urlscan.io logo urlscan.io
SecurityTrails logo

finmatch.my.site.com Open in urlscan Pro
2a02:26f0:3500:18::1724:a299  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://finmatch.force.com/
Effective URL: https://finmatch.my.site.com/DealerOnboarding/s/
Submission: On November 02 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 2a02:26f0:3500:18::1724:a299, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is finmatch.my.site.com.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on April 3rd 2022. Valid for: a year.
This is the only time finmatch.my.site.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 3.69.172.169 16509 (AMAZON-02)
2 16 2a02:26f0:350... 20940 (AKAMAI-ASN1)
14 2
Apex Domain
Subdomains		 Transfer
16 site.com
finmatch.my.site.com
2 MB
1 force.com
finmatch.force.com
302 B
14 2
Domain Requested by
16 finmatch.my.site.com 2 redirects finmatch.my.site.com
1 finmatch.force.com 1 redirects
14 2

This site contains no links.

Subject Issuer Validity Valid
prod.cdn.salesforce-experience.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-03 -
2023-04-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://finmatch.my.site.com/DealerOnboarding/s/
Frame ID: 52DF27C80633E5D1EA8401C828288C33
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Home

Page URL History Show full URLs

  1. http://finmatch.force.com/ HTTP 307
    https://finmatch.force.com/ HTTP 301
    https://finmatch.my.site.com/ HTTP 301
    https://finmatch.my.site.com/DealerOnboarding/ HTTP 301
    https://finmatch.my.site.com/DealerOnboarding/s/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns

Page Statistics

14
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1644 kB
Transfer

6569 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://finmatch.force.com/ HTTP 307
    https://finmatch.force.com/ HTTP 301
    https://finmatch.my.site.com/ HTTP 301
    https://finmatch.my.site.com/DealerOnboarding/ HTTP 301
    https://finmatch.my.site.com/DealerOnboarding/s/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
finmatch.my.site.com/DealerOnboarding/s/
Redirect Chain
  • http://finmatch.force.com/
  • https://finmatch.force.com/
  • https://finmatch.my.site.com/
  • https://finmatch.my.site.com/DealerOnboarding/
  • https://finmatch.my.site.com/DealerOnboarding/s/
143 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://finmatch.my.site.com/DealerOnboarding/s/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2b53d28f6c18f9c78d241f4f3b8cbf10214d19c58d54200abb3f6078fd48a003
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-nProzfHNb3MtEGpvxcMQ71uspEHIBkSS' https://service.force.com/embeddedservice/ import: blob: https://uip.canary.lwc.dev; object-src 'self' www.google.com; style-src 'self' 'unsafe-inline' https://service.force.com/embeddedservice/ https://fonts.googleapis.com/css2 https://fonts.googleapis.com/css blob:; img-src 'self' data: blob: https://finmatch.my.salesforce.com https://finmatch.file.force.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://login.salesforce.com/icons/ https://deu5.sfdc-yzvdd4.salesforce.com/icons/; media-src 'self'; frame-ancestors 'self'; frame-src 'self' https://service.force.com/embeddedservice/ https://deu5.sfdc-yzvdd4.salesforce.com https://sfdc-link-preview-staging.sfdc.sh https://sfdc-link-preview.hk.salesforce.com https://cdn.embedly.com https://www.youtube.com https://player.vimeo.com https://play.vidyard.com https://player.cloudinary.com https://fast.wistia.net https://players.brightcove.net https://s1.adis.ws https://scormanywhere.secure.force.com https://appiniummastertrial.secure.force.com https://*.a.forceusercontent.com/lightningmaps/ https://location.force.com; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

akamai-grn
0.99a02417.1667394478.6e506054
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
content-encoding
gzip
content-length
32883
content-security-policy
upgrade-insecure-requests default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-nProzfHNb3MtEGpvxcMQ71uspEHIBkSS' https://service.force.com/embeddedservice/ import: blob: https://uip.canary.lwc.dev; object-src 'self' www.google.com; style-src 'self' 'unsafe-inline' https://service.force.com/embeddedservice/ https://fonts.googleapis.com/css2 https://fonts.googleapis.com/css blob:; img-src 'self' data: blob: https://finmatch.my.salesforce.com https://finmatch.file.force.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://login.salesforce.com/icons/ https://deu5.sfdc-yzvdd4.salesforce.com/icons/; media-src 'self'; frame-ancestors 'self'; frame-src 'self' https://service.force.com/embeddedservice/ https://deu5.sfdc-yzvdd4.salesforce.com https://sfdc-link-preview-staging.sfdc.sh https://sfdc-link-preview.hk.salesforce.com https://cdn.embedly.com https://www.youtube.com https://player.vimeo.com https://play.vidyard.com https://player.cloudinary.com https://fast.wistia.net https://players.brightcove.net https://s1.adis.ws https://scormanywhere.secure.force.com https://appiniummastertrial.secure.force.com https://*.a.forceusercontent.com/lightningmaps/ https://location.force.com; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self'
content-type
text/html;charset=UTF-8
date
Wed, 02 Nov 2022 13:07:59 GMT
expires
Tue, 02 Nov 2021 13:07:58 GMT
last-modified
Tue, 02 Nov 2021 13:07:58 GMT
link
</DealerOnboarding/s/sfsites/auraFW/javascript/izKqHkAqhQoblYy3lGicEA/aura_prod.js>;rel=preload;as=script;nopush,</DealerOnboarding/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AcommunityApp%22%2C%22serializationVersion%22%3A%221-240.1.7-2.20.6-b%22%2C%22parts%22%3A%22f%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AcommunityApp%22%3A%22qhg-A3zJ9vVezf_qIW5kuw%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22601638718%22%7D/app.js?2=>;rel=preload;as=script;nopush
referrer-policy
origin-when-cross-origin
server-timing
Total;dur=294
strict-transport-security
max-age=63072000; includeSubDomains
timing-allow-origin
*
vary
Origin, Accept-Encoding
x-cache-status
M
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-origin-cache-control
no-cache,must-revalidate,max-age=0,no-store,private
x-xss-protection
1; mode=block

Redirect headers

akamai-grn
0.99a02417.1667394478.6e505e28
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
content-length
0
content-security-policy
upgrade-insecure-requests
date
Wed, 02 Nov 2022 13:07:58 GMT
location
https://finmatch.my.site.com/DealerOnboarding/s/
referrer-policy
origin-when-cross-origin
strict-transport-security
max-age=63072000; includeSubDomains
x-cache-status
M
x-content-type-options
nosniff
x-origin-cache-control
no-cache,must-revalidate,max-age=0,no-store,private
x-xss-protection
1; mode=block
aura_prod.js
finmatch.my.site.com/DealerOnboarding/s/sfsites/auraFW/javascript/izKqHkAqhQoblYy3lGicEA/ 		796 KB
251 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://finmatch.my.site.com/DealerOnboarding/s/sfsites/auraFW/javascript/izKqHkAqhQoblYy3lGicEA/aura_prod.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3c68aece741f208227fbebc712f464cdd750772b50a7020fa64e4a95f81c751f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://finmatch.my.site.com/DealerOnboarding/s/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 02 Nov 2022 13:08:04 GMT
akamai-grn
0.99a02417.1667394479.6e50685d
x-cache-status
M
server-timing
Total;dur=31
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Tue, 01 Nov 2022 13:08:04 GMT
x-origin-cache-control
max-age=31536000,public,immutable
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=31536000
timing-allow-origin
*
app.js
finmatch.my.site.com/DealerOnboarding/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AcommunityApp%22%2C%22serializationVersion%22%3A%221-240.1.7-2.20.6-b%22%2C%22parts%22%3A%22... 		2 MB
525 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://finmatch.my.site.com/DealerOnboarding/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AcommunityApp%22%2C%22serializationVersion%22%3A%221-240.1.7-2.20.6-b%22%2C%22parts%22%3A%22f%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AcommunityApp%22%3A%22qhg-A3zJ9vVezf_qIW5kuw%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22601638718%22%7D/app.js?2=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
89eebeb3a28c3ce659efb56bdf697fd8e722772ae1fba63e071551530bd70944
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://finmatch.my.site.com/DealerOnboarding/s/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 01 Nov 2022 13:07:59 GMT
date
Wed, 02 Nov 2022 13:07:59 GMT
akamai-grn
0.99a02417.1667394479.6e506860
x-origin-cache-control
max-age=31536000,public,immutable
x-cache-status
M
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-xss-protection
1; mode=block
fonts.css
finmatch.my.site.com/DealerOnboarding/s/sfsites/runtimedownload/ 		336 KB
242 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://finmatch.my.site.com/DealerOnboarding/s/sfsites/runtimedownload/fonts.css?lastMod=1629116061000&brandSet=e3ca37f0-7c60-4fdc-bb95-e46a96562ede
Requested by
Host: finmatch.my.site.com
URL: https://finmatch.my.site.com/DealerOnboarding/s/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f35bb8d5d817672bb8cf9d8230553ec80d25eaf608d4c93666f497262004f41a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://finmatch.my.site.com/DealerOnboarding/s/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Mon, 16 Aug 2021 12:14:21 GMT
date
Wed, 02 Nov 2022 13:07:59 GMT
akamai-grn
0.99a02417.1667394479.6e50685c
x-origin-cache-control
public,max-age=31536000
x-cache-status
M
vary
Accept-Encoding
content-type
text/css; charset=utf-8
cache-control
public, max-age=31535971
x-xss-protection
1; mode=block
expires
Thu, 02 Nov 2023 13:07:30 GMT
resources.js
finmatch.my.site.com/DealerOnboarding/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AcommunityApp%22%2C%22fwuid%22%3A%22izKqHkAqhQoblYy3lGicEA%22%2C%22loaded%22%3A%7B%22APPLICA... 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://finmatch.my.site.com/DealerOnboarding/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AcommunityApp%22%2C%22fwuid%22%3A%22izKqHkAqhQoblYy3lGicEA%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AcommunityApp%22%3A%22qhg-A3zJ9vVezf_qIW5kuw%22%7D%2C%22apce%22%3A1%2C%22apck%22%3A%22ugYR3qMZ96ViL0nsup7VZQ%22%2C%22mlr%22%3A1%2C%22pathPrefix%22%3A%22%2FDealerOnboarding%22%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22601638718%22%7D/resources.js?pv=1667021753000-1916106832&rv=1666091995000
Requested by
Host: finmatch.my.site.com
URL: https://finmatch.my.site.com/DealerOnboarding/s/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e220415dac0816c6cdbccbdaedad199a6a08d7753e963b8556e90475f74a0109
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://finmatch.my.site.com/DealerOnboarding/s/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 01 Nov 2022 13:07:59 GMT
date
Wed, 02 Nov 2022 13:07:59 GMT
akamai-grn
0.99a02417.1667394479.6e506905
x-origin-cache-control
max-age=31536000,private,immutable
x-cache-status
M
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000,private,immutable
content-length
1163
x-xss-protection
1; mode=block
bootstrap.js
finmatch.my.site.com/DealerOnboarding/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AcommunityApp%22%2C%22fwuid%22%3A%22izKqHkAqhQoblYy3lGicEA%22%2C%22loaded%22%3A%7B%22APPLICA... 		555 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://finmatch.my.site.com/DealerOnboarding/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AcommunityApp%22%2C%22fwuid%22%3A%22izKqHkAqhQoblYy3lGicEA%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AcommunityApp%22%3A%22qhg-A3zJ9vVezf_qIW5kuw%22%7D%2C%22apce%22%3A1%2C%22apck%22%3A%22ugYR3qMZ96ViL0nsup7VZQ%22%2C%22mlr%22%3A1%2C%22pathPrefix%22%3A%22%2FDealerOnboarding%22%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22601638718%22%7D/bootstrap.js?aura.attributes=%7B%22ac%22%3A%22%22%2C%22authenticated%22%3A%22false%22%2C%22brandingSetId%22%3A%22e3ca37f0-7c60-4fdc-bb95-e46a96562ede%22%2C%22formFactor%22%3A%22LARGE%22%2C%22isHybrid%22%3A%22false%22%2C%22language%22%3A%22de%22%2C%22pageId%22%3A%22d428add6-d3ba-4a37-8fe0-f1bb973ddbbc%22%2C%22publishedChangelistNum%22%3A%229%22%2C%22schema%22%3A%22Published%22%2C%22themeLayoutType%22%3A%22Home%22%2C%22viewType%22%3A%22Published%22%7D
Requested by
Host: finmatch.my.site.com
URL: https://finmatch.my.site.com/DealerOnboarding/s/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3977e3e0846c6eaf76cb42c4fceb4b507bae64d8a22f5babebb49142766e37db
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://finmatch.my.site.com/DealerOnboarding/s/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 01 Nov 2022 13:07:59 GMT
date
Wed, 02 Nov 2022 13:07:59 GMT
akamai-grn
0.99a02417.1667394479.6e506906
x-origin-cache-control
max-age=900,public
x-cache-status
M
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=866
x-xss-protection
1; mode=block
app.css
finmatch.my.site.com/DealerOnboarding/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AcommunityApp%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AcommunityAp... 		984 KB
122 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://finmatch.my.site.com/DealerOnboarding/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AcommunityApp%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AcommunityApp%22%3A%22qhg-A3zJ9vVezf_qIW5kuw%22%7D%2C%22styleContext%22%3A%7B%22c%22%3A%22webkit%22%2C%22x%22%3A%5B%22isDesktop%22%5D%2C%22tokens%22%3A%5B%22markup%3A%2F%2Fsiteforce%3AserializedTokens%22%2C%22markup%3A%2F%2Fforce%3AsldsTokens%22%2C%22markup%3A%2F%2Fsiteforce%3AcommunityTokens%22%2C%22markup%3A%2F%2Fforce%3AformFactorLarge%22%2C%22markup%3A%2F%2Fsiteforce%3AcommunityFormFactorLarge%22%2C%22markup%3A%2F%2Fsiteforce%3AauraDynamicTokens%22%2C%22markup%3A%2F%2Fsiteforce%3AsldsFontOverride%22%5D%2C%22tuid%22%3A%22izIYdQ7VRn0HeW5h6IDfqA%22%2C%22cuid%22%3A1246500944%7D%2C%22pathPrefix%22%3A%22%2FDealerOnboarding%22%7D/app.css?2=&aura.attributes=%7B%22ac%22%3A%22%22%2C%22authenticated%22%3A%22false%22%2C%22brandingSetId%22%3A%22e3ca37f0-7c60-4fdc-bb95-e46a96562ede%22%2C%22formFactor%22%3A%22LARGE%22%2C%22isHybrid%22%3A%22false%22%2C%22language%22%3A%22de%22%2C%22pageId%22%3A%22d428add6-d3ba-4a37-8fe0-f1bb973ddbbc%22%2C%22publishedChangelistNum%22%3A%229%22%2C%22schema%22%3A%22Published%22%2C%22themeLayoutType%22%3A%22Home%22%2C%22viewType%22%3A%22Published%22%7D
Requested by
Host: finmatch.my.site.com
URL: https://finmatch.my.site.com/DealerOnboarding/s/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4a4c87e332f7aec62920162d72106b9c30aa00c4deba21b90929d06a593806cf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://finmatch.my.site.com/DealerOnboarding/s/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 01 Nov 2022 13:07:59 GMT
date
Wed, 02 Nov 2022 13:07:59 GMT
akamai-grn
0.99a02417.1667394479.6e506c96
x-origin-cache-control
max-age=31536000,public,immutable
x-cache-status
M
vary
Accept-Encoding
content-type
text/css;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-xss-protection
1; mode=block
aura
finmatch.my.site.com/DealerOnboarding/s/sfsites/ 		69 KB
15 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://finmatch.my.site.com/DealerOnboarding/s/sfsites/aura?message=%7B%22actions%22%3A%5B%7B%22descriptor%22%3A%22serviceComponent%3A%2F%2Fui.comm.runtime.components.aura.components.siteforce.controller.PubliclyCacheableComponentLoaderController%2FACTION%24getPageComponent%22%2C%22callingDescriptor%22%3A%22UNKNOWN%22%2C%22params%22%3A%7B%22attributes%22%3A%7B%22viewId%22%3A%224449673e-7c6e-4364-a2f1-67f5eda87694%22%2C%22routeType%22%3A%22home%22%2C%22themeLayoutType%22%3A%22Home%22%2C%22params%22%3A%7B%22viewid%22%3A%22360480b1-98d1-4b92-ba97-8e6835e369ff%22%2C%22view_uddid%22%3A%22%22%2C%22entity_name%22%3A%22%22%2C%22audience_name%22%3A%22%22%2C%22picasso_id%22%3A%22%22%2C%22routeId%22%3A%22%22%7D%2C%22hasAttrVaringCmps%22%3Afalse%2C%22pageLoadType%22%3A%22STANDARD_PAGE_CONTENT%22%2C%22includeLayout%22%3Atrue%7D%2C%22publishedChangelistNum%22%3A9%2C%22brandingSetId%22%3A%22e3ca37f0-7c60-4fdc-bb95-e46a96562ede%22%7D%7D%5D%7D&aura.context=%7B%22mode%22%3A%22PROD%22%2C%22fwuid%22%3A%22izKqHkAqhQoblYy3lGicEA%22%2C%22app%22%3A%22siteforce%3AcommunityApp%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AcommunityApp%22%3A%22qhg-A3zJ9vVezf_qIW5kuw%22%7D%2C%22apck%22%3A%22ugYR3qMZ96ViL0nsup7VZQ%22%2C%22uad%22%3Afalse%7D&aura.isAction=true
Requested by
Host: finmatch.my.site.com
URL: https://finmatch.my.site.com/DealerOnboarding/s/sfsites/auraFW/javascript/izKqHkAqhQoblYy3lGicEA/aura_prod.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
061ea85d756ec1fb4307cea927bb8d2355124efc883acd161a085e16bc91a4e0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://finmatch.my.site.com/DealerOnboarding/s/
accept-language
de-DE,de;q=0.9
X-SFDC-Page-Scope-Id
8a1e011b-c659-4851-b6d2-a3a2263ff626
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 02 Nov 2022 13:08:05 GMT
akamai-grn
0.99a02417.1667394484.6e50eec8
x-cache-status
M
content-length
14977
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Tue, 01 Nov 2022 13:08:05 GMT
x-origin-cache-control
max-age=1800,public
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=1782
expires
Wed, 02 Nov 2022 13:37:47 GMT
smartmatch_Logo_RGB
finmatch.my.site.com/DealerOnboarding/file-asset/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://finmatch.my.site.com/DealerOnboarding/file-asset/smartmatch_Logo_RGB?v=1&height=300&width=300
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Server /
Resource Hash
853fbdcc4e1f2c490a16611ad24d28557ac59e4087d289fa5d9d53c148638819

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://finmatch.my.site.com/DealerOnboarding/s/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 13:08:05 GMT
last-modified
Thu, 5 Aug 2021 09:05:08 GMT
server
Akamai Image Server
akamai-grn
0.99a02417.1667394484.6e50f5d6
x-origin-cache-control
public, max-age=3887976
x-cache-status
M
content-type
image/png
access-control-allow-origin
*
cache-control
public, private, max-age=300
x-akamai-note
original-image
content-length
2367
expires
Wed, 02 Nov 2022 13:13:05 GMT
truncated
/ 		45 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
336e47855a2634b17ab1e87428f96b51e21a434dca8c8327b47dc0fd2e0d3b51

Request headers

Referer
https://finmatch.my.site.com/
Origin
https://finmatch.my.site.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
application/x-font-woff
aura
finmatch.my.site.com/DealerOnboarding/s/sfsites/ 		85 KB
26 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://finmatch.my.site.com/DealerOnboarding/s/sfsites/aura?r=1&aura.Component.getComponent=1&ui-communities-components-aura-components-forceCommunity-navigationMenu.NavigationMenuDataProvider.getNavigationMenu=2&ui-communities-components-aura-components-forceCommunity-themeHeader.ThemeHeader.getHeaderConfig=1&ui-force-components-controllers-hostConfig.HostConfig.getConfigData=1
Requested by
Host: finmatch.my.site.com
URL: https://finmatch.my.site.com/DealerOnboarding/s/sfsites/auraFW/javascript/izKqHkAqhQoblYy3lGicEA/aura_prod.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c174aac8c8c9f751b65ba246ed8101764551dbd458a2b9b29fb92e8b2d721df0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://finmatch.my.site.com/DealerOnboarding/s/
X-SFDC-Page-Cache
c04db93c2f2c907f
accept-language
de-DE,de;q=0.9
X-SFDC-Page-Scope-Id
8a1e011b-c659-4851-b6d2-a3a2263ff626
X-SFDC-Request-Id
661080000074378962
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 02 Nov 2022 13:08:05 GMT
akamai-grn
0.99a02417.1667394484.6e50f6b0
x-cache-status
M
server-timing
Total;dur=824
content-length
26031
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Tue, 02 Nov 2021 13:08:05 GMT
x-origin-cache-control
no-cache,must-revalidate,max-age=0,no-store,private
vary
Origin, Accept-Encoding
content-type
application/json
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
timing-allow-origin
*
expires
Tue, 02 Nov 2021 13:08:05 GMT
aura
finmatch.my.site.com/DealerOnboarding/s/sfsites/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://finmatch.my.site.com/DealerOnboarding/s/sfsites/aura?r=2&ui-communities-components-aura-components-forceTopic-featuredTopicsDataProvider.FeaturedTopicsDataProvider.getFeaturedTopics=1
Requested by
Host: finmatch.my.site.com
URL: https://finmatch.my.site.com/DealerOnboarding/s/sfsites/auraFW/javascript/izKqHkAqhQoblYy3lGicEA/aura_prod.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
98f4da230baeb6f4cb9d9655fada71d4b50fb49f85d00a04c8debe9c21c642c4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://finmatch.my.site.com/DealerOnboarding/s/
X-SFDC-Page-Cache
c04db93c2f2c907f
accept-language
de-DE,de;q=0.9
X-SFDC-Page-Scope-Id
8a1e011b-c659-4851-b6d2-a3a2263ff626
X-SFDC-Request-Id
6904400000aa387898
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 02 Nov 2022 13:08:05 GMT
akamai-grn
0.99a02417.1667394485.6e50fcfe
x-cache-status
M
server-timing
Total;dur=55
content-length
767
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Tue, 02 Nov 2021 13:08:05 GMT
x-origin-cache-control
no-cache,must-revalidate,max-age=0,no-store,private
vary
Origin, Accept-Encoding
content-type
application/json
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
timing-allow-origin
*
expires
Tue, 02 Nov 2021 13:08:05 GMT
aura
finmatch.my.site.com/DealerOnboarding/s/sfsites/ 		1 MB
260 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://finmatch.my.site.com/DealerOnboarding/s/sfsites/aura?r=3&aura.Component.getComponentDef=1
Requested by
Host: finmatch.my.site.com
URL: https://finmatch.my.site.com/DealerOnboarding/s/sfsites/auraFW/javascript/izKqHkAqhQoblYy3lGicEA/aura_prod.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0e9cc7d7f379de3dd1399f275b5cbbd51fdb73371389ded257c300c2e1ffe990
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://finmatch.my.site.com/DealerOnboarding/s/
X-SFDC-Page-Cache
c04db93c2f2c907f
accept-language
de-DE,de;q=0.9
X-SFDC-Page-Scope-Id
8a1e011b-c659-4851-b6d2-a3a2263ff626
X-SFDC-Request-Id
7550800000dd405dc7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 02 Nov 2021 13:08:05 GMT
date
Wed, 02 Nov 2022 13:08:06 GMT
akamai-grn
0.99a02417.1667394485.6e510ecf
x-origin-cache-control
no-cache,must-revalidate,max-age=0,no-store,private
x-cache-status
M
vary
Origin, Accept-Encoding
content-type
application/json
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
x-xss-protection
1; mode=block
expires
Tue, 02 Nov 2021 13:08:05 GMT
aura
finmatch.my.site.com/DealerOnboarding/s/sfsites/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://finmatch.my.site.com/DealerOnboarding/s/sfsites/aura?r=4&ui-instrumentation-components-beacon.InstrumentationBeacon.sendData=1
Requested by
Host: finmatch.my.site.com
URL: https://finmatch.my.site.com/DealerOnboarding/s/sfsites/auraFW/javascript/izKqHkAqhQoblYy3lGicEA/aura_prod.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
473615078d862c98ec1ff13513810ce9eae329f005986b1ae9cfeb674abc1de0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://finmatch.my.site.com/DealerOnboarding/s/
X-SFDC-Page-Cache
c04db93c2f2c907f
accept-language
de-DE,de;q=0.9
X-SFDC-Page-Scope-Id
8a1e011b-c659-4851-b6d2-a3a2263ff626
X-SFDC-Request-Id
786350000004e03607
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 02 Nov 2022 13:08:06 GMT
akamai-grn
0.99a02417.1667394486.6e5116a3
x-cache-status
M
server-timing
Total;dur=111
content-length
984
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Tue, 02 Nov 2021 13:08:06 GMT
x-origin-cache-control
no-cache,must-revalidate,max-age=0,no-store,private
vary
Origin, Accept-Encoding
content-type
application/json
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
timing-allow-origin
*
expires
Tue, 02 Nov 2021 13:08:06 GMT
aura
finmatch.my.site.com/DealerOnboarding/s/sfsites/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://finmatch.my.site.com/DealerOnboarding/s/sfsites/aura?r=5&ui-comm-runtime-components-aura-components-siteforce-network-tracking.NetworkTracking.createLogRecord=1
Requested by
Host: finmatch.my.site.com
URL: https://finmatch.my.site.com/DealerOnboarding/s/sfsites/auraFW/javascript/izKqHkAqhQoblYy3lGicEA/aura_prod.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f78d23b1671d25d77d8dd09aad1d1dfe6c563bf0f2eb4ca15037729f7f9af088
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://finmatch.my.site.com/DealerOnboarding/s/
X-SFDC-Page-Cache
c04db93c2f2c907f
accept-language
de-DE,de;q=0.9
X-SFDC-Page-Scope-Id
8a1e011b-c659-4851-b6d2-a3a2263ff626
X-SFDC-Request-Id
7877500000cbd0f025
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 02 Nov 2022 13:08:06 GMT
akamai-grn
0.99a02417.1667394486.6e511776
x-cache-status
M
server-timing
Total;dur=114
content-length
797
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Tue, 02 Nov 2021 13:08:06 GMT
x-origin-cache-control
no-cache,must-revalidate,max-age=0,no-store,private
vary
Origin, Accept-Encoding
content-type
application/json
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
timing-allow-origin
*
expires
Tue, 02 Nov 2021 13:08:06 GMT

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| picassoSPA string| comm__attrVariationKey number| pageStartTime object| Aura object| AuraLocker object| AuraLockerDisabled object| $A object| aura function| DOMPurify function| Router function| _moreThenOneCriteria function| _isOnlyValidTokens function| _isNoAmbiguousAndOr function| _checkAmbiguousNum function| _checkParentheses function| _filterValidation function| _validate

10 Cookies

Domain/Path Name / Value
finmatch.my.site.com/DealerOnboarding/s Name: renderCtx
Value: %7B%22pageId%22%3A%22d428add6-d3ba-4a37-8fe0-f1bb973ddbbc%22%2C%22schema%22%3A%22Published%22%2C%22viewType%22%3A%22Published%22%2C%22brandingSetId%22%3A%22e3ca37f0-7c60-4fdc-bb95-e46a96562ede%22%2C%22audienceIds%22%3A%22%22%7D
finmatch.force.com/ Name: CookieConsentPolicy
Value: 0:1
finmatch.force.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
finmatch.my.site.com/ Name: CookieConsentPolicy
Value: 0:1
finmatch.my.site.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
finmatch.my.site.com/ Name: BrowserId
Value: X3eLZFqvEe2wZJHn9byLsA
finmatch.my.site.com/ Name: BrowserId_sec
Value: X3eLZFqvEe2wZJHn9byLsA
.my.site.com/ Name: ak_bmsc
Value: 872CA7BFE1441723CB24773AA06732C3~000000000000000000000000000000~YAAQmaAkF6WJKB2EAQAAsKN0OBGqcZ78vgSloXHJs1j2Z3n3Hd3GD9zVXFx9c4fx7XIPLN7zShmjGpKge34rvZLqPCDImGZohawTpiR8gAd6d7AbNiqNmABvb3B05ldRKUfNuFuTOjCaKTCmJ1LmHCwnzR5e845HyeLqY3CzL8FjpB8X7+Vb5A/q1F48qR1NE5UWyDN7mnDWMRf4ndsJlEZSOpEj9xCIHoA8C0temWIwwLB9xHdq+61REPAc38pKDJTwGwMxhHgOp80Zetz9bCIbfpDxWpPPncSnnoMvzPh2mIhxr3OwB3USnp9JGicawRNwaKvntpYmUi4/bsNdNbhHB/Iyd6ZBfd72SkLpU1pudQIAJkjsBkLQaoSsQ/II7G21pEGC5fAZcqEvxmGK9n6m8W5n
finmatch.my.site.com/ Name: pctrk
Value: 489ec224-a607-406e-a7ff-c91b3ea0d92a
.my.site.com/ Name: bm_sv
Value: 4691D526442F24CE4DFE15A7AEB1BA9B~YAAQmaAkF0iQKB2EAQAAbsB0OBHW/7ucZIuMoSNZ9e2eDMCJ27dxzl+2d36LhVC+UN4e86+2FSWvn24lYGl+OlDKn/hHXC5xLHGew+io64aJuVaU1Aj0IRgstrlhmmgcSQ+n7TGvV+69AYOOQ25XgCa1RDMAezI9byCcNN/zUJzFvpHXAMdt93FDfNhfKYKoaVCWd1unDSCA+uFcZrfMFac/dVTkrUysW19U1tbrcctvRWUAHVflR3YeZe9k+HvnIA==~1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-nProzfHNb3MtEGpvxcMQ71uspEHIBkSS' https://service.force.com/embeddedservice/ import: blob: https://uip.canary.lwc.dev; object-src 'self' www.google.com; style-src 'self' 'unsafe-inline' https://service.force.com/embeddedservice/ https://fonts.googleapis.com/css2 https://fonts.googleapis.com/css blob:; img-src 'self' data: blob: https://finmatch.my.salesforce.com https://finmatch.file.force.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://login.salesforce.com/icons/ https://deu5.sfdc-yzvdd4.salesforce.com/icons/; media-src 'self'; frame-ancestors 'self'; frame-src 'self' https://service.force.com/embeddedservice/ https://deu5.sfdc-yzvdd4.salesforce.com https://sfdc-link-preview-staging.sfdc.sh https://sfdc-link-preview.hk.salesforce.com https://cdn.embedly.com https://www.youtube.com https://player.vimeo.com https://play.vidyard.com https://player.cloudinary.com https://fast.wistia.net https://players.brightcove.net https://s1.adis.ws https://scormanywhere.secure.force.com https://appiniummastertrial.secure.force.com https://*.a.forceusercontent.com/lightningmaps/ https://location.force.com; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block