sandbox.leavefeedback.app Open in urlscan Pro
2606:4700::6812:ae3f  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response sandbox.leavefeedback.app/	2 KB 2 KB	533ms 402ms	Document text/html	2606:4700::6812:ae3f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sandbox.leavefeedback.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:ae3f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4e5e59413ec04bcee39736ab2816b10930535d79a966ecd784a14c5e47a67795 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *; script-src https://ajax.googleapis.com/ https://tileproxy.cloud.mapquest.com/ https://ajax.aspnetcdn.com/ 'report-sample' https://www.yextstatic.com/ https://www.googleapis.com/ https://edge.fullstory.com/ https://yexttest.atlassian.net/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com/ https://www.yext-static.com/ https://maps.googleapis.com/ https://www.mapquestapi.com/ 'unsafe-eval' 'self' https://assets.sitescdn.net/ https://apis.google.com/ https://www.google-analytics.com/ 'unsafe-inline'; report-uri /cspreports/error Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Mon, 06 Dec 2021 19:44:22 GMT content-type text/html; charset=utf-8 content-length 956 access-control-allow-origin * content-security-policy frame-ancestors 'self' *; script-src https://ajax.googleapis.com/ https://tileproxy.cloud.mapquest.com/ https://ajax.aspnetcdn.com/ 'report-sample' https://www.yextstatic.com/ https://www.googleapis.com/ https://edge.fullstory.com/ https://yexttest.atlassian.net/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com/ https://www.yext-static.com/ https://maps.googleapis.com/ https://www.mapquestapi.com/ 'unsafe-eval' 'self' https://assets.sitescdn.net/ https://apis.google.com/ https://www.google-analytics.com/ 'unsafe-inline'; report-uri /cspreports/error content-encoding gzip cache-control no-cache strict-transport-security max-age=31536000; includeSubDomains referrer-policy origin-when-cross-origin x-time 0.012 cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 6b980228cab2178a-FRA
GET H2	200	surveyserving.css sandbox.leavefeedback.app/survey/public/stylesheets/	31 KB 5 KB	143ms 142ms	Stylesheet text/css	2606:4700::6812:ae3f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sandbox.leavefeedback.app/survey/public/stylesheets/surveyserving.css Requested by Host: sandbox.leavefeedback.app URL: https://sandbox.leavefeedback.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:ae3f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5337f7da7e1c047f5d8af5a9faab59d50e8c88bd0c97858796d79c52b0e7819c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://sandbox.leavefeedback.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 19:44:22 GMT content-encoding gzip referrer-policy origin-when-cross-origin cf-cache-status DYNAMIC server cloudflare etag 2b17490fe216b159 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type text/css; charset=utf-8 cache-control no-cache cf-ray 6b98022b9fb9178a-FRA x-time 0.005 content-length 4552
GET H2	200	sentry-6.2.5.min.js Show response sandbox.leavefeedback.app/survey/public/javascripts/sentry/	66 KB 20 KB	149ms 148ms	Script application/javascript	2606:4700::6812:ae3f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sandbox.leavefeedback.app/survey/public/javascripts/sentry/sentry-6.2.5.min.js Requested by Host: sandbox.leavefeedback.app URL: https://sandbox.leavefeedback.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:ae3f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e64d2f94a461125431ab40a435e13023bfbba91d466c72fe9336ef3665319fa7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://sandbox.leavefeedback.app/ Origin https://sandbox.leavefeedback.app Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 19:44:22 GMT content-encoding gzip referrer-policy origin-when-cross-origin cf-cache-status DYNAMIC server cloudflare etag aba2853c0ba548fd expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript cache-control no-cache cf-ray 6b98022b9fbb178a-FRA x-time 0.007 content-length 20724
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/1.12.4/	95 KB 34 KB	33ms 9ms	Script text/javascript	2a00:1450:4001:827::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js Requested by Host: sandbox.leavefeedback.app URL: https://sandbox.leavefeedback.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://sandbox.leavefeedback.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 09:11:41 GMT content-encoding gzip x-content-type-options nosniff age 37961 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 33951 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Tue, 06 Dec 2022 09:11:41 GMT
GET H2	200	small-businesses.svg sandbox.leavefeedback.app/public/images/	921 B 645 B	148ms 147ms	Image image/svg+xml	2606:4700::6812:ae3f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sandbox.leavefeedback.app/public/images/small-businesses.svg Requested by Host: sandbox.leavefeedback.app URL: https://sandbox.leavefeedback.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:ae3f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 36893c9747f74e86bcbdf4341fd2c5cf800f1902dd0f5c7c762f2b9d97b0ab95 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://sandbox.leavefeedback.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 19:44:22 GMT content-encoding gzip referrer-policy origin-when-cross-origin cf-cache-status DYNAMIC last-modified Sat, 01 Jan 2000 00:00:00 GMT server cloudflare etag W/"946684800000--1407396275" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type image/svg+xml cache-control max-age=3600 cf-ray 6b98022c99cd178a-FRA x-time 0.007
GET H2	200	jquery-ui.min.js Show response ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/	248 KB 66 KB	9ms 8ms	Script text/javascript	2a00:1450:4001:827::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js Requested by Host: sandbox.leavefeedback.app URL: https://sandbox.leavefeedback.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://sandbox.leavefeedback.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Sun, 05 Dec 2021 13:47:55 GMT content-encoding gzip x-content-type-options nosniff age 107787 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 67948 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Mon, 05 Dec 2022 13:47:55 GMT
GET H2	200	surveyservingvendor.js Show response sandbox.leavefeedback.app/survey/public/js/	18 KB 6 KB	147ms 146ms	Script application/javascript	2606:4700::6812:ae3f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sandbox.leavefeedback.app/survey/public/js/surveyservingvendor.js Requested by Host: sandbox.leavefeedback.app URL: https://sandbox.leavefeedback.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:ae3f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a4ef19d6ed933a60f0c4d1027c1add55f85a3496bb9d60bd97446e28d55ae379 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://sandbox.leavefeedback.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 19:44:22 GMT content-encoding gzip referrer-policy origin-when-cross-origin cf-cache-status DYNAMIC server cloudflare etag f11f49d378ef4239 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript cache-control no-cache cf-ray 6b98022c89ae178a-FRA x-time 0.005 content-length 6016
GET H2	200	surveyserving.js Show response sandbox.leavefeedback.app/survey/public/js/	55 KB 15 KB	146ms 144ms	Script application/javascript	2606:4700::6812:ae3f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sandbox.leavefeedback.app/survey/public/js/surveyserving.js Requested by Host: sandbox.leavefeedback.app URL: https://sandbox.leavefeedback.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:ae3f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 48c7de511d5407fe1dd077cc3dc22674b7c655f1e8cd21d0e885922d91537527 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://sandbox.leavefeedback.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 19:44:22 GMT content-encoding gzip referrer-policy origin-when-cross-origin cf-cache-status DYNAMIC server cloudflare etag 8eb94fbfe00d6176 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript cache-control no-cache cf-ray 6b98022c99c8178a-FRA x-time 0.010 content-length 15208
GET H2	200	ga.js Show response www.google-analytics.com/	45 KB 17 KB	35ms 8ms	Script text/javascript	2a00:1450:4001:803::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/ga.js Requested by Host: sandbox.leavefeedback.app URL: https://sandbox.leavefeedback.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://sandbox.leavefeedback.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Tue, 02 Nov 2021 17:39:06 GMT server Golfe2 age 6182 date Mon, 06 Dec 2021 18:01:20 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 17168 expires Mon, 06 Dec 2021 20:01:20 GMT

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| Sentry object| __SENTRY__ object| _gaq string| pathname string| path function| $ function| jQuery object| _gat object| yext function| showProgressDialog function| hideProgressDialog function| showDelayedProgressDialog function| hideDelayedProgressDialog function| showDeleteDialog function| showErrorDialog function| showMessageDialog

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			sandbox.leavefeedback.app/	1969-12-31 23:59:59	Name: PLAY_YEXT_SESSION Value: fe922776f6374d514062ae3918eb9ba62c26cdaa-___AT=d15eed7bc51277696540487d544de47ce5a1cb0a
			.sandbox.leavefeedback.app/	1970-01-19 23:13:41	Name: __cf_bm Value: klqxdMca._tkjyQTI15ynzYLUIWRfJHxFU_ewNGarM0-1638819862-0-AXLxkitT0wrCPtEW6+MY9rOur3IyyGAmmYbm/tX7tR1tUFyOLpoK3f5rBFQunrdiUAWjkwk0hqOcmB/XRlmP4EuyVOV+5ICWC8BVBxJrb5SC

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' *; script-src https://ajax.googleapis.com/ https://tileproxy.cloud.mapquest.com/ https://ajax.aspnetcdn.com/ 'report-sample' https://www.yextstatic.com/ https://www.googleapis.com/ https://edge.fullstory.com/ https://yexttest.atlassian.net/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com/ https://www.yext-static.com/ https://maps.googleapis.com/ https://www.mapquestapi.com/ 'unsafe-eval' 'self' https://assets.sitescdn.net/ https://apis.google.com/ https://www.google-analytics.com/ 'unsafe-inline'; report-uri /cspreports/error
Strict-Transport-Security	max-age=31536000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
sandbox.leavefeedback.app
www.google-analytics.com
2606:4700::6812:ae3f
2a00:1450:4001:803::200e
2a00:1450:4001:827::200a
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
36893c9747f74e86bcbdf4341fd2c5cf800f1902dd0f5c7c762f2b9d97b0ab95
48c7de511d5407fe1dd077cc3dc22674b7c655f1e8cd21d0e885922d91537527
4e5e59413ec04bcee39736ab2816b10930535d79a966ecd784a14c5e47a67795
5337f7da7e1c047f5d8af5a9faab59d50e8c88bd0c97858796d79c52b0e7819c
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
a4ef19d6ed933a60f0c4d1027c1add55f85a3496bb9d60bd97446e28d55ae379
e64d2f94a461125431ab40a435e13023bfbba91d466c72fe9336ef3665319fa7