urlscan.io logo urlscan.io
SecurityTrails logo

www.gopuff.com Open in urlscan Pro
162.159.134.55  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://url5612.gopuff.com/uni/ls/click?upn=u001.SKXbDyFI8z2Xw4OYLnOHhAZENvboOP9kEMu6gOJ9BHyiIA32BSI3hVN9-2BCpfoIVWms89J0c-...
Effective URL: https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
Submission: On April 03 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 26 HTTP transactions. The main IP is 162.159.134.55, located in and belongs to CLOUDFLARENET, US. The main domain is www.gopuff.com. The Cisco Umbrella rank of the primary domain is 468586.
TLS certificate: Issued by E1 on February 23rd 2024. Valid for: 3 months.
This is the only time www.gopuff.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 162.159.133.55 13335 (CLOUDFLAR...)
1 1 52.186.45.66 8075 (MICROSOFT...)
13 162.159.134.55 13335 (CLOUDFLAR...)
4 2600:9000:212... 16509 (AMAZON-02)
6 151.101.195.9 54113 (FASTLY)
2 44.197.221.236 14618 (AMAZON-AES)
1 2600:9000:212... 16509 (AMAZON-02)
26 5
1    162.159.133.55 (None, )

ASN13335 (CLOUDFLARENET, US)
url5612.gopuff.com
1    52.186.45.66 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
link.gopuff.com
13    162.159.134.55 (None, )

ASN13335 (CLOUDFLARENET, US)
www.gopuff.com
assets.gopuff.com
4    2600:9000:2127:5800:2:8531:afc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.transcend.io
6    151.101.195.9 (United States)

ASN54113 (FASTLY, US)
sdk.split.io
2    44.197.221.236 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-197-221-236.compute-1.amazonaws.com
auth.split.io
1    2600:9000:2127:a00:a:de49:b100:93a1 (United States)

ASN16509 (AMAZON-02, US)
sync.transcend.io
Apex Domain
Subdomains		 Transfer
15 gopuff.com
url5612.gopuff.com
link.gopuff.com
www.gopuff.com — Cisco Umbrella Rank: 468586
assets.gopuff.com — Cisco Umbrella Rank: 817036
1 MB
8 split.io
sdk.split.io — Cisco Umbrella Rank: 2845
auth.split.io — Cisco Umbrella Rank: 3338
25 KB
5 transcend.io
cdn.transcend.io — Cisco Umbrella Rank: 6046
sync.transcend.io — Cisco Umbrella Rank: 16086
130 KB
26 3
Domain Requested by
7 www.gopuff.com www.gopuff.com
6 sdk.split.io assets.gopuff.com
6 assets.gopuff.com www.gopuff.com
assets.gopuff.com
4 cdn.transcend.io www.gopuff.com
cdn.transcend.io
2 auth.split.io assets.gopuff.com
1 sync.transcend.io cdn.transcend.io
1 link.gopuff.com 1 redirects
1 url5612.gopuff.com 1 redirects
26 8

This site contains no links.

Subject Issuer Validity Valid
www.gopuff.com
E1		 2024-02-23 -
2024-05-23		 3 months crt.sh
assets.gopuff.com
E1		 2024-02-23 -
2024-05-23		 3 months crt.sh
transcend.io
Amazon RSA 2048 M02		 2023-06-20 -
2024-07-18		 a year crt.sh
*.split.io
GlobalSign Atlas R3 DV TLS CA 2023 Q2		 2023-07-02 -
2024-08-02		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
Frame ID: 5600CFEE0349E7EC5B901DD11B6D6912
Requests: 21 HTTP requests in this frame

Frame: https://sync.transcend.io/consent-manager/13d6e594-09ab-4790-b3e6-920da30fad22
Frame ID: CAC01C0B61CF338517E2AA88D4FA5778
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Gopuff

Page URL History Show full URLs

  1. https://url5612.gopuff.com/uni/ls/click?upn=u001.SKXbDyFI8z2Xw4OYLnOHhAZENvboOP9kEMu6gOJ9BHyiIA32BSI3hV... HTTP 302
    https://link.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_camp... HTTP 301
    https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_camp... Page URL

Page Statistics

26
Requests

100 %
HTTPS

29 %
IPv6

3
Domains

8
Subdomains

5
IPs

2
Countries

1464 kB
Transfer

6215 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://url5612.gopuff.com/uni/ls/click?upn=u001.SKXbDyFI8z2Xw4OYLnOHhAZENvboOP9kEMu6gOJ9BHyiIA32BSI3hVN9-2BCpfoIVWms89J0c-2BYNNcwf4TNuklaRrbVTlxk5TdAzKiLp0P7cm-2FkMQApml8diRsxXQf2OZU5UeJUk3MmAl-2BopShr9aGW3upWv4P8XFCSsWGD5Hu9EM-3DZLRX_93kf5wZGrgQTbbpBCajFjFSSUBkZB48wdDDGzdh2nAw1HLHzPBUvdk30ldP4dQrwg6DqUdNN05pbLduhTVRLfaH22tbaT-2BvgdJQNLvTeQ6VIkbH5dtdr75Pn60sCY1M-2FVFaaFCE2YKtA2cCobV1eLlt8FqA1BY4ajJ3CcvPOXBJdDiWGNkaP4RE9vQDdVgP20TNE5BlO2BpiV1mupURi3xkUrdN9bff6dfGxNbN20wyAQCpqUOAON-2BmVtxKoUGlyALIrgAtff5X2aTsJ-2Fq-2B-2FptPjJsLuYDYBnE6PR4tHZv-2FxLgPmQkopzYmmT5Fu8hSF8yAWF2KJPAMOIFSrP8bBDi8ri0oxfpqW0soXcspe03rIvWc78kUDAgYDu0B0JKo8 HTTP 302
    https://link.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG HTTP 301
    https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request user-registration
www.gopuff.com/
Redirect Chain
  • https://url5612.gopuff.com/uni/ls/click?upn=u001.SKXbDyFI8z2Xw4OYLnOHhAZENvboOP9kEMu6gOJ9BHyiIA32BSI3hVN9-2BCpfoIVWms89J0c-2BYNNcwf4TNuklaRrbVTlxk5TdAzKiLp0P7cm-2FkMQApml8diRsxXQf2OZU5UeJUk3MmAl-2B...
  • https://link.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
  • https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
21 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
22aee7ed1a0175101b07f0ff7a03d937058c87d67ea4d9a481261f699b782547
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86ea82fbec7f1c19-FRA
content-encoding
br
content-security-policy
frame-ancestors 'none'
content-type
text/html; charset=utf-8
date
Wed, 03 Apr 2024 16:42:24 GMT
expect-ct
max-age=0
referrer-policy
no-referrer
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
14
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-powered-by
Express
x-xss-protection
0

Redirect headers

content-length
195
content-type
text/html
date
Wed, 03 Apr 2024 16:42:23 GMT
location
https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
server
Microsoft-Azure-Application-Gateway/v2
ABCGintoNormal-Black.61882648.ttf
www.gopuff.com/static/media/ 		147 KB
66 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.gopuff.com/static/media/ABCGintoNormal-Black.61882648.ttf
Requested by
Host: www.gopuff.com
URL: https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
4773d3f865ec95711f99954be9fcf03713f7e415f8362f33a3483a31ed7d072d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin
https://www.gopuff.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 16:42:24 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
age
592193
x-powered-by
Express
x-dns-prefetch-control
off
x-envoy-upstream-service-time
6
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
etag
W/"24be4-DXgjRLULjGaWw/uUchg/VA55Cb4"
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
font/ttf
access-control-allow-origin
https://www.gopuff.com
cache-control
public, max-age=604800
vary
Origin, Accept-Encoding
cf-ray
86ea82fced7c1c19-FRA
expires
Wed, 10 Apr 2024 16:42:24 GMT
ABCGintoNormal-BlackIta.8cf51e59.ttf
www.gopuff.com/static/media/ 		163 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.gopuff.com/static/media/ABCGintoNormal-BlackIta.8cf51e59.ttf
Requested by
Host: www.gopuff.com
URL: https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
a6beac3cfbad0626b8b494c0866c1179f1a5532c9ca35873570ba357341e5530
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin
https://www.gopuff.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 16:42:24 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
age
171712
x-powered-by
Express
x-dns-prefetch-control
off
x-envoy-upstream-service-time
47
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
etag
W/"28ad4-e0YEssf/oKrQJpunaC3idvDJy+k"
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
font/ttf
access-control-allow-origin
https://www.gopuff.com
cache-control
public, max-age=604800
vary
Origin, Accept-Encoding
cf-ray
86ea82fced801c19-FRA
expires
Wed, 10 Apr 2024 16:42:24 GMT
ABCGintoNormal-Bold.340a3748.ttf
www.gopuff.com/static/media/ 		147 KB
65 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.gopuff.com/static/media/ABCGintoNormal-Bold.340a3748.ttf
Requested by
Host: www.gopuff.com
URL: https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
6ecff75d04c051b11bbb0b45a365edc4593fcdaad0731a86ac52b493b1535cea
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin
https://www.gopuff.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 16:42:24 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
age
169787
x-powered-by
Express
x-dns-prefetch-control
off
x-envoy-upstream-service-time
8
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
etag
W/"24b24-za+DRSRIqrG39St7HBSva0ojThg"
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
font/ttf
access-control-allow-origin
https://www.gopuff.com
cache-control
public, max-age=86400
vary
Origin, Accept-Encoding
cf-ray
86ea82fced831c19-FRA
expires
Thu, 04 Apr 2024 16:42:24 GMT
ABCGintoNormal-Regular.16c4136b.ttf
www.gopuff.com/static/media/ 		134 KB
58 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.gopuff.com/static/media/ABCGintoNormal-Regular.16c4136b.ttf
Requested by
Host: www.gopuff.com
URL: https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
8260d10e68ab0038e16e40e1e0bb733a6d033c6a1e7f2eb114fd6f5a02dd9fd1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin
https://www.gopuff.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 16:42:24 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
age
598695
x-powered-by
Express
x-dns-prefetch-control
off
x-envoy-upstream-service-time
21
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
etag
W/"2176c-82Z9lCY7fH9o+Zlp13gTM1VMkq4"
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
font/ttf
access-control-allow-origin
https://www.gopuff.com
cache-control
public, max-age=604800
vary
Origin, Accept-Encoding
cf-ray
86ea82fced881c19-FRA
expires
Wed, 10 Apr 2024 16:42:24 GMT
Phosphor.c3e938e2.ttf
www.gopuff.com/static/media/ 		24 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.gopuff.com/static/media/Phosphor.c3e938e2.ttf
Requested by
Host: www.gopuff.com
URL: https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b71c78f48d966d97622f74842bf72938f6a41609beee67dd5293bd2d06c7fbbf
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin
https://www.gopuff.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 16:42:24 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
age
158547
x-powered-by
Express
x-dns-prefetch-control
off
x-envoy-upstream-service-time
43
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
etag
W/"60fc-0WutdQqnOwUrHf9GBsFFY2772Ak"
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
font/ttf
access-control-allow-origin
https://www.gopuff.com
cache-control
public, max-age=604800
vary
Origin, Accept-Encoding
cf-ray
86ea82fced891c19-FRA
expires
Wed, 10 Apr 2024 16:42:24 GMT
vendors.b8b78e3d.js
assets.gopuff.com/static/js/ 		2 MB
498 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.gopuff.com/static/js/vendors.b8b78e3d.js
Requested by
Host: www.gopuff.com
URL: https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
86d8988be7d324f8e2933b071bdc38f680045b26a2aaae2ab05c4727f23bc0af
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 16:42:24 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
age
3644
x-powered-by
Express
x-dns-prefetch-control
off
x-envoy-upstream-service-time
142
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
etag
W/"1cb527-4qTSNGLzzLTpzUNz46mklelf178"
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
vary
Origin, Accept-Encoding
cache-control
public, max-age=604800
cf-ray
86ea82fd2a8e9f11-FRA
expires
Wed, 10 Apr 2024 16:42:24 GMT
client.0ea77bee.js
assets.gopuff.com/static/js/ 		3 MB
472 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.gopuff.com/static/js/client.0ea77bee.js
Requested by
Host: www.gopuff.com
URL: https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
62624693b1d7b20ebf7dd49d6b58b21bdcc540890f64f0b62c0cd6476f5aa13e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 16:42:24 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
age
3643
x-powered-by
Express
x-dns-prefetch-control
off
x-envoy-upstream-service-time
126
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
etag
W/"2c9424-r/+bm8LXsF5PWyEo1BJP2YVukXo"
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
vary
Origin, Accept-Encoding
cache-control
public, max-age=604800
cf-ray
86ea82fd2a939f11-FRA
expires
Wed, 10 Apr 2024 16:42:24 GMT
client.7555592b.css
assets.gopuff.com/static/css/ 		147 B
550 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.gopuff.com/static/css/client.7555592b.css
Requested by
Host: www.gopuff.com
URL: https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
8027c912d6950893c3ec2256f5fd8fb8efa2eb2e85751c65c03d30da79cb8011
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 16:42:24 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
age
158547
x-powered-by
Express
x-dns-prefetch-control
off
x-envoy-upstream-service-time
45
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
etag
W/"93-HHukgHesquDOChtXRQFgG1QzZP0"
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
vary
Origin, Accept-Encoding
cache-control
public, max-age=604800
cf-ray
86ea82fd2a919f11-FRA
expires
Wed, 10 Apr 2024 16:42:24 GMT
airgap.js
cdn.transcend.io/cm/13d6e594-09ab-4790-b3e6-920da30fad22/ 		119 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.transcend.io/cm/13d6e594-09ab-4790-b3e6-920da30fad22/airgap.js
Requested by
Host: www.gopuff.com
URL: https://www.gopuff.com/user-registration?offer=cheers40&utm_source=drizly&utm_medium=email&utm_campaign=SG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:5800:2:8531:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
f431fcb4fb86d0de0007ac2598dca628426b49e495ebf1c4f3e794ed6210426d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 16:42:24 GMT
content-encoding
br
via
1.1 0c8bf5614b4bcc3e76982cb7ff9a7662.cloudfront.net (CloudFront)
referrer-policy
strict-origin-when-cross-origin
server
CloudFront
strict-transport-security
max-age=31536000
x-amz-cf-pop
PRG50-C1
x-content-type-options
nosniff
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
max-age=60,s-maxage=86400
x-amz-cf-id
uW5uKTrQ0BRTBvTq3rzWQ5Zcriy9aKBJA82dJpD4C7ROTosbpYQZAw==
x-xss-protection
1; mode=block
ui.js
cdn.transcend.io/cm/13d6e594-09ab-4790-b3e6-920da30fad22/ 		298 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.transcend.io/cm/13d6e594-09ab-4790-b3e6-920da30fad22/ui.js
Requested by
Host: cdn.transcend.io
URL: https://cdn.transcend.io/cm/13d6e594-09ab-4790-b3e6-920da30fad22/airgap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:5800:2:8531:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c89b05d4abcd86a6561acce80988c2a84a2e10b05c8f0e4e89d9c1a6c78eb6b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin
https://www.gopuff.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
8bRuhQw80g2j5DUSqLe.z2u_Q606HYBl
content-encoding
br
via
1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
date
Wed, 03 Apr 2024 07:22:20 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
PRG50-C1
age
33605
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-disposition
inline
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 02 Feb 2024 20:07:07 GMT
server
AmazonS3
etag
W/"07fdc5ca91fac7d08ac9766489cf4777-1"
x-frame-options
SAMEORIGIN
access-control-max-age
3600
access-control-allow-methods
GET
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
ETag
cache-control
max-age=60,s-maxage=86400
vary
Accept-Encoding
x-amz-cf-id
PUdbBN0r0mODli6Mm7UaAcBT1mv3uUw2ybRWX7wJsBNMNB4KGRnPEg==
cm.css
cdn.transcend.io/cm/13d6e594-09ab-4790-b3e6-920da30fad22/ 		17 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.transcend.io/cm/13d6e594-09ab-4790-b3e6-920da30fad22/cm.css
Requested by
Host: cdn.transcend.io
URL: https://cdn.transcend.io/cm/13d6e594-09ab-4790-b3e6-920da30fad22/ui.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:5800:2:8531:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bcc5af104ff102edcce64a02d95db5a44bd8d8e02599090e7c1b4a3d1b492c23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
X77NOJLPLI1.Ua6PxLiiG62ncgXipJBe
content-encoding
br
via
1.1 0c8bf5614b4bcc3e76982cb7ff9a7662.cloudfront.net (CloudFront)
date
Wed, 03 Apr 2024 03:04:28 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
PRG50-C1
age
49077
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-disposition
inline
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 02 Feb 2024 20:07:06 GMT
server
AmazonS3
etag
W/"debaea91d8593dd78d010ef3f5d16d37-1"
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=60,s-maxage=86400
x-amz-cf-id
ZghcvKMA5tGHO7dfFXLh69knM-zVvlRGiFwqqgIWOOyOU8lLH54c4w==
en.json
cdn.transcend.io/cm/13d6e594-09ab-4790-b3e6-920da30fad22/translations/ 		9 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.transcend.io/cm/13d6e594-09ab-4790-b3e6-920da30fad22/translations/en.json
Requested by
Host: cdn.transcend.io
URL: https://cdn.transcend.io/cm/13d6e594-09ab-4790-b3e6-920da30fad22/ui.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:5800:2:8531:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
16d438844902a7f496dd3828753e25a8086f221827f6337ee9bf13b10088ec89
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
QfWDha8WKWrPOMRkgmRHziPu1HpHl4SH
content-encoding
br
via
1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
date
Wed, 03 Apr 2024 05:52:21 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
PRG50-C1
age
39004
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-disposition
inline
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 02 Feb 2024 20:07:06 GMT
server
AmazonS3
etag
W/"c3e51313286a9bc6ce3f34b06e2c3c62-1"
x-frame-options
SAMEORIGIN
access-control-max-age
3600
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
ETag
cache-control
max-age=60,s-maxage=86400
vary
Accept-Encoding
x-amz-cf-id
Ph_N3AYst6KfNl-l2TphDRQP7-VG2SkbUe2ZBVm7XsH8v8OquA37Sw==
vendorsShared-node_modules_datadog_browser-core_esm_boot_init_js-node_modules_datadog_browser-7007c6.ca8e02f6.chunk.js
assets.gopuff.com/static/js/ 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.gopuff.com/static/js/vendorsShared-node_modules_datadog_browser-core_esm_boot_init_js-node_modules_datadog_browser-7007c6.ca8e02f6.chunk.js
Requested by
Host: assets.gopuff.com
URL: https://assets.gopuff.com/static/js/client.0ea77bee.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c3fffb58f3a0ebae4453b278ec79e494c937cb65d5560de5d4dc3cfbd9b70b25
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 16:42:25 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
age
596978
x-powered-by
Express
x-dns-prefetch-control
off
x-envoy-upstream-service-time
49
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
etag
W/"aeb6-rSxCZdLf+TvGm3ZqxRbLutifLEU"
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
vary
Origin, Accept-Encoding
cache-control
public, max-age=604800
cf-ray
86ea8302391b9f11-FRA
expires
Wed, 10 Apr 2024 16:42:25 GMT
vendorsShared-node_modules_datadog_browser-rum_esm_entries_main_js.be9d19ab.chunk.js
assets.gopuff.com/static/js/ 		103 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.gopuff.com/static/js/vendorsShared-node_modules_datadog_browser-rum_esm_entries_main_js.be9d19ab.chunk.js
Requested by
Host: assets.gopuff.com
URL: https://assets.gopuff.com/static/js/client.0ea77bee.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
161a0b1dca060855ebef3b5a60a7d650c6b03a14e1e9b164998d23dfdae9743b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 16:42:25 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
age
596978
x-powered-by
Express
x-dns-prefetch-control
off
x-envoy-upstream-service-time
64
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
etag
W/"19b8a-eKJUx0nDgVyXE//HOU9NxKgIhgM"
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
vary
Origin, Accept-Encoding
cache-control
public, max-age=604800
cf-ray
86ea8302391e9f11-FRA
expires
Wed, 10 Apr 2024 16:42:25 GMT
vendorsShared-node_modules_datadog_browser-logs_esm_entries_main_js.bb4205b1.chunk.js
assets.gopuff.com/static/js/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.gopuff.com/static/js/vendorsShared-node_modules_datadog_browser-logs_esm_entries_main_js.bb4205b1.chunk.js
Requested by
Host: assets.gopuff.com
URL: https://assets.gopuff.com/static/js/client.0ea77bee.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
ad241cb4788cf90939d242295eff8fdb99d919b7905c1e6ec9249a7bbb59370d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 16:42:25 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
age
596978
x-powered-by
Express
x-dns-prefetch-control
off
x-envoy-upstream-service-time
45
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
etag
W/"2e20-hK/OrQRUj1pYRN7pTJVMBTJR8G8"
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
vary
Origin, Accept-Encoding
cache-control
public, max-age=604800
cf-ray
86ea830239239f11-FRA
expires
Wed, 10 Apr 2024 16:42:25 GMT
default-init
sdk.split.io/api/mySegments/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.split.io/api/mySegments/default-init
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.195.9 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://www.gopuff.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://www.gopuff.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
content-length
37
date
Wed, 03 Apr 2024 16:42:25 GMT
retry-after
0
server
Varnish
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-fra-eddf8230020-FRA
x-timer
S1712162545.266320,VS0,VE0
6fd75fdb
sdk.split.io/api/mySegments/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.split.io/api/mySegments/6fd75fdb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.195.9 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://www.gopuff.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://www.gopuff.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
content-length
37
date
Wed, 03 Apr 2024 16:42:25 GMT
retry-after
0
server
Varnish
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-fra-eddf8230020-FRA
x-timer
S1712162545.264948,VS0,VE0
splitChanges
sdk.split.io/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.split.io/api/splitChanges?since=-1&sets=frontend
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.195.9 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://www.gopuff.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://www.gopuff.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
content-length
37
date
Wed, 03 Apr 2024 16:42:25 GMT
retry-after
0
server
Varnish
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-fra-eddf8230020-FRA
x-timer
S1712162545.266219,VS0,VE0
default-init
sdk.split.io/api/mySegments/ 		17 B
430 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sdk.split.io/api/mySegments/default-init
Requested by
Host: assets.gopuff.com
URL: https://assets.gopuff.com/static/js/vendors.b8b78e3d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.195.9 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
SplitSDKVersion
browserjs-0.13.1
Authorization
Bearer jatd6vk55urv1va5lu7meh8kl74tov9utb8l
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Wed, 03 Apr 2024 16:42:25 GMT
age
199949
x-cache
MISS, HIT
content-length
41
x-served-by
cache-iad-kiad7000042-IAD, cache-fra-eddf8230020-FRA
x-timer
S1712162545.277567,VS0,VE1
etag
"1000002"
vary
Accept-Encoding, Origin, Authorization
trace
cache-iad-kiad7000042-IAD-f5719496-d9d1-4ac3-a881-18f3ed391a42; cache-fra-eddf8230156-FRA-5ad24117-665d-4916-a4d5-adcf50c3a648
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
x-cache-hits
0, 1
6fd75fdb
sdk.split.io/api/mySegments/ 		17 B
289 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sdk.split.io/api/mySegments/6fd75fdb
Requested by
Host: assets.gopuff.com
URL: https://assets.gopuff.com/static/js/vendors.b8b78e3d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.195.9 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
SplitSDKVersion
browserjs-0.13.1
Authorization
Bearer jatd6vk55urv1va5lu7meh8kl74tov9utb8l
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Wed, 03 Apr 2024 16:42:25 GMT
age
0
x-cache
MISS, MISS
content-length
41
x-served-by
cache-iad-kjyo7100051-IAD, cache-fra-eddf8230020-FRA
x-timer
S1712162545.277576,VS0,VE98
etag
"1000002"
vary
Accept-Encoding, Origin, Authorization
trace
cache-iad-kjyo7100051-IAD-957a85c1-46e8-4585-bc20-5b3c5b464349; cache-fra-eddf8230020-FRA-3682599f-c18d-430d-b3cd-ac93e10d7611
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
x-cache-hits
0, 0
splitChanges
sdk.split.io/api/ 		285 KB
23 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sdk.split.io/api/splitChanges?since=-1&sets=frontend
Requested by
Host: assets.gopuff.com
URL: https://assets.gopuff.com/static/js/vendors.b8b78e3d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.195.9 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8f9608374c44de6211f51a5c1194f022b3ad1b036c7052bdba37072ca41d97c9
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
SplitSDKVersion
browserjs-0.13.1
Authorization
Bearer jatd6vk55urv1va5lu7meh8kl74tov9utb8l
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Wed, 03 Apr 2024 16:42:25 GMT
age
4913
x-cache
HIT, HIT
content-length
23499
x-served-by
cache-iad-kcgs7200126-IAD, cache-fra-eddf8230020-FRA
last-modified
Wed, 03 Apr 2024 15:20:31 GMT
x-timer
S1712162545.277518,VS0,VE2
etag
"1712157631482"
vary
Accept-Encoding, Origin, Authorization
content-type
application/json; charset=utf-8
trace
cache-iad-kcgs7200126-IAD-c692acf1-dede-4973-acb3-7f1e11d06b37; cache-fra-eddf8230045-FRA-b2ad78d5-d5c9-4ebe-b8d4-6bc4ccf2192e
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
x-cache-hits
35, 1
auth
auth.split.io/api/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://auth.split.io/api/v2/auth?users=default-init&users=6fd75fdb
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.197.221.236 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-197-221-236.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15770000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://www.gopuff.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion
Access-Control-Allow-Methods
GET, OPTIONS
Access-Control-Allow-Origin
https://www.gopuff.com
Connection
keep-alive
Content-Length
4
Content-Type
application/json; charset=utf-8
Date
Wed, 03 Apr 2024 16:42:25 GMT
Strict-Transport-Security
max-age=15770000; includeSubDomains
content-security-policy
frame-ancestors 'self'
x-content-type-options
nosniff
x-frame-options
DENY
x-permitted-cross-domain-policies
master-only
auth
auth.split.io/api/v2/ 		696 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://auth.split.io/api/v2/auth?users=default-init&users=6fd75fdb
Requested by
Host: assets.gopuff.com
URL: https://assets.gopuff.com/static/js/vendors.b8b78e3d.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.197.221.236 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-197-221-236.compute-1.amazonaws.com
Software
/
Resource Hash
56df8b8edf2da8c759fda51480743efb7deb92e3b2a763d4ab03689a69ea4d01
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15770000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
SplitSDKVersion
browserjs-0.13.1
Authorization
Bearer jatd6vk55urv1va5lu7meh8kl74tov9utb8l
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Apr 2024 16:42:25 GMT
Strict-Transport-Security
max-age=15770000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
x-permitted-cross-domain-policies
master-only
x-frame-options
DENY
Access-Control-Allow-Methods
GET, OPTIONS
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.gopuff.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion
Content-Length
696
13d6e594-09ab-4790-b3e6-920da30fad22
sync.transcend.io/consent-manager/ Frame CAC0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.transcend.io/consent-manager/13d6e594-09ab-4790-b3e6-920da30fad22
Requested by
Host: cdn.transcend.io
URL: https://cdn.transcend.io/cm/13d6e594-09ab-4790-b3e6-920da30fad22/airgap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:a00:a:de49:b100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
age
44573
content-disposition
inline
content-length
363
content-type
application/xhtml+xml
date
Wed, 03 Apr 2024 04:19:33 GMT
etag
"896434dce3192e11213b4c6976f2fd31-1"
last-modified
Fri, 02 Feb 2024 20:07:04 GMT
server
AmazonS3
vary
Accept-Encoding Origin
via
1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
x-amz-cf-id
wTCD_PssbgjRODx85rl2OOjCdptXnUJ8P5826-mAKQhWoEkF6i17sg==
x-amz-cf-pop
PRG50-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
fdHxffh5qBYjU8CbyCb.wUBZme_ye_Cd
x-cache
Hit from cloudfront
favicon.ico
www.gopuff.com/ 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.gopuff.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
23e7fee56c4a92d2afbd0d53dc0699e3c756eb445273e8f560752f4e907dbf61
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 16:42:25 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
x-powered-by
Express
x-dns-prefetch-control
off
x-envoy-upstream-service-time
8
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Wed, 03 Apr 2024 15:00:28 GMT
server
cloudflare
etag
W/"746-18ea479c6e0"
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
image/x-icon
vary
Accept-Encoding
cache-control
public, max-age=3600
cf-ray
86ea8304ce001c19-FRA
expires
Wed, 03 Apr 2024 17:42:25 GMT

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| env string| __SSR_REQUEST_ID__ string| __SSR_URL__ string| __SSR_UA__ undefined| __SSR_BREAKPOINT__ string| __SSR_ASSET_ORIGIN__ boolean| __SSR_CAPTCHA_REQ__ boolean| __SSR_SHOULD_HYDRATE__ undefined| __SSR_SPLIT_CACHE__ undefined| __URQL_DATA__ object| transcend object| __LOADABLE_LOADED_CHUNKS__ object| client number| __NUMBER_OF_JOTAI_INSTANCES__ function| _makeShareableClone function| _scheduleOnJS boolean| _WORKLET function| _log function| ExpoModulesCore_CodedError object| __react_navigation__elements_contexts object| REACT_NAVIGATION_DEVTOOLS object| _frameCallbackRegistry object| _frameTimestamp function| getUrqlCacheState boolean| __reactResponderSystemActive object| DD_LOGS object| DD_RUM

6 Cookies

Domain/Path Name / Value
.gopuff.com/ Name: __cf_bm
Value: aHzac.DirsJE373MqXroYQAguyL2LyHpS8lxaT1FDAY-1712162543-1.0.1.1-7CdR6DWDFb88wyUPM4PBcK4H0Z.tpeCibt844DNZcwYbPdnJdiUdaDI3nSWVawo0x7JnVkifoSy95LEcAZpCdA
www.gopuff.com/ Name: ajs_anonymous_id
Value: 6fd75fdb-622d-463f-8782-3d8a920835cf
www.gopuff.com/ Name: device_id
Value: 72ad55cd-7c9b-4ca8-8ac6-95e553295466
www.gopuff.com/ Name: session_id
Value: 3112fe85-57d8-475b-b4e5-c23f9ff62a19
www.gopuff.com/ Name: single_session_id
Value: 04b6ca87-0e7a-4cbf-8b71-7d9bb662273c
www.gopuff.com/ Name: _dd_s
Value: logs=1&id=8eb8101e-312d-4bef-97ee-7186cd62b4e8&created=1712162545263&expire=1712163445263

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.gopuff.com
auth.split.io
cdn.transcend.io
link.gopuff.com
sdk.split.io
sync.transcend.io
url5612.gopuff.com
www.gopuff.com
151.101.195.9
162.159.133.55
162.159.134.55
2600:9000:2127:5800:2:8531:afc0:93a1
2600:9000:2127:a00:a:de49:b100:93a1
44.197.221.236
52.186.45.66
161a0b1dca060855ebef3b5a60a7d650c6b03a14e1e9b164998d23dfdae9743b
16d438844902a7f496dd3828753e25a8086f221827f6337ee9bf13b10088ec89
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
22aee7ed1a0175101b07f0ff7a03d937058c87d67ea4d9a481261f699b782547
23e7fee56c4a92d2afbd0d53dc0699e3c756eb445273e8f560752f4e907dbf61
4773d3f865ec95711f99954be9fcf03713f7e415f8362f33a3483a31ed7d072d
56df8b8edf2da8c759fda51480743efb7deb92e3b2a763d4ab03689a69ea4d01
62624693b1d7b20ebf7dd49d6b58b21bdcc540890f64f0b62c0cd6476f5aa13e
6ecff75d04c051b11bbb0b45a365edc4593fcdaad0731a86ac52b493b1535cea
8027c912d6950893c3ec2256f5fd8fb8efa2eb2e85751c65c03d30da79cb8011
8260d10e68ab0038e16e40e1e0bb733a6d033c6a1e7f2eb114fd6f5a02dd9fd1
86d8988be7d324f8e2933b071bdc38f680045b26a2aaae2ab05c4727f23bc0af
8f9608374c44de6211f51a5c1194f022b3ad1b036c7052bdba37072ca41d97c9
a6beac3cfbad0626b8b494c0866c1179f1a5532c9ca35873570ba357341e5530
ad241cb4788cf90939d242295eff8fdb99d919b7905c1e6ec9249a7bbb59370d
b71c78f48d966d97622f74842bf72938f6a41609beee67dd5293bd2d06c7fbbf
bcc5af104ff102edcce64a02d95db5a44bd8d8e02599090e7c1b4a3d1b492c23
c3fffb58f3a0ebae4453b278ec79e494c937cb65d5560de5d4dc3cfbd9b70b25
c89b05d4abcd86a6561acce80988c2a84a2e10b05c8f0e4e89d9c1a6c78eb6b2
f431fcb4fb86d0de0007ac2598dca628426b49e495ebf1c4f3e794ed6210426d