alfred.buy-ondemand.com Open in urlscan Pro
23.99.12.114 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://alfred.buy-ondemand.com/
Effective URL:
https://alfred.buy-ondemand.com/
Submission: On April 21 via api (April 21st 2024, 11:54:21 pm UTC) from US — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 23.99.12.114, located in San Jose, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is alfred.buy-ondemand.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on June 6th 2023. Valid for: a year.

This is the only time alfred.buy-ondemand.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	23.99.12.114 23.99.12.114	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
8	2620:1ec:46::64 2620:1ec:46::64	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
14	3

4 23.99.12.114 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

alfred.buy-ondemand.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2620:1ec:46::64 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

ondemand-cdn-static-asset-prod-westus.rguest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	rguest.com ondemand-cdn-static-asset-prod-westus.rguest.com — Cisco Umbrella Rank: 327854	3 MB
4	buy-ondemand.com alfred.buy-ondemand.com	31 KB
14	2

	Domain	Requested by
8	ondemand-cdn-static-asset-prod-westus.rguest.com	alfred.buy-ondemand.com ondemand-cdn-static-asset-prod-westus.rguest.com
4	alfred.buy-ondemand.com	ondemand-cdn-static-asset-prod-westus.rguest.com
14	2

This site contains no links.

Subject Issuer	Validity	Valid
*.buy-ondemand.com Entrust Certification Authority - L1K	`2023-06-06` - `2024-06-24`	a year	crt.sh
ondemand-cdn-static-asset-prod-westus.rguest.com DigiCert TLS RSA SHA256 2020 CA1	`2023-11-03` - `2024-11-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://alfred.buy-ondemand.com/
Frame ID: AB224E665A22E397FB4B4DA96BA10DCE
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://alfred.buy-ondemand.com/ HTTP 307
https://alfred.buy-ondemand.com/ Page URL

Page Statistics

14
Requests

86 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

3462 kB
Transfer

12673 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://alfred.buy-ondemand.com/ HTTP 307
https://alfred.buy-ondemand.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
alfred.buy-ondemand.com/
Redirect Chain

http://alfred.buy-ondemand.com/
https://alfred.buy-ondemand.com/

9 KB
4 KB

622ms
197ms

Document
text/html

23.99.12.114
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://alfred.buy-ondemand.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.99.12.114 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

9a106d1cc998f388d4b6a9e618feefca79ace6bd9a76481e9fe0ab97a1f14f56

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .adobedtm.com .cardinalcommerce.com .google.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; font-src 'self' data: .gstatic.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; img-src 'self' data: .gstatic.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; script-src 'self' 'unsafe-inline' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .cardinalcommerce.com .cookielaw.org .googleapis.com .freedompay.com .cardinalcommerce.com .google-analytics.com .googletagmanager.com .google.com .facebook.net .stripe.com .nr-data.net .fontawesome.com .pingdom.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; style-src 'self' 'unsafe-inline' .dcap.com .shift4test.com .i4go.com .googleapis.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; connect-src 'self' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .google.com google.com .cardinalcommerce.com .google-analytics.com .facebook.com .disneylandparis.com .disney.com .locize.io .nr-data.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .fontawesome.com .rguest.eu .pingdom.net .onetrust.com .cookielaw.org; frame-ancestors 'self' .istay.io .dcap.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; form-action 'self' .dcap.com .facebook.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; frame-src 'self' intent: .naver.com .dcap.com .samsung.com .hyundaicard.com .hanacard.co.kr .vpay.co.kr .wooricard.com .kbcard.com .nonghyup.com .lottecard.co.kr .samsungcard.co.kr .citibank.co.kr .kakao.com .facebook.com .shift4test.com .i4go.com .easypay.co.kr .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate, private
content-encoding: gzip
content-security-policy: default-src 'self' *.adobedtm.com *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
content-type: text/html; charset=utf-8
date: Sun, 21 Apr 2024 23:54:15 GMT
permissions-policy: geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin,accept-encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 4
x-frame-options: deny
x-xss-protection: 1; mode=block

Redirect headers

Location: https://alfred.buy-ondemand.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 app-c957db7d91d9192e2981.css
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/ 3 MB
829 KB 1360ms
1144ms Stylesheet
text/css 2620:1ec:46::64
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-c957db7d91d9192e2981.css

Requested by

Host: alfred.buy-ondemand.com
URL: https://alfred.buy-ondemand.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

ea9a1d1e8faf7e80c4355a14834125dfc5a300d828fc6d284afd0c4017c9ee83

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .adobedtm.com .cardinalcommerce.com .google.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; font-src 'self' data: .gstatic.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; img-src 'self' data: .gstatic.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; script-src 'self' 'unsafe-inline' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .cardinalcommerce.com .cookielaw.org .googleapis.com .freedompay.com .cardinalcommerce.com .google-analytics.com .googletagmanager.com .google.com .facebook.net .stripe.com .nr-data.net .fontawesome.com .pingdom.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; style-src 'self' 'unsafe-inline' .dcap.com .shift4test.com .i4go.com .googleapis.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; connect-src 'self' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .google.com google.com .cardinalcommerce.com .google-analytics.com .facebook.com .disneylandparis.com .disney.com .locize.io .nr-data.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .fontawesome.com .rguest.eu .pingdom.net .onetrust.com .cookielaw.org; frame-ancestors 'self' .istay.io .dcap.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; form-action 'self' .dcap.com .facebook.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; frame-src 'self' intent: .naver.com .dcap.com .samsung.com .hyundaicard.com .hanacard.co.kr .vpay.co.kr .wooricard.com .kbcard.com .nonghyup.com .lottecard.co.kr .samsungcard.co.kr .citibank.co.kr .kakao.com .facebook.com .shift4test.com .i4go.com .easypay.co.kr .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://alfred.buy-ondemand.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 21 Apr 2024 23:54:17 GMT
content-security-policy: default-src 'self' *.adobedtm.com *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-cache: TCP_MISS
x-envoy-upstream-service-time: 5
x-fd-int-roxy-purgeid: 49673053
x-xss-protection: 1; mode=block
pragma: cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 15 Apr 2024 14:56:28 GMT
etag: "2fe0d12efd1f925a1a3d0c8677698204a40e224f-gzip"
x-frame-options: deny
vary: origin,accept-encoding
content-type: text/css; charset=utf-8
x-azure-ref: 20240421T235416Z-15ff4544644sjlxnw1m8dev1zg000000042000000000qv5u
access-control-allow-origin: *
cache-control: max-age=2592000
permissions-policy: geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
access-control-allow-headers: client_time, authorization

GET
H2 200 app-bundle-d2be408d99ef3513051e.js Show response
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/ 8 MB
2 MB 1358ms
1144ms Script
application/javascript 2620:1ec:46::64
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-d2be408d99ef3513051e.js

Requested by

Host: alfred.buy-ondemand.com
URL: https://alfred.buy-ondemand.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

cafdf7302f4a4919ebb0725c8292c0b6a478acb5315d7a9fac921905993c12f4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .adobedtm.com .cardinalcommerce.com .google.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; font-src 'self' data: .gstatic.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; img-src 'self' data: .gstatic.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; script-src 'self' 'unsafe-inline' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .cardinalcommerce.com .cookielaw.org .googleapis.com .freedompay.com .cardinalcommerce.com .google-analytics.com .googletagmanager.com .google.com .facebook.net .stripe.com .nr-data.net .fontawesome.com .pingdom.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; style-src 'self' 'unsafe-inline' .dcap.com .shift4test.com .i4go.com .googleapis.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; connect-src 'self' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .google.com google.com .cardinalcommerce.com .google-analytics.com .facebook.com .disneylandparis.com .disney.com .locize.io .nr-data.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .fontawesome.com .rguest.eu .pingdom.net .onetrust.com .cookielaw.org; frame-ancestors 'self' .istay.io .dcap.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; form-action 'self' .dcap.com .facebook.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; frame-src 'self' intent: .naver.com .dcap.com .samsung.com .hyundaicard.com .hanacard.co.kr .vpay.co.kr .wooricard.com .kbcard.com .nonghyup.com .lottecard.co.kr .samsungcard.co.kr .citibank.co.kr .kakao.com .facebook.com .shift4test.com .i4go.com .easypay.co.kr .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://alfred.buy-ondemand.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 21 Apr 2024 23:54:17 GMT
content-security-policy: default-src 'self' *.adobedtm.com *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-cache: TCP_MISS
x-envoy-upstream-service-time: 4
x-fd-int-roxy-purgeid: 49673053
x-xss-protection: 1; mode=block
pragma: cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 15 Apr 2024 14:56:28 GMT
etag: "ef73d5ccf7e36a0ace65570c9234b0108aa92b98-gzip"
x-frame-options: deny
vary: origin,accept-encoding
content-type: application/javascript; charset=utf-8
x-azure-ref: 20240421T235416Z-15ff4544644sjlxnw1m8dev1zg000000042000000000qv5v
access-control-allow-origin: *
cache-control: max-age=2592000
permissions-policy: geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
access-control-allow-headers: client_time, authorization

PUT
H2 200 anonymous Show response
alfred.buy-ondemand.com/api/login/ 7 B
3 KB 605ms
604ms XHR
text/html 23.99.12.114
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://alfred.buy-ondemand.com/api/login/anonymous

Requested by

Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-d2be408d99ef3513051e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.99.12.114 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c88a0b907419a70c27ab7c1f8e5fb54441a4d9c3567e4c928fa7b2091194aecf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .adobedtm.com .cardinalcommerce.com .google.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; font-src 'self' data: .gstatic.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; img-src 'self' data: .gstatic.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; script-src 'self' 'unsafe-inline' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .cardinalcommerce.com .cookielaw.org .googleapis.com .freedompay.com .cardinalcommerce.com .google-analytics.com .googletagmanager.com .google.com .facebook.net .stripe.com .nr-data.net .fontawesome.com .pingdom.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; style-src 'self' 'unsafe-inline' .dcap.com .shift4test.com .i4go.com .googleapis.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; connect-src 'self' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .google.com google.com .cardinalcommerce.com .google-analytics.com .facebook.com .disneylandparis.com .disney.com .locize.io .nr-data.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .fontawesome.com .rguest.eu .pingdom.net .onetrust.com .cookielaw.org; frame-ancestors 'self' .istay.io .dcap.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; form-action 'self' .dcap.com .facebook.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; frame-src 'self' intent: .naver.com .dcap.com .samsung.com .hyundaicard.com .hanacard.co.kr .vpay.co.kr .wooricard.com .kbcard.com .nonghyup.com .lottecard.co.kr .samsungcard.co.kr .citibank.co.kr .kakao.com .facebook.com .shift4test.com .i4go.com .easypay.co.kr .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
client_time: 2024-04-22T01:54:18+02:00
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://alfred.buy-ondemand.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 21 Apr 2024 23:54:18 GMT
content-security-policy: default-src 'self' *.adobedtm.com *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-token: eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnQtaWQiOiIyMTA3IiwicGxhdGZvcm0tYWNjZXNzLXRva2VuIjoiZXlKaGJHY2lPaUpJVXpVeE1pSjkuZXlKcWRHa2lPaUkwTkRGaVpETTBPUzA0TTJNMkxUUmlaV010WWpVd01pMDFNV05pWWpFek5XSmlaamNpTENKMGIydGxiaTEwZVhCbElqb2lRVU5EUlZOVElpd2lZWEJwTFdkaGRHVjNZWGt0Y0hKdlpIVmpkQ0k2SWxKSFZVVlRWRjlDVlZsZlJsVk1UQ0lzSW5SbGJtRnVkQzFwWkNJNklqSXhNRGNpTENKbGVIQnBjbUYwYVc5dUxXUmhkR1VpT2pFM01UTTNORGN5TlRnM09EbDkuMm0ySFRjWXpLSXRmZVgwZmxndHRSaWg1R3VDcTdTQ1ZmNS1mQlhRVFB2ZTBDREN1ZFB5ZndkMktacTdZVE5WT29RSy1GMGotQktHT216eGFzeEtmYVEiLCJpYXQiOjE3MTM3NDM2NTgsImV4cCI6MTcxMzc0NTQ1OH0.vQJfeYIDLd9Naw86vqoCccmPv_9Zuz6b9CLRZnXue_MyzWbpxpHa1nP2yCwDaWlyWGvySKx2qD8GF5rLe2L0UQ
x-envoy-upstream-service-time: 276
content-length: 7
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-frame-options: deny
vary: origin
refresh-token: eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnQtaWQiOiIyMTA3IiwicGxhdGZvcm0tcmVmcmVzaC10b2tlbiI6ImV5SmhiR2NpT2lKSVV6VXhNaUo5LmV5SnFkR2tpT2lKbVptSTVNV1kyTUMwNFlUaGxMVFF6TVRrdFlUazFOUzFtWkRjNE9XWTVNakkxTVRBaUxDSjBiMnRsYmkxMGVYQmxJam9pVWtWR1VrVlRTQ0lzSW1Gd2FTMW5ZWFJsZDJGNUxYQnliMlIxWTNRaU9pSlNSMVZGVTFSZlFsVlpYMFpWVEV3aUxDSjBaVzVoYm5RdGFXUWlPaUl5TVRBM0lpd2laWGh3YVhKaGRHbHZiaTFrWVhSbElqb3hOekV6T0RNd01EVTROemc1ZlEuRGxTempnMlo3TTIwOHF1SWdJQkRmTjRZZE96Rks3bDgzemZvaFdrRm5yYUxGR0xscm5PZGFsbDYzZHJHaUlnc2RQSXlZVFBaSGxDYTNuWjdMYnBrSVEiLCJpYXQiOjE3MTM3NDM2NTgsImV4cCI6MTcxMzgzMDA1OH0.oSzAEierxeURJGbHxcs3Vv2tF4SG8txrttIlIIKxcmF1Ekl-gtpnP6yvKq7-ICAiYkU91cONxaWBtscZf0kmvw
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, must-revalidate, private
permissions-policy: geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")

GET
H2 200 favicon
alfred.buy-ondemand.com/api/image/ 17 KB
19 KB 243ms
243ms Other
image/jpeg 23.99.12.114
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://alfred.buy-ondemand.com/api/image/favicon

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.99.12.114 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f407454135a3083b93c69bd31c2bd9b9ba7f84a067d121cb1348222ed7d824ca

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .adobedtm.com .cardinalcommerce.com .google.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; font-src 'self' data: .gstatic.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; img-src 'self' data: .gstatic.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; script-src 'self' 'unsafe-inline' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .cardinalcommerce.com .cookielaw.org .googleapis.com .freedompay.com .cardinalcommerce.com .google-analytics.com .googletagmanager.com .google.com .facebook.net .stripe.com .nr-data.net .fontawesome.com .pingdom.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; style-src 'self' 'unsafe-inline' .dcap.com .shift4test.com .i4go.com .googleapis.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; connect-src 'self' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .google.com google.com .cardinalcommerce.com .google-analytics.com .facebook.com .disneylandparis.com .disney.com .locize.io .nr-data.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .fontawesome.com .rguest.eu .pingdom.net .onetrust.com .cookielaw.org; frame-ancestors 'self' .istay.io .dcap.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; form-action 'self' .dcap.com .facebook.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; frame-src 'self' intent: .naver.com .dcap.com .samsung.com .hyundaicard.com .hanacard.co.kr .vpay.co.kr .wooricard.com .kbcard.com .nonghyup.com .lottecard.co.kr .samsungcard.co.kr .citibank.co.kr .kakao.com .facebook.com .shift4test.com .i4go.com .easypay.co.kr .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://alfred.buy-ondemand.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 21 Apr 2024 23:54:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.adobedtm.com *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-envoy-upstream-service-time: 49
content-disposition: attachment; filename=favicon.ico
x-xss-protection: 1; mode=block
x-request-id: 4365870123@
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
vary: origin
content-type: image/jpeg
cache-control: no-transform,max-age=31536000
permissions-policy: geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
expires: 0

GET
H2 200 1-678f6ebbec2ecf547061.css
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/ 21 KB
5 KB 708ms
707ms Stylesheet
text/css 2620:1ec:46::64
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/1-678f6ebbec2ecf547061.css

Requested by

Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-d2be408d99ef3513051e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

6fc4f54c474148b9c2a2a6a2f4031dd88ca6daa5e8c379d8642cdd1590613715

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .adobedtm.com .cardinalcommerce.com .google.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; font-src 'self' data: .gstatic.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; img-src 'self' data: .gstatic.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; script-src 'self' 'unsafe-inline' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .cardinalcommerce.com .cookielaw.org .googleapis.com .freedompay.com .cardinalcommerce.com .google-analytics.com .googletagmanager.com .google.com .facebook.net .stripe.com .nr-data.net .fontawesome.com .pingdom.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; style-src 'self' 'unsafe-inline' .dcap.com .shift4test.com .i4go.com .googleapis.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; connect-src 'self' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .google.com google.com .cardinalcommerce.com .google-analytics.com .facebook.com .disneylandparis.com .disney.com .locize.io .nr-data.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .fontawesome.com .rguest.eu .pingdom.net .onetrust.com .cookielaw.org; frame-ancestors 'self' .istay.io .dcap.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; form-action 'self' .dcap.com .facebook.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; frame-src 'self' intent: .naver.com .dcap.com .samsung.com .hyundaicard.com .hanacard.co.kr .vpay.co.kr .wooricard.com .kbcard.com .nonghyup.com .lottecard.co.kr .samsungcard.co.kr .citibank.co.kr .kakao.com .facebook.com .shift4test.com .i4go.com .easypay.co.kr .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://alfred.buy-ondemand.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 21 Apr 2024 23:54:19 GMT
content-security-policy: default-src 'self' *.adobedtm.com *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-cache: TCP_MISS
x-envoy-upstream-service-time: 2
x-fd-int-roxy-purgeid: 0
x-xss-protection: 1; mode=block
pragma: cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 15 Apr 2024 14:56:28 GMT
etag: "4cb2260fc0d60d01c5504e4cca1735933bebd37a-gzip"
x-frame-options: deny
vary: origin,accept-encoding
content-type: text/css; charset=utf-8
x-azure-ref: 20240421T235419Z-15ff4544644sjlxnw1m8dev1zg000000042000000000qv9r
access-control-allow-origin: *
cache-control: max-age=2592000
permissions-policy: geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
access-control-allow-headers: client_time, authorization

GET
H2 200 1-bundle-2be737c462729bc36745.js Show response
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/ 1 MB
176 KB 1026ms
1025ms Script
application/javascript 2620:1ec:46::64
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/1-bundle-2be737c462729bc36745.js

Requested by

Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-d2be408d99ef3513051e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

9d38fa3f2ada9535d36b2739402da369fe6344561bf8e8df47250f72cb31b8d9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .adobedtm.com .cardinalcommerce.com .google.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; font-src 'self' data: .gstatic.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; img-src 'self' data: .gstatic.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; script-src 'self' 'unsafe-inline' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .cardinalcommerce.com .cookielaw.org .googleapis.com .freedompay.com .cardinalcommerce.com .google-analytics.com .googletagmanager.com .google.com .facebook.net .stripe.com .nr-data.net .fontawesome.com .pingdom.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; style-src 'self' 'unsafe-inline' .dcap.com .shift4test.com .i4go.com .googleapis.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; connect-src 'self' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .google.com google.com .cardinalcommerce.com .google-analytics.com .facebook.com .disneylandparis.com .disney.com .locize.io .nr-data.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .fontawesome.com .rguest.eu .pingdom.net .onetrust.com .cookielaw.org; frame-ancestors 'self' .istay.io .dcap.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; form-action 'self' .dcap.com .facebook.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; frame-src 'self' intent: .naver.com .dcap.com .samsung.com .hyundaicard.com .hanacard.co.kr .vpay.co.kr .wooricard.com .kbcard.com .nonghyup.com .lottecard.co.kr .samsungcard.co.kr .citibank.co.kr .kakao.com .facebook.com .shift4test.com .i4go.com .easypay.co.kr .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://alfred.buy-ondemand.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 21 Apr 2024 23:54:20 GMT
content-security-policy: default-src 'self' *.adobedtm.com *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-cache: TCP_MISS
x-envoy-upstream-service-time: 4
x-fd-int-roxy-purgeid: 49673053
x-xss-protection: 1; mode=block
pragma: cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 15 Apr 2024 14:56:28 GMT
etag: "a5f003307bcb8b0154e2a0d82a587ed513d0ebcd-gzip"
x-frame-options: deny
vary: origin,accept-encoding
content-type: application/javascript; charset=utf-8
x-azure-ref: 20240421T235419Z-15ff4544644sjlxnw1m8dev1zg000000042000000000qv9s
access-control-allow-origin: *
cache-control: max-age=2592000
permissions-policy: geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
access-control-allow-headers: client_time, authorization

GET
H2 200 0-bundle-23e0a653f562ed10bcbf.js Show response
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/ 21 KB
7 KB 669ms
669ms Script
application/javascript 2620:1ec:46::64
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/0-bundle-23e0a653f562ed10bcbf.js

Requested by

Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-d2be408d99ef3513051e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

69d5588aad75f2ae343f9d406b6f07039e370a0d7994fc3862e0842c9a4e7256

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .adobedtm.com .cardinalcommerce.com .google.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; font-src 'self' data: .gstatic.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; img-src 'self' data: .gstatic.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; script-src 'self' 'unsafe-inline' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .cardinalcommerce.com .cookielaw.org .googleapis.com .freedompay.com .cardinalcommerce.com .google-analytics.com .googletagmanager.com .google.com .facebook.net .stripe.com .nr-data.net .fontawesome.com .pingdom.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; style-src 'self' 'unsafe-inline' .dcap.com .shift4test.com .i4go.com .googleapis.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; connect-src 'self' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .google.com google.com .cardinalcommerce.com .google-analytics.com .facebook.com .disneylandparis.com .disney.com .locize.io .nr-data.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .fontawesome.com .rguest.eu .pingdom.net .onetrust.com .cookielaw.org; frame-ancestors 'self' .istay.io .dcap.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; form-action 'self' .dcap.com .facebook.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; frame-src 'self' intent: .naver.com .dcap.com .samsung.com .hyundaicard.com .hanacard.co.kr .vpay.co.kr .wooricard.com .kbcard.com .nonghyup.com .lottecard.co.kr .samsungcard.co.kr .citibank.co.kr .kakao.com .facebook.com .shift4test.com .i4go.com .easypay.co.kr .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://alfred.buy-ondemand.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 21 Apr 2024 23:54:19 GMT
content-security-policy: default-src 'self' *.adobedtm.com *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-cache: TCP_MISS
x-envoy-upstream-service-time: 7
x-fd-int-roxy-purgeid: 0
x-xss-protection: 1; mode=block
pragma: cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 15 Apr 2024 14:56:28 GMT
etag: "830f50a04478cde8a0134244f326280813ab2df6-gzip"
x-frame-options: deny
vary: origin,accept-encoding
content-type: application/javascript; charset=utf-8
x-azure-ref: 20240421T235419Z-15ff4544644sjlxnw1m8dev1zg000000042000000000qv9t
access-control-allow-origin: *
cache-control: max-age=2592000
permissions-policy: geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
access-control-allow-headers: client_time, authorization

GET
H2 200 3-bundle-fc3d51a3f5d450cc5ff3.js Show response
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/ 76 KB
16 KB 844ms
844ms Script
application/javascript 2620:1ec:46::64
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/3-bundle-fc3d51a3f5d450cc5ff3.js

Requested by

Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-d2be408d99ef3513051e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

9db483439643c5d4f79225682e80fb3c6fe281ddc155567952dd31cdacd7de83

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .adobedtm.com .cardinalcommerce.com .google.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; font-src 'self' data: .gstatic.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; img-src 'self' data: .gstatic.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; script-src 'self' 'unsafe-inline' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .cardinalcommerce.com .cookielaw.org .googleapis.com .freedompay.com .cardinalcommerce.com .google-analytics.com .googletagmanager.com .google.com .facebook.net .stripe.com .nr-data.net .fontawesome.com .pingdom.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; style-src 'self' 'unsafe-inline' .dcap.com .shift4test.com .i4go.com .googleapis.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; connect-src 'self' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .google.com google.com .cardinalcommerce.com .google-analytics.com .facebook.com .disneylandparis.com .disney.com .locize.io .nr-data.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .fontawesome.com .rguest.eu .pingdom.net .onetrust.com .cookielaw.org; frame-ancestors 'self' .istay.io .dcap.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; form-action 'self' .dcap.com .facebook.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; frame-src 'self' intent: .naver.com .dcap.com .samsung.com .hyundaicard.com .hanacard.co.kr .vpay.co.kr .wooricard.com .kbcard.com .nonghyup.com .lottecard.co.kr .samsungcard.co.kr .citibank.co.kr .kakao.com .facebook.com .shift4test.com .i4go.com .easypay.co.kr .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://alfred.buy-ondemand.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 21 Apr 2024 23:54:19 GMT
content-security-policy: default-src 'self' *.adobedtm.com *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-cache: TCP_MISS
x-envoy-upstream-service-time: 14
x-fd-int-roxy-purgeid: 49673053
x-xss-protection: 1; mode=block
pragma: cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 15 Apr 2024 14:56:28 GMT
etag: "feef121f74a9ec88d171d3655775a2429742d99d-gzip"
x-frame-options: deny
vary: origin,accept-encoding
content-type: application/javascript; charset=utf-8
x-azure-ref: 20240421T235419Z-15ff4544644sjlxnw1m8dev1zg000000042000000000qv9u
access-control-allow-origin: *
cache-control: max-age=2592000
permissions-policy: geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
access-control-allow-headers: client_time, authorization

GET
H2 200 4-bundle-c1b204d1f65ddb48df60.js Show response
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/ 251 KB
48 KB 985ms
985ms Script
application/javascript 2620:1ec:46::64
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/4-bundle-c1b204d1f65ddb48df60.js

Requested by

Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-d2be408d99ef3513051e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

69f90bd73e00103c7d0173e4ad56da2501268d99472625e1f7adc740266027de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .adobedtm.com .cardinalcommerce.com .google.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; font-src 'self' data: .gstatic.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; img-src 'self' data: .gstatic.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; script-src 'self' 'unsafe-inline' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .cardinalcommerce.com .cookielaw.org .googleapis.com .freedompay.com .cardinalcommerce.com .google-analytics.com .googletagmanager.com .google.com .facebook.net .stripe.com .nr-data.net .fontawesome.com .pingdom.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; style-src 'self' 'unsafe-inline' .dcap.com .shift4test.com .i4go.com .googleapis.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; connect-src 'self' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .google.com google.com .cardinalcommerce.com .google-analytics.com .facebook.com .disneylandparis.com .disney.com .locize.io .nr-data.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .fontawesome.com .rguest.eu .pingdom.net .onetrust.com .cookielaw.org; frame-ancestors 'self' .istay.io .dcap.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; form-action 'self' .dcap.com .facebook.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; frame-src 'self' intent: .naver.com .dcap.com .samsung.com .hyundaicard.com .hanacard.co.kr .vpay.co.kr .wooricard.com .kbcard.com .nonghyup.com .lottecard.co.kr .samsungcard.co.kr .citibank.co.kr .kakao.com .facebook.com .shift4test.com .i4go.com .easypay.co.kr .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://alfred.buy-ondemand.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 21 Apr 2024 23:54:20 GMT
content-security-policy: default-src 'self' *.adobedtm.com *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-cache: TCP_MISS
x-envoy-upstream-service-time: 9
x-fd-int-roxy-purgeid: 0
x-xss-protection: 1; mode=block
pragma: cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 15 Apr 2024 14:56:28 GMT
etag: "aa02334dd96f6449a9228dc00a841cdba68e6e78-gzip"
x-frame-options: deny
vary: origin,accept-encoding
content-type: application/javascript; charset=utf-8
x-azure-ref: 20240421T235419Z-15ff4544644sjlxnw1m8dev1zg000000042000000000qv9v
access-control-allow-origin: *
cache-control: max-age=2592000
permissions-policy: geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
access-control-allow-headers: client_time, authorization

GET
H2 200 agilysys-icon-d4d803d5f5f166a21136c07d266fd006.ttf
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/ 256 KB
117 KB 1273ms
1148ms Font
font/ttf 2620:1ec:46::64
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/agilysys-icon-d4d803d5f5f166a21136c07d266fd006.ttf

Requested by

Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-c957db7d91d9192e2981.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

3acc573a80d88e155a6efd6488ec2f2f477496b00121cf206411f12509440fff

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .adobedtm.com .cardinalcommerce.com .google.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; font-src 'self' data: .gstatic.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; img-src 'self' data: .gstatic.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; script-src 'self' 'unsafe-inline' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .cardinalcommerce.com .cookielaw.org .googleapis.com .freedompay.com .cardinalcommerce.com .google-analytics.com .googletagmanager.com .google.com .facebook.net .stripe.com .nr-data.net .fontawesome.com .pingdom.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; style-src 'self' 'unsafe-inline' .dcap.com .shift4test.com .i4go.com .googleapis.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; connect-src 'self' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .google.com google.com .cardinalcommerce.com .google-analytics.com .facebook.com .disneylandparis.com .disney.com .locize.io .nr-data.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .fontawesome.com .rguest.eu .pingdom.net .onetrust.com .cookielaw.org; frame-ancestors 'self' .istay.io .dcap.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; form-action 'self' .dcap.com .facebook.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; frame-src 'self' intent: .naver.com .dcap.com .samsung.com .hyundaicard.com .hanacard.co.kr .vpay.co.kr .wooricard.com .kbcard.com .nonghyup.com .lottecard.co.kr .samsungcard.co.kr .citibank.co.kr .kakao.com .facebook.com .shift4test.com .i4go.com .easypay.co.kr .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-c957db7d91d9192e2981.css
Origin: https://alfred.buy-ondemand.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 21 Apr 2024 23:54:20 GMT
content-security-policy: default-src 'self' *.adobedtm.com *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-cache: TCP_MISS
x-envoy-upstream-service-time: 4
x-fd-int-roxy-purgeid: 49673053
x-xss-protection: 1; mode=block
pragma: cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 15 Apr 2024 14:56:28 GMT
etag: "c5ab8ed7eaba983f26065b9249cff894826f36ef-gzip"
x-frame-options: deny
vary: origin,accept-encoding
content-type: font/ttf
x-azure-ref: 20240421T235419Z-15ff45446442lt584u2re8p24000000001h0000000003qqc
access-control-allow-origin: *
cache-control: max-age=2592000
permissions-policy: geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
access-control-allow-headers: client_time, authorization

GET
DATA 200
OK truncated
/ 16 KB
16 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Request headers

Referer
Origin: https://alfred.buy-ondemand.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2

GET
H2 200 config Show response
alfred.buy-ondemand.com/api/ 5 KB
4 KB 203ms
202ms XHR
application/json 23.99.12.114
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://alfred.buy-ondemand.com/api/config

Requested by

Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-d2be408d99ef3513051e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.99.12.114 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a3da0a0cd882c7f7e5bde72efd7a13b325af65d236fd370deebbbc4146dfdaa6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .adobedtm.com .cardinalcommerce.com .google.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; font-src 'self' data: .gstatic.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; img-src 'self' data: .gstatic.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; script-src 'self' 'unsafe-inline' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .cardinalcommerce.com .cookielaw.org .googleapis.com .freedompay.com .cardinalcommerce.com .google-analytics.com .googletagmanager.com .google.com .facebook.net .stripe.com .nr-data.net .fontawesome.com .pingdom.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; style-src 'self' 'unsafe-inline' .dcap.com .shift4test.com .i4go.com .googleapis.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; connect-src 'self' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .google.com google.com .cardinalcommerce.com .google-analytics.com .facebook.com .disneylandparis.com .disney.com .locize.io .nr-data.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .fontawesome.com .rguest.eu .pingdom.net .onetrust.com .cookielaw.org; frame-ancestors 'self' .istay.io .dcap.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; form-action 'self' .dcap.com .facebook.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; frame-src 'self' intent: .naver.com .dcap.com .samsung.com .hyundaicard.com .hanacard.co.kr .vpay.co.kr .wooricard.com .kbcard.com .nonghyup.com .lottecard.co.kr .samsungcard.co.kr .citibank.co.kr .kakao.com .facebook.com .shift4test.com .i4go.com .easypay.co.kr .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
client_time: 2024-04-22T01:54:20+02:00
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnQtaWQiOiIyMTA3IiwicGxhdGZvcm0tYWNjZXNzLXRva2VuIjoiZXlKaGJHY2lPaUpJVXpVeE1pSjkuZXlKcWRHa2lPaUkwTkRGaVpETTBPUzA0TTJNMkxUUmlaV010WWpVd01pMDFNV05pWWpFek5XSmlaamNpTENKMGIydGxiaTEwZVhCbElqb2lRVU5EUlZOVElpd2lZWEJwTFdkaGRHVjNZWGt0Y0hKdlpIVmpkQ0k2SWxKSFZVVlRWRjlDVlZsZlJsVk1UQ0lzSW5SbGJtRnVkQzFwWkNJNklqSXhNRGNpTENKbGVIQnBjbUYwYVc5dUxXUmhkR1VpT2pFM01UTTNORGN5TlRnM09EbDkuMm0ySFRjWXpLSXRmZVgwZmxndHRSaWg1R3VDcTdTQ1ZmNS1mQlhRVFB2ZTBDREN1ZFB5ZndkMktacTdZVE5WT29RSy1GMGotQktHT216eGFzeEtmYVEiLCJpYXQiOjE3MTM3NDM2NTgsImV4cCI6MTcxMzc0NTQ1OH0.vQJfeYIDLd9Naw86vqoCccmPv_9Zuz6b9CLRZnXue_MyzWbpxpHa1nP2yCwDaWlyWGvySKx2qD8GF5rLe2L0UQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://alfred.buy-ondemand.com/
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 21 Apr 2024 23:54:20 GMT
content-security-policy: default-src 'self' *.adobedtm.com *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.demdex.net *.adobedtm.com *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: deny
vary: origin,accept-encoding
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate, private
x-envoy-upstream-service-time: 7
permissions-policy: geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
x-xss-protection: 1; mode=block

GET /
alfred.buy-ondemand.com/api/locize/language/en/ns/core/ 0
0

GET /
alfred.buy-ondemand.com/api/locize/language/en/ns/domain-alfred.buy-ondemand.com/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: alfred.buy-ondemand.com
URL: https://alfred.buy-ondemand.com/api/locize/language/en/ns/core/?projectId=838d5fce-27b5-4368-8c54-8fcb33577f9a&version=production

Domain: alfred.buy-ondemand.com
URL: https://alfred.buy-ondemand.com/api/locize/language/en/ns/domain-alfred.buy-ondemand.com/?projectId=838d5fce-27b5-4368-8c54-8fcb33577f9a&version=production

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' .adobedtm.com .cardinalcommerce.com .google.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; font-src 'self' data: .gstatic.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; img-src 'self' data: .gstatic.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; script-src 'self' 'unsafe-inline' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .cardinalcommerce.com .cookielaw.org .googleapis.com .freedompay.com .cardinalcommerce.com .google-analytics.com .googletagmanager.com .google.com .facebook.net .stripe.com .nr-data.net .fontawesome.com .pingdom.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .cookielaw.org; style-src 'self' 'unsafe-inline' .dcap.com .shift4test.com .i4go.com .googleapis.com .fontawesome.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg; connect-src 'self' .demdex.net .adobedtm.com .dcap.com .shift4test.com .i4go.com .google.com google.com .cardinalcommerce.com .google-analytics.com .facebook.com .disneylandparis.com .disney.com .locize.io .nr-data.net .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .fontawesome.com .rguest.eu .pingdom.net .onetrust.com .cookielaw.org; frame-ancestors 'self' .istay.io .dcap.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; form-action 'self' .dcap.com .facebook.com .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com .freedompay.com; frame-src 'self' intent: .naver.com .dcap.com .samsung.com .hyundaicard.com .hanacard.co.kr .vpay.co.kr .wooricard.com .kbcard.com .nonghyup.com .lottecard.co.kr .samsungcard.co.kr .citibank.co.kr .kakao.com .facebook.com .shift4test.com .i4go.com .easypay.co.kr .cardinalcommerce.com .alipaydev.com .alipay.com .citconpay.com .hospitalityrevolution.com .rguest.com .rguest.eu .rguest.sg .google.com .stripe.com .windcave.com .rguest.eu .alipay.com .cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alfred.buy-ondemand.com
ondemand-cdn-static-asset-prod-westus.rguest.com
alfred.buy-ondemand.com
23.99.12.114
2620:1ec:46::64
3acc573a80d88e155a6efd6488ec2f2f477496b00121cf206411f12509440fff
69d5588aad75f2ae343f9d406b6f07039e370a0d7994fc3862e0842c9a4e7256
69f90bd73e00103c7d0173e4ad56da2501268d99472625e1f7adc740266027de
6fc4f54c474148b9c2a2a6a2f4031dd88ca6daa5e8c379d8642cdd1590613715
9a106d1cc998f388d4b6a9e618feefca79ace6bd9a76481e9fe0ab97a1f14f56
9d38fa3f2ada9535d36b2739402da369fe6344561bf8e8df47250f72cb31b8d9
9db483439643c5d4f79225682e80fb3c6fe281ddc155567952dd31cdacd7de83
a3da0a0cd882c7f7e5bde72efd7a13b325af65d236fd370deebbbc4146dfdaa6
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
c88a0b907419a70c27ab7c1f8e5fb54441a4d9c3567e4c928fa7b2091194aecf
cafdf7302f4a4919ebb0725c8292c0b6a478acb5315d7a9fac921905993c12f4
ea9a1d1e8faf7e80c4355a14834125dfc5a300d828fc6d284afd0c4017c9ee83
f407454135a3083b93c69bd31c2bd9b9ba7f84a067d121cb1348222ed7d824ca

alfred.buy-ondemand.com Open in urlscan Pro 23.99.12.114 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

14 Requests

86 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

3462 kBTransfer

12673 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

alfred.buy-ondemand.com Open in urlscan Pro
23.99.12.114 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

86 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

3462 kB
Transfer

12673 kB
Size

0
Cookies

14 HTTP transactions
1 data transactions