD7vClhTPTCKWUQ==
css
fonts.googleapis.com/ 		4 KB
514 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=DM+Sans:400,400i,500,500i,700,700i&display=swap
Requested by
Host: my.friday.app
URL: https://my.friday.app/static/css/main.434e3deb.chunk.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
13749f5c9699919bdb871c3d5084a838e1aa64867a65e3ab58d87e4401c2c0da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 26 May 2021 18:26:45 GMT
server
ESF
date
Wed, 26 May 2021 18:26:45 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 26 May 2021 18:26:45 GMT
common.js
maps.google.com/maps-api-v3/api/js/44/14/ 		85 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/44/14/common.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?key=AIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&libraries=places
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
77f8a961ed1253a7428ca62e45a4994ae634baf5471d1b9781346f5e23f88851
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 26 May 2021 17:19:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 11 May 2021 18:12:22 GMT
server
sffe
age
4052
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31670
x-xss-protection
0
expires
Thu, 26 May 2022 17:19:13 GMT
util.js
maps.google.com/maps-api-v3/api/js/44/14/ 		280 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/44/14/util.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?key=AIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&libraries=places
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3f9ac1030db5051a8f8d0566d8ba8b691a13f318d42f6de2568b372d47a831b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 26 May 2021 17:19:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 11 May 2021 18:12:22 GMT
server
sffe
age
4050
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
87588
x-xss-protection
0
expires
Thu, 26 May 2022 17:19:15 GMT
controls.js
maps.google.com/maps-api-v3/api/js/44/14/ 		90 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/44/14/controls.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?key=AIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&libraries=places
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f62597761d6440800c5e7dd82856c8df95fed32a87eeda64343630f40f2020da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 26 May 2021 17:19:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 11 May 2021 18:12:22 GMT
server
sffe
age
4037
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27690
x-xss-protection
0
expires
Thu, 26 May 2022 17:19:28 GMT
places_impl.js
maps.google.com/maps-api-v3/api/js/44/14/ 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/44/14/places_impl.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?key=AIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&libraries=places
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a2f7e65c082e5eac2bad3c1106a6c1391259dab235aad860cd6a824177c8c7f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 26 May 2021 17:27:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 11 May 2021 18:12:22 GMT
server
sffe
age
3527
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16909
x-xss-protection
0
expires
Thu, 26 May 2022 17:27:58 GMT
geocoder.js
maps.google.com/maps-api-v3/api/js/44/14/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/44/14/geocoder.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?key=AIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&libraries=places
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae9771f1890bf2b4532a62f59f5dab4296894bbdea320ba7b4d5f1d5d07f3576
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 26 May 2021 17:23:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 11 May 2021 18:12:22 GMT
server
sffe
age
3786
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1343
x-xss-protection
0
expires
Thu, 26 May 2022 17:23:39 GMT
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: my.friday.app
URL: https://my.friday.app/static/js/2.0d8f90b4.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 09 Apr 2021 23:59:54 GMT
server
Golfe2
age
3410
date
Wed, 26 May 2021 17:29:56 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19569
expires
Wed, 26 May 2021 19:29:56 GMT
/
api.rollbar.com/api/1/item/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.rollbar.com/api/1/item/
Protocol
H2
Server
35.201.81.77 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-rollbar-access-token
Origin
https://my.friday.app
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
nginx/1.17.9
date
Wed, 26 May 2021 18:26:46 GMT
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-headers
content-type,x-rollbar-access-token
x-response-time
0ms
via
1.1 google
alt-svc
clear
/
api.rollbar.com/api/1/item/ 		100 B
193 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rollbar.com/api/1/item/
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.81.77 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
bc9e27b51b8e09aa8eb934730f0f1e125c8aad0da7d4482627a3fc1761288109

Request headers

X-Rollbar-Access-Token
c39d27ff93bb45c09bdf36404a811863
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

x-response-time
183ms
date
Wed, 26 May 2021 18:26:46 GMT
via
1.1 google
server
nginx/1.17.9
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
alt-svc
clear
content-length
100
truncated
/ 		38 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/webp
123fe17a-af18-48f9-bffe-c364b3cf72fc
https://my.friday.app/ 		7 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://my.friday.app/123fe17a-af18-48f9-bffe-c364b3cf72fc
Requested by
Host: my.friday.app
URL: https://my.friday.app/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af583950ecdcf9f580e591a637dff4309cf31bb911fb6f36c8d9846052d75fed

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
7667
m-outer-257db74dfc4594d2bb652dc7b646dbc5.html
js.stripe.com/v3/ Frame CA37 		215 B
532 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-257db74dfc4594d2bb652dc7b646dbc5.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
177b03c6d80b7ba81412d538c1dbd74ba27c933a2cd8be0f802236e9f796d42e
Security Headers
Name Value
Content-Security-Policy connect-src 'self'; default-src 'self'; font-src 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:method
GET
:authority
js.stripe.com
:scheme
https
:path
/v3/m-outer-257db74dfc4594d2bb652dc7b646dbc5.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-id-2
xxyuoGHP5u0HOJCa4BUN2lHtiEypUxdTnHbKkcti4r7e/b/aQLjNPbRpXddH6T+WqeMsn54w1ZI=
x-amz-request-id
HA1X66R2VCJ7D9CP
last-modified
Wed, 19 May 2021 22:00:34 GMT
etag
"257db74dfc4594d2bb652dc7b646dbc5"
cache-control
public, max-age=300
content-type
text/html; charset=utf-8
server
AmazonS3
content-encoding
br
accept-ranges
bytes
date
Wed, 26 May 2021 18:26:46 GMT
via
1.1 varnish
age
160
x-served-by
cache-hhn4067-HHN
x-cache
HIT
x-cache-hits
473
vary
Accept-Encoding
access-control-allow-origin
*
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
content-security-policy
connect-src 'self'; default-src 'self'; font-src 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'
content-length
129
i
t.friday.app/ 		43 B
666 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.friday.app/i?stm=1622053606402&e=pv&url=https%3A%2F%2Fmy.friday.app%2F&page=Friday&tv=js-2.11.0&tna=cf&aid=site&p=web&tz=Europe%2FBerlin&lang=en-US&cs=UTF-8&res=1600x1200&cd=24&cookie=1&eid=cae4d230-39f6-4793-912d-3e1b02a33021&dtm=1622053606400&vp=1600x1200&ds=1600x1200&vid=1&sid=03d24320-695f-493f-b1d3-8cbe3f005de2&duid=512d42e5-4b63-456c-ad34-e13f37c9a51a&fp=1072425006&cx=eyJzY2hlbWEiOiJpZ2x1OmNvbS5zbm93cGxvd2FuYWx5dGljcy5zbm93cGxvdy9jb250ZXh0cy9qc29uc2NoZW1hLzEtMC0wIiwiZGF0YSI6W3sic2NoZW1hIjoiaWdsdTpjb20uZ29vZ2xlLmFuYWx5dGljcy9jb29raWVzL2pzb25zY2hlbWEvMS0wLTAiLCJkYXRhIjp7fX0seyJzY2hlbWEiOiJpZ2x1OmNvbS5zbm93cGxvd2FuYWx5dGljcy5zbm93cGxvdy93ZWJfcGFnZS9qc29uc2NoZW1hLzEtMC0wIiwiZGF0YSI6eyJpZCI6Ijg4Y2VlYWUzLTZjODctNDJmNi1iNDgwLTBjYThlYTE0MDRmMiJ9fSx7InNjaGVtYSI6ImlnbHU6b3JnLnczL1BlcmZvcm1hbmNlVGltaW5nL2pzb25zY2hlbWEvMS0wLTAiLCJkYXRhIjp7Im5hdmlnYXRpb25TdGFydCI6MTYyMjA1MzYwMzk5NiwidW5sb2FkRXZlbnRTdGFydCI6MCwidW5sb2FkRXZlbnRFbmQiOjAsInJlZGlyZWN0U3RhcnQiOjAsInJlZGlyZWN0RW5kIjowLCJmZXRjaFN0YXJ0IjoxNjIyMDUzNjA0NjI2LCJkb21haW5Mb29rdXBTdGFydCI6MTYyMjA1MzYwNDYyNywiZG9tYWluTG9va3VwRW5kIjoxNjIyMDUzNjA0NjcyLCJjb25uZWN0U3RhcnQiOjE2MjIwNTM2MDQ2NzIsImNvbm5lY3RFbmQiOjE2MjIwNTM2MDQ3NzAsInNlY3VyZUNvbm5lY3Rpb25TdGFydCI6MTYyMjA1MzYwNDY5MCwicmVxdWVzdFN0YXJ0IjoxNjIyMDUzNjA0NzcwLCJyZXNwb25zZVN0YXJ0IjoxNjIyMDUzNjA1MDQwLCJyZXNwb25zZUVuZCI6MTYyMjA1MzYwNTA0MSwiZG9tTG9hZGluZyI6MTYyMjA1MzYwNTA0NSwiZG9tSW50ZXJhY3RpdmUiOjE2MjIwNTM2MDYzODQsImRvbUNvbnRlbnRMb2FkZWRFdmVudFN0YXJ0IjoxNjIyMDUzNjA2Mzg0LCJkb21Db250ZW50TG9hZGVkRXZlbnRFbmQiOjE2MjIwNTM2MDYzODYsImRvbUNvbXBsZXRlIjowLCJsb2FkRXZlbnRTdGFydCI6MCwibG9hZEV2ZW50RW5kIjowfX1dfQ
Requested by
Host: my.friday.app
URL: https://my.friday.app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.200.162.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
akka-http/10.0.9 /
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 26 May 2021 18:26:46 GMT
access-control-allow-credentials
true
server
akka-http/10.0.9
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
content-length
43
content-type
image/gif
m-outer-b07c750376b94b0da646edc72e01a46a.js
js.stripe.com/v3/fingerprinted/js/ Frame CA37 		1 KB
831 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-b07c750376b94b0da646edc72e01a46a.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-257db74dfc4594d2bb652dc7b646dbc5.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
45d29ba161d1bd7045e4061c1f010e9e427c2b7187f35f43f4ea77168fda261c
Security Headers
Name Value
Content-Security-Policy connect-src 'self' https://api.stripe.com https://errors.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; media-src 'none'; object-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://js.stripe.com/v3/m-outer-257db74dfc4594d2bb652dc7b646dbc5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 26 May 2021 18:26:46 GMT
content-encoding
br
vary
Accept-Encoding
age
165
via
1.1 varnish
x-cache
HIT
content-length
630
x-amz-id-2
rILLDFWyMc4VA5Kb1XLmb806371uMYFuJdocNM0S44IcYX0xI4aKEuUUYS5proo04qxj63e5Vig=
x-served-by
cache-hhn4067-HHN
timing-allow-origin
*
last-modified
Wed, 19 May 2021 22:00:35 GMT
server
AmazonS3
etag
"ae48007340e7711406d5c8c60a6c92fe"
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-amz-request-id
0XJTJ07EXTVMSCTT
access-control-allow-origin
*
cache-control
public, max-age=300
content-security-policy
connect-src 'self' https://api.stripe.com https://errors.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; media-src 'none'; object-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-cache-hits
464
inner.html
m.stripe.network/ Frame 4D5C 		932 B
984 B 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-b07c750376b94b0da646edc72e01a46a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
52fb9ace8bb7e59f6fc283763ce819175a60e566d7248f5de82b4d00d6b14c7d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://m.stripe.com https://stripensrq.global.ssl.fastly.net/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:method
GET
:authority
m.stripe.network
:scheme
https
:path
/inner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://js.stripe.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://js.stripe.com/

Response headers

server
nginx
content-type
text/html; charset=utf-8
last-modified
Thu, 20 May 2021 17:57:41 GMT
etag
W/"60a6a315-3a4"
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
public, max-age=300
timing-allow-origin
*
content-security-policy
default-src 'self'; connect-src 'self' https://m.stripe.com https://stripensrq.global.ssl.fastly.net/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
date
Wed, 26 May 2021 18:26:46 GMT
age
186
x-served-by
cache-sea4448-SEA, cache-hhn4067-HHN
x-cache
HIT, HIT
x-cache-hits
4, 618
x-timer
S1622053606.488173,VS0,VE0
vary
Accept-Encoding
content-length
537
out-4.5.35.js
m.stripe.network/ Frame 4D5C 		85 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.35.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
847a624eddae67f7b34622fa6e6329228d5ce6dbd5ccb13f993969a63f53b6bb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://m.stripe.com https://stripensrq.global.ssl.fastly.net/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
etag
W/"60a6a315-153a9"
age
14
x-cache
HIT, HIT
content-length
18319
x-served-by
cache-sea4422-SEA, cache-hhn4067-HHN
last-modified
Thu, 20 May 2021 17:57:41 GMT
server
nginx
x-timer
S1622053607.524769,VS0,VE0
date
Wed, 26 May 2021 18:26:46 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=300
content-security-policy
default-src 'self'; connect-src 'self' https://m.stripe.com https://stripensrq.global.ssl.fastly.net/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
1, 66
config
api.userleap.com/1/environments/gbcITUYidA/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.userleap.com/1/environments/gbcITUYidA/config
Protocol
H2
Server
34.225.60.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type,userleap-platform,x-ul-environment,x-ul-sdk-version
Origin
https://my.friday.app
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 26 May 2021 18:26:47 GMT
ratelimit-remaining
99952
ratelimit-reset
1
x-ratelimit-remaining-second
99952
x-ratelimit-limit-second
100000
ratelimit-limit
100000
x-request-id
4a6bc8e5-347d-420e-ba9d-e840c4e69420
timing-allow-origin
https://app.userleap.com, https://app-staging.userleap.com
access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
content-type,userleap-platform,x-ul-environment,x-ul-sdk-version
access-control-expose-headers
Content-Disposition
x-kong-upstream-latency
1
x-kong-proxy-latency
1
via
kong/2.4.0
/
beacon-v2.helpscout.net/ 		293 B
619 B 		Script
General
Check archive.org
Download Go to
Full URL
https://beacon-v2.helpscout.net/
Requested by
Host: my.friday.app
URL: https://my.friday.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.99.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ea594a20d5ce8f553d4b8dac3aba52c95c793e43af079fa48d5a0642240d3a55

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 26 May 2021 18:26:32 GMT
content-encoding
gzip
last-modified
Fri, 21 May 2021 09:07:05 GMT
server
AmazonS3
age
14
etag
"a777fa00cb9db516db5c0eb7f7b99ebe"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
cache-control
max-age=120, s-maxage=120, public
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
content-length
243
x-amz-cf-id
ntHiftPl9Ntsx7IsJGKEYjeaEzRo0z32U-BmaqwlUW90pQf7k5mWRQ==
config
api.userleap.com/1/environments/gbcITUYidA/ 		443 B
873 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.userleap.com/1/environments/gbcITUYidA/config
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/rollbar.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.225.60.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
f9db204346ae221c956981f73044a264b7bde34cbc0853a1f4a310758fd75b2d

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
x-ul-environment
gbcITUYidA
x-ul-sdk-version
1.12.1
UserLeap-Platform
web
Content-Type
application/json

Response headers

date
Wed, 26 May 2021 18:26:47 GMT
via
kong/2.4.0
x-ratelimit-limit-second
100000
ratelimit-reset
1
x-ratelimit-remaining-second
99757
x-kong-proxy-latency
1
x-kong-upstream-latency
13
ratelimit-limit
100000
content-length
443
x-request-id
e0824737-e30f-4c7f-ad1a-b99c5883bbb8
etag
W/"1bb-YRkTS3ufhxdd/kUF6ZS5uEPsTq8"
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Disposition
timing-allow-origin
https://app.userleap.com, https://app-staging.userleap.com
ratelimit-remaining
99757
6
m.stripe.com/ Frame 4D5C 		156 B
516 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.35.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.160.247 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-223-160-247.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
3604e3ec81f7c6eae67be88efc80ff6ce5b5661e6003736184bb602e4de85d79
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 26 May 2021 18:26:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Accept-Encoding
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
strict-transport-security
max-age=31556926; includeSubDomains; preload
access-control-allow-headers
Content-Type
vendor.a9bc9a1f.js
beacon-v2.helpscout.net/static/js/ 		808 KB
198 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://beacon-v2.helpscout.net/static/js/vendor.a9bc9a1f.js
Requested by
Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.99.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5f20f96b5712d6c8c32efdd64790602e6bd8aeef4c72c6a7943197fc9e3e0a57

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 26 May 2021 17:07:18 GMT
content-encoding
gzip
last-modified
Fri, 21 May 2021 09:07:06 GMT
server
AmazonS3
age
4775
etag
"81689fedd1a5cebe2c9d906ec2459682"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
cache-control
max-age=315360000, s-maxage=7200, public
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
content-length
202294
x-amz-cf-id
WRlkWBmlMl6uy-6zO13eLwgTDSQG1MwrnAAQ2h-8WTQT6eDVtRyMKQ==
main.1835c942.js
beacon-v2.helpscout.net/static/js/ 		350 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://beacon-v2.helpscout.net/static/js/main.1835c942.js
Requested by
Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.99.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3ef21bd399af4ca6d25b4719ee89bedc39d60751ba04c54c4a4f2752e7738d2e

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 26 May 2021 17:07:15 GMT
content-encoding
gzip
last-modified
Fri, 21 May 2021 09:07:06 GMT
server
AmazonS3
age
4775
etag
"58254d39ace077b29883d9ec8ab24679"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
cache-control
max-age=315360000, s-maxage=7200, public
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
content-length
74693
x-amz-cf-id
_j0I7p_rN-PzT0CcdYXF48cQmde3E5gwsq6R5sw53xUWDJGXYjWgbQ==
e58ed224-f22d-43af-b700-204812e1f325
d3hb14vkzrxvla.cloudfront.net/v1/ 		7 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d3hb14vkzrxvla.cloudfront.net/v1/e58ed224-f22d-43af-b700-204812e1f325
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.156.186 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d1b7d7b9de290bf273b4c6e674a32c119035c72512e924956fe2c0c9289fadda
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

correlationId
37841cef-b5f4-4c3b-bd8b-280e12d298c3
Accept
application/json, text/plain, */*
Referer
Helpscout-Release
2.1.86
Beacon-Device-ID
5cec5653-f24e-4577-a1c0-ef01ee4df419
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Helpscout-Origin
Beacon-Embed

Response headers

date
Wed, 26 May 2021 18:26:47 GMT
via
1.1 4ecd74dda94d7576e134fcdf16df8129.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-C1
x-ratelimit-remaining-general-minute
150
x-cache
Miss from cloudfront
x-ratelimit-remaining-identify-hour
50
x-ratelimit-limit-general-minute
150
x-ratelimit-remaining-conversations-hour
25
x-ratelimit-limit-identify-hour
50
x-ratelimit-remaining-chat-tokens-hour
50
x-ratelimit-limit-conversations-hour
25
vary
Origin,Access-Control-Request-Method
strict-transport-security
max-age=31536000; includeSubDomains
x-ratelimit-remaining-attachments-hour
25
access-control-allow-origin
https://my.friday.app
access-control-expose-headers
Resource-ID
cache-control
max-age=300
access-control-allow-credentials
true
content-type
application/json
x-amz-cf-id
9uz_7tHaW5ohmymypIvlSAKhOKSm2FEqDVkV7Is8a8Od3m6H0GuhAQ==
x-ratelimit-limit-attachments-hour
25
x-ratelimit-limit-chat-tokens-hour
50
e58ed224-f22d-43af-b700-204812e1f325
d3hb14vkzrxvla.cloudfront.net/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://d3hb14vkzrxvla.cloudfront.net/v1/e58ed224-f22d-43af-b700-204812e1f325
Protocol
H2
Server
13.226.156.186 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
beacon-device-id,correlationid,helpscout-origin,helpscout-release
Origin
https://my.friday.app
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
date
Wed, 26 May 2021 18:26:47 GMT
access-control-allow-origin
https://my.friday.app
access-control-allow-methods
GET
access-control-allow-headers
beacon-device-id, correlationid, helpscout-origin, helpscout-release
access-control-allow-credentials
true
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-ratelimit-limit-conversations-hour
25
x-ratelimit-remaining-conversations-hour
25
x-ratelimit-limit-identify-hour
50
x-ratelimit-remaining-identify-hour
50
x-ratelimit-limit-chat-tokens-hour
50
x-ratelimit-remaining-chat-tokens-hour
50
x-ratelimit-limit-general-minute
150
x-ratelimit-remaining-general-minute
150
x-ratelimit-limit-attachments-hour
25
x-ratelimit-remaining-attachments-hour
25
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin,Access-Control-Request-Method
x-cache
Miss from cloudfront
via
1.1 4ecd74dda94d7576e134fcdf16df8129.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-C1
x-amz-cf-id
tmg8NzUFlbMQLw7dqoNUIjBa3b7ZGN9fRsiQaiK18yo8CgzinaZoTw==
visitors
api.userleap.com/1/environments/gbcITUYidA/ 		244 B
672 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.userleap.com/1/environments/gbcITUYidA/visitors
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/rollbar.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.225.60.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
f705c030949cbf5f15dd891b5b90feaa961497450239c4bbeb109bf7a4942af4

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
x-ul-environment
gbcITUYidA
x-ul-sdk-version
1.12.1
UserLeap-Platform
web
Content-Type
application/json

Response headers

date
Wed, 26 May 2021 18:26:47 GMT
via
kong/2.4.0
x-ratelimit-limit-second
100000
ratelimit-reset
1
x-ratelimit-remaining-second
99364
x-kong-proxy-latency
0
x-kong-upstream-latency
16
ratelimit-limit
100000
content-length
244
x-request-id
f789aa30-345e-4a07-87b1-b99e5fd11903
etag
W/"f4-d4lJBMdLBh19e8WsJMh0uRHboYI"
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Disposition
timing-allow-origin
https://app.userleap.com, https://app-staging.userleap.com
ratelimit-remaining
99364
visitors
api.userleap.com/1/environments/gbcITUYidA/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.userleap.com/1/environments/gbcITUYidA/visitors
Protocol
H2
Server
34.225.60.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,userleap-platform,x-ul-environment,x-ul-sdk-version
Origin
https://my.friday.app
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 26 May 2021 18:26:47 GMT
x-ratelimit-remaining-second
99505
x-ratelimit-limit-second
100000
ratelimit-limit
100000
ratelimit-remaining
99505
ratelimit-reset
1
x-request-id
cf1381f3-1860-4feb-a581-6913ccc5bb59
timing-allow-origin
https://app.userleap.com, https://app-staging.userleap.com
access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
content-type,userleap-platform,x-ul-environment,x-ul-sdk-version
access-control-expose-headers
Content-Disposition
x-kong-upstream-latency
3
x-kong-proxy-latency
1
via
kong/2.4.0
agents
d3hb14vkzrxvla.cloudfront.net/v1/e58ed224-f22d-43af-b700-204812e1f325/ 		245 B
963 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d3hb14vkzrxvla.cloudfront.net/v1/e58ed224-f22d-43af-b700-204812e1f325/agents
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.156.186 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
12778274fa6e534a8eedb25279fac9dac654d0617cebd83d09b05883e97a00a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

correlationId
6fa41699-9925-4fda-a694-228a0e928302
Accept
application/json, text/plain, */*
Referer
Helpscout-Release
2.1.86
Beacon-Device-ID
5cec5653-f24e-4577-a1c0-ef01ee4df419
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Helpscout-Origin
Beacon-Embed

Response headers

date
Wed, 26 May 2021 18:26:47 GMT
via
1.1 4ecd74dda94d7576e134fcdf16df8129.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-C1
x-ratelimit-remaining-general-minute
150
x-cache
Miss from cloudfront
x-ratelimit-remaining-identify-hour
50
x-ratelimit-limit-general-minute
150
x-ratelimit-remaining-conversations-hour
25
x-ratelimit-limit-identify-hour
50
x-ratelimit-remaining-chat-tokens-hour
50
x-ratelimit-limit-conversations-hour
25
vary
Origin,Access-Control-Request-Method
strict-transport-security
max-age=31536000; includeSubDomains
x-ratelimit-remaining-attachments-hour
25
access-control-allow-origin
https://my.friday.app
access-control-expose-headers
Resource-ID
cache-control
max-age=600
access-control-allow-credentials
true
content-type
application/json
x-amz-cf-id
4gxVNSnhrwowPBsNbMkgUuqTm4mtZ6q5aWKvhdRXUdxfFf1rrnWVfg==
x-ratelimit-limit-attachments-hour
25
x-ratelimit-limit-chat-tokens-hour
50
agents
d3hb14vkzrxvla.cloudfront.net/v1/e58ed224-f22d-43af-b700-204812e1f325/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://d3hb14vkzrxvla.cloudfront.net/v1/e58ed224-f22d-43af-b700-204812e1f325/agents
Protocol
H2
Server
13.226.156.186 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
beacon-device-id,correlationid,helpscout-origin,helpscout-release
Origin
https://my.friday.app
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
date
Wed, 26 May 2021 18:26:47 GMT
access-control-allow-origin
https://my.friday.app
access-control-allow-methods
GET
access-control-allow-headers
beacon-device-id, correlationid, helpscout-origin, helpscout-release
access-control-expose-headers
Resource-ID
access-control-allow-credentials
true
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-ratelimit-limit-conversations-hour
25
x-ratelimit-remaining-conversations-hour
25
x-ratelimit-limit-identify-hour
50
x-ratelimit-remaining-identify-hour
50
x-ratelimit-limit-chat-tokens-hour
50
x-ratelimit-remaining-chat-tokens-hour
50
x-ratelimit-limit-general-minute
150
x-ratelimit-remaining-general-minute
150
x-ratelimit-limit-attachments-hour
25
x-ratelimit-remaining-attachments-hour
25
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin,Access-Control-Request-Method
x-cache
Miss from cloudfront
via
1.1 4ecd74dda94d7576e134fcdf16df8129.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-C1
x-amz-cf-id
gE4grcnqLUcldn2la80HbJo4zm1Dtj5yvY1Khw8B49VtSVwu29k6Sg==
AuthenticationService.Authenticate
maps.googleapis.com/maps/api/js/ 		62 B
207 B 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fmy.friday.app%2F&4sAIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&callback=_xdc_._nb9dk9&key=AIzaSyAaXMfdByWHE4AZrgcFaEvftmVIQserzGQ&token=109073
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps-api-v3/api/js/44/14/common.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
1c585399d93b641847ac1b330ecab684e12e1c1f93d4b6860da091f7aae66074
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 26 May 2021 18:26:50 GMT
content-encoding
gzip
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
content-disposition
attachment
server-timing
gfet4t7; dur=30
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/ Frame 6381 		1 KB
426 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Barlow:500&display=swap
Requested by
Host: my.friday.app
URL: https://my.friday.app/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2056937c6ec7a210cbd8a72cb8e97acbaad99455a8ce48e9b16d7c42d62cbdc4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 26 May 2021 18:12:22 GMT
server
ESF
date
Wed, 26 May 2021 18:26:55 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 26 May 2021 18:26:55 GMT
notifications.008239e6.chunk.js
beacon-v2.helpscout.net/static/js/ 		131 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://beacon-v2.helpscout.net/static/js/notifications.008239e6.chunk.js
Requested by
Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/static/js/vendor.a9bc9a1f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.99.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cf053390f39d9597ef297cb6b182f1aecc17608ac25f56e96750f8d40fdee881

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 26 May 2021 17:11:50 GMT
content-encoding
gzip
last-modified
Fri, 21 May 2021 09:07:06 GMT
server
AmazonS3
age
4537
etag
"256d023e99c7d7317b96ee15a91e6968"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
cache-control
max-age=315360000, s-maxage=7200, public
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
content-length
25297
x-amz-cf-id
sGGgiDspg1iX_HmjjRvvP8QgADiaa3Lrzx93SxEd1Y9CfSOF2DIGmQ==
7cHqv4kjgoGqM7E3_-gs51os.woff2
fonts.gstatic.com/s/barlow/v5/ Frame 6381 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E3_-gs51os.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Barlow:500&display=swap
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bf6c1e2f8c250b7efeb5d250181599880b1c17efc3c94466aa5d847454bf14ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://my.friday.app
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 25 May 2021 23:17:20 GMT
x-content-type-options
nosniff
last-modified
Thu, 10 Sep 2020 17:07:49 GMT
server
sffe
age
68975
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20348
x-xss-protection
0
expires
Wed, 25 May 2022 23:17:20 GMT
events
beaconapi.helpscout.net/v1/e58ed224-f22d-43af-b700-204812e1f325/messages/e361158a-1935-4c68-91c3-1333065854a1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://beaconapi.helpscout.net/v1/e58ed224-f22d-43af-b700-204812e1f325/messages/e361158a-1935-4c68-91c3-1333065854a1/events
Protocol
H2
Server
3.219.14.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
beacon-device-id,content-type,correlationid,helpscout-origin,helpscout-release
Origin
https://my.friday.app
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 26 May 2021 18:26:55 GMT
content-length
0
x-ratelimit-remaining-minute
299
x-ratelimit-limit-minute
300
ratelimit-remaining
299
ratelimit-limit
300
ratelimit-reset
5
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
access-control-allow-origin
https://my.friday.app
access-control-allow-methods
POST
access-control-allow-headers
beacon-device-id, content-type, correlationid, helpscout-origin, helpscout-release
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
events
beaconapi.helpscout.net/v1/e58ed224-f22d-43af-b700-204812e1f325/messages/e361158a-1935-4c68-91c3-1333065854a1/ 		0
331 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://beaconapi.helpscout.net/v1/e58ed224-f22d-43af-b700-204812e1f325/messages/e361158a-1935-4c68-91c3-1333065854a1/events
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/rollbar.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.219.14.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

correlationId
fc36526c-9a8a-4186-a3d7-9afee4d9e64a
Helpscout-Release
2.1.86
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Referer
Beacon-Device-ID
5cec5653-f24e-4577-a1c0-ef01ee4df419
Helpscout-Origin
Beacon-Embed

Response headers

date
Wed, 26 May 2021 18:26:56 GMT
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
ratelimit-reset
4
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json
access-control-allow-origin
https://my.friday.app
access-control-allow-credentials
true
x-ratelimit-remaining-minute
298
ratelimit-limit
300
ratelimit-remaining
298
content-length
0
x-ratelimit-limit-minute
300
ZaVnC4dhaV0oCnAGiIN3ha-1ReTFUmYQKEeuU1KfmmWiyiPmKlUCXWx21t8eZ5Qa3ZQ-73kqVT1OU8skHKZRb7KRrp4nhOnFPxUcOnIShyQTcFKVsEogqg==
endpoint1.collection.us2.sumologic.com/receiver/v1/http/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
endpoint1.collection.us2.sumologic.com
URL
https://endpoint1.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV0oCnAGiIN3ha-1ReTFUmYQKEeuU1KfmmWiyiPmKlUCXWx21t8eZ5Qa3ZQ-73kqVT1OU8skHKZRb7KRrp4nhOnFPxUcOnIShyQTcFKVsEogqg==

Verdicts & Comments Add Verdict or Comment

55 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| Beacon object| google object| module$exports$mapsapi$util$event object| module$contents$mapsapi$overlay$OverlayView_OverlayView object| _rollbarConfig object| _rollbarShims object| _rollbarWrappedError function| _rollbarURH object| Rollbar function| rollbar function| UserLeap function| setCookie function| getCookie object| GlobalSnowplowNamespace function| snowplow number| _rollbarStartTime boolean| _rollbarDidLoad boolean| _rollbarInitialized object| regeneratorRuntime function| setImmediate function| clearImmediate object| __webpackStripeJSv3Jsonp function| Stripe object| webpackJsonp object| __APOLLO_CLIENT__ object| filestackInternals object| __SENTRY__ object| core number| 2f1acc6c3a606b082e5eef5e54414ffb string| GoogleAnalyticsObject function| ga function| _typeof object| Snowplow object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| beaconJsonp object| HSDSPortalWrapperGlobalManager function| __onBeaconDestroy object| beaconStore object| _xdc_

8 Cookies

Domain/Path Name / Value
.my.friday.app/ Name: __stripe_mid
Value: 005f899f-cc24-4c94-87d9-f11d5cdd3f99dcf262
.friday.app/ Name: sp-nuid
Value: f236c86d-6d3f-48a3-8580-da49e4132b39
.my.friday.app/ Name: __stripe_sid
Value: 3049128f-fbc7-41fd-b0b4-dd8572a628538447e2
my.friday.app/ Name: snowplowFingerprint
Value: 1072425006
.friday.app/ Name: _gid
Value: GA1.2.1970334164.1622053606
.friday.app/ Name: _sp_id.3abc
Value: 512d42e5-4b63-456c-ad34-e13f37c9a51a.1622053606.1.1622053606.1622053606.03d24320-695f-493f-b1d3-8cbe3f005de2
.friday.app/ Name: _ga
Value: GA1.2.1469806041.1622053606
.friday.app/ Name: _sp_ses.3abc
Value: *

1 Console Messages

Source Level URL
Text
console-api error URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.19.0/rollbar.min.js(Line 1)
Message:
TypeError: Cannot read property 'getItem' of null

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; img-src * data: blob:; connect-src 'self' https://*.videoask.com/ https://api-js.mixpanel.com/ wss://ws.inspectlet.com/ https://stats.g.doubleclick.net https://api.jam.dev/ https://*.onesignal.com/ https://onesignal.com/ https://api.openweathermap.org/ https://www.google-analytics.com https://*.googleapis.com https://*.inspectlet.com https://*.friday.app https://*.cloudfront.net https://api.rollbar.com https://api.trello.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://api.giphy.com https://api.github.com https://gitlab.com https://*.helpscout.net https://*.filestackapi.com https://api.userleap.com https://friday-marketing.cdn.prismic.io https://*.joinspace.co https://api.mapbox.com; script-src 'self' 'unsafe-inline' https://www.videoask.com/ https://jam.dev/ https://onesignal.com https://*.onesignal.com/ https://apis.google.com https://js.stripe.com https://maps.google.com https://maps.googleapis.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.inspectlet.com https://www.google-analytics.com https://cdn.headwayapp.co https://static.filestackapi.com https://canny.io https://cdn.userleap.com https://*.joinspace.co; media-src 'self' https://media.videoask.com https://*.filestackcontent.com https://*.filestackapi.com; style-src 'self' 'unsafe-inline' https://onesignal.com https://fonts.googleapis.com https://static.filestackapi.com https://cdn.headwayapp.co https://*.joinspace.co; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors *; frame-src 'self' https://www.videoask.com/ https://onesignal.com/ https://accounts.google.com https://content.googleapis.com https://js.stripe.com https://headway-widget.net https://widget.canny.io https://*.youtube.com https://*.loom.com https://*.spotify.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.rollbar.com
api.userleap.com
beacon-v2.helpscout.net
beaconapi.helpscout.net
cdn.userleap.com
cdnjs.cloudflare.com
d11nren7v6sgqv.cloudfront.net
d3hb14vkzrxvla.cloudfront.net
endpoint1.collection.us2.sumologic.com
fonts.googleapis.com
fonts.gstatic.com
js.stripe.com
m.stripe.com
m.stripe.network
maps.google.com
maps.googleapis.com
my.friday.app
my.fridayfeedback.com
t.friday.app
www.google-analytics.com
endpoint1.collection.us2.sumologic.com
13.224.99.113
13.225.74.108
13.226.156.186
151.101.112.176
2600:9000:20eb:6800:e:a8c5:71c0:21
2606:4700::6810:125e
2a00:1450:4001:800::200a
2a00:1450:4001:802::2003
2a00:1450:4001:80f::200a
2a00:1450:4001:82f::200a
2a00:1450:4001:82f::200e
2a00:1450:4001:830::200e
3.219.14.214
34.200.162.142
34.213.106.51
34.223.160.247
34.225.60.149
35.201.81.77
65.9.69.95
01f61f3f04a6728122776b54842bfc66ec9c66f78fa436ca547cda1ae3e7ad1d
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9
08c8a6b9d55c71f4802ed4d7fc8ea16fd67585c92d74e488076fed2ef0907f01
12778274fa6e534a8eedb25279fac9dac654d0617cebd83d09b05883e97a00a4
13749f5c9699919bdb871c3d5084a838e1aa64867a65e3ab58d87e4401c2c0da
160c7a3aed5254b183593c9aa097053bf4400635772f775dd301000d09fbff32
177b03c6d80b7ba81412d538c1dbd74ba27c933a2cd8be0f802236e9f796d42e
1c585399d93b641847ac1b330ecab684e12e1c1f93d4b6860da091f7aae66074
2056937c6ec7a210cbd8a72cb8e97acbaad99455a8ce48e9b16d7c42d62cbdc4
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
3604e3ec81f7c6eae67be88efc80ff6ce5b5661e6003736184bb602e4de85d79
3ef21bd399af4ca6d25b4719ee89bedc39d60751ba04c54c4a4f2752e7738d2e
3f9ac1030db5051a8f8d0566d8ba8b691a13f318d42f6de2568b372d47a831b2
45d29ba161d1bd7045e4061c1f010e9e427c2b7187f35f43f4ea77168fda261c
52fb9ace8bb7e59f6fc283763ce819175a60e566d7248f5de82b4d00d6b14c7d
5a2f7e65c082e5eac2bad3c1106a6c1391259dab235aad860cd6a824177c8c7f
5f20f96b5712d6c8c32efdd64790602e6bd8aeef4c72c6a7943197fc9e3e0a57
77f8a961ed1253a7428ca62e45a4994ae634baf5471d1b9781346f5e23f88851
847a624eddae67f7b34622fa6e6329228d5ce6dbd5ccb13f993969a63f53b6bb
89b21c11fc01417923e2f25c3f5a17c0b2bf21cde9f6a30281cc2f68f9ace61d
8f97053df4100c59ec5a148004060de16cd54b89129380e21a3c4d5c4f058804
976276e6b8e6b093abfe1a756a4efec5b0faec3710523c28ddaeff6a0dd6ec0a
9cdc0eac8b82e4eddf8307971b97ff9677ac0321eac6e03c38d4a0382c57519a
9e45e5a26a5136ef24a418335f0e712b851f2956be05c46a03bab97bb8b8916a
ac1628de43e66fdd8eec80e94ab633f4539a7bede531bf172b2348a61bf1c12c
ae9771f1890bf2b4532a62f59f5dab4296894bbdea320ba7b4d5f1d5d07f3576
af583950ecdcf9f580e591a637dff4309cf31bb911fb6f36c8d9846052d75fed
b74e9d952887788ab7ea602cfa09e0f65506364079bd48f46f0b5e43664758ed
bc9e27b51b8e09aa8eb934730f0f1e125c8aad0da7d4482627a3fc1761288109
bf6c1e2f8c250b7efeb5d250181599880b1c17efc3c94466aa5d847454bf14ef
c7119fd70f6d0d56dfe45d1d70523f07c1484c738e714d60e2f117da5730609d
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cf053390f39d9597ef297cb6b182f1aecc17608ac25f56e96750f8d40fdee881
d1b7d7b9de290bf273b4c6e674a32c119035c72512e924956fe2c0c9289fadda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea594a20d5ce8f553d4b8dac3aba52c95c793e43af079fa48d5a0642240d3a55
f62597761d6440800c5e7dd82856c8df95fed32a87eeda64343630f40f2020da
f705c030949cbf5f15dd891b5b90feaa961497450239c4bbeb109bf7a4942af4
f9db204346ae221c956981f73044a264b7bde34cbc0853a1f4a310758fd75b2d