thesandboxhanaleibay.buy-ondemand.com Open in urlscan Pro
23.99.12.114  Public Scan

Submitted URL: https://1hbcac3.l-it.us/
Effective URL: https://thesandboxhanaleibay.buy-ondemand.com/?Cabana=C3
Submission: On March 25 via api from US — Scanned from US

Summary

This website contacted 4 IPs in 1 countries across 5 domains to perform 21 HTTP transactions. The main IP is 23.99.12.114, located in San Jose, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is thesandboxhanaleibay.buy-ondemand.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on June 6th 2023. Valid for: a year.
This is the only time thesandboxhanaleibay.buy-ondemand.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2607:f8b0:400... 15169 (GOOGLE)
6 23.99.12.114 8075 (MICROSOFT...)
13 2603:1062:10:... 8075 (MICROSOFT...)
2 13.225.214.107 16509 (AMAZON-02)
21 4
Apex Domain
Subdomains
Transfer
13 rguest.com
ondemand-cdn-static-asset-prod-westus.rguest.com — Cisco Umbrella Rank: 595394
6 MB
6 buy-ondemand.com
thesandboxhanaleibay.buy-ondemand.com
24 KB
2 locize.io
api.locize.io — Cisco Umbrella Rank: 294785
27 KB
1 l-it.us
1hbcac3.l-it.us
153 B
0 Failed
function sub() { [native code] }. Failed
21 5
Domain Requested by
13 ondemand-cdn-static-asset-prod-westus.rguest.com thesandboxhanaleibay.buy-ondemand.com
ondemand-cdn-static-asset-prod-westus.rguest.com
6 thesandboxhanaleibay.buy-ondemand.com ondemand-cdn-static-asset-prod-westus.rguest.com
2 api.locize.io ondemand-cdn-static-asset-prod-westus.rguest.com
1 1hbcac3.l-it.us 1 redirects
0 truncated Failed
21 5

This site contains no links.

Subject Issuer Validity Valid
*.buy-ondemand.com
Entrust Certification Authority - L1K
2023-06-06 -
2024-06-24
a year crt.sh
ondemand-cdn-static-asset-prod-westus.rguest.com
DigiCert TLS RSA SHA256 2020 CA1
2023-11-03 -
2024-11-03
a year crt.sh
*.locize.app
Amazon RSA 2048 M01
2023-09-09 -
2024-10-07
a year crt.sh

This page contains 1 frames:

Primary Page: https://thesandboxhanaleibay.buy-ondemand.com/?Cabana=C3
Frame ID: A3955FB4C01CB88C6F78781974CF7301
Requests: 22 HTTP requests in this frame

Screenshot

Page Title

1 Hotel - Hanalei Bay Sandbox

Page URL History Show full URLs

  1. https://1hbcac3.l-it.us/ HTTP 301
    https://thesandboxhanaleibay.buy-ondemand.com/?Cabana=C3 Page URL

Page Statistics

21
Requests

100 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

6488 kB
Transfer

15650 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://1hbcac3.l-it.us/ HTTP 301
    https://thesandboxhanaleibay.buy-ondemand.com/?Cabana=C3 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
thesandboxhanaleibay.buy-ondemand.com/
Redirect Chain
  • https://1hbcac3.l-it.us/
  • https://thesandboxhanaleibay.buy-ondemand.com/?Cabana=C3
9 KB
4 KB
Document
General
Full URL
https://thesandboxhanaleibay.buy-ondemand.com/?Cabana=C3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.99.12.114 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6b508f2f53b70d769781668d6a47663bd350ab560a780f85a70c0eb01d574f5c
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate, private
content-encoding
gzip
content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
content-type
text/html; charset=utf-8
date
Mon, 25 Mar 2024 16:59:15 GMT
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
origin,accept-encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
3
x-frame-options
deny
x-xss-protection
1; mode=block

Redirect headers

content-length
253
content-type
text/html; charset=UTF-8
date
Mon, 25 Mar 2024 16:59:15 GMT
location
https://thesandboxhanaleibay.buy-ondemand.com/?Cabana=C3
server
ghs
x-frame-options
SAMEORIGIN
x-xss-protection
0
app-c957db7d91d9192e2981.css
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/
3 MB
826 KB
Stylesheet
General
Full URL
https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-c957db7d91d9192e2981.css
Requested by
Host: thesandboxhanaleibay.buy-ondemand.com
URL: https://thesandboxhanaleibay.buy-ondemand.com/?Cabana=C3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1062:10:25::1 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ea9a1d1e8faf7e80c4355a14834125dfc5a300d828fc6d284afd0c4017c9ee83
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://thesandboxhanaleibay.buy-ondemand.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-azure-ref-originshield
08FvzZQAAAADPxbGJpKHtTpZp9xZYbnVPTU5aMjIxMDYwNjEyMDUxADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
date
Mon, 25 Mar 2024 16:59:16 GMT
x-cache
TCP_HIT
x-envoy-upstream-service-time
4
x-xss-protection
1; mode=block
pragma
cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 02 Mar 2024 11:44:31 GMT
etag
"2fe0d12efd1f925a1a3d0c8677698204a40e224f-gzip"
vary
origin,accept-encoding
x-frame-options
deny
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=2592000
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
x-azure-ref
0ZK0BZgAAAADhuJzZyyd2Q4FRdxQZrBxuWVRPMjIxMDkwODIwMDI1ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
accept-ranges
bytes
access-control-allow-headers
client_time, authorization
app-bundle-59065667c94d1f291d03.js
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/
8 MB
2 MB
Script
General
Full URL
https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-59065667c94d1f291d03.js
Requested by
Host: thesandboxhanaleibay.buy-ondemand.com
URL: https://thesandboxhanaleibay.buy-ondemand.com/?Cabana=C3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1062:10:25::1 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
530598ed8f550a8c6a91173e264bb4b55fa8f21964e71a524e7bed6a214ab438
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://thesandboxhanaleibay.buy-ondemand.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-azure-ref-originshield
00n/5ZQAAAACCYh95QfOQRaIQPPmRYAhJTU5aMjIxMDYwNjExMDA5ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
date
Mon, 25 Mar 2024 16:59:16 GMT
x-cache
TCP_HIT
x-envoy-upstream-service-time
9
x-xss-protection
1; mode=block
pragma
cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 02 Mar 2024 11:44:31 GMT
etag
"4bad73bfee3d1b989f7d471cd047ccaab02db93d-gzip"
vary
origin,accept-encoding
x-frame-options
deny
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=2592000
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
x-azure-ref
0ZK0BZgAAAAB50uHsz9ssRLoyHp2PQKNCWVRPMjIxMDkwODIwMDI1ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
accept-ranges
bytes
access-control-allow-headers
client_time, authorization
anonymous
thesandboxhanaleibay.buy-ondemand.com/api/login/
7 B
3 KB
XHR
General
Full URL
https://thesandboxhanaleibay.buy-ondemand.com/api/login/anonymous
Requested by
Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-59065667c94d1f291d03.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.99.12.114 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c88a0b907419a70c27ab7c1f8e5fb54441a4d9c3567e4c928fa7b2091194aecf
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
client_time
2024-03-25T06:59:18-10:00
Referer
https://thesandboxhanaleibay.buy-ondemand.com/?Cabana=C3
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Mon, 25 Mar 2024 16:59:18 GMT
content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-token
eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnQtaWQiOiIyMDIyIiwicGxhdGZvcm0tYWNjZXNzLXRva2VuIjoiZXlKaGJHY2lPaUpJVXpVeE1pSjkuZXlKcWRHa2lPaUpoTnpaaVpEQTROaTB6TVRoaExUUXlaR0V0WW1ObU5TMDVaV0kyWTJVMk5UUXpOMlVpTENKMGIydGxiaTEwZVhCbElqb2lRVU5EUlZOVElpd2lZWEJwTFdkaGRHVjNZWGt0Y0hKdlpIVmpkQ0k2SWxKSFZVVlRWRjlDVlZsZlJsVk1UQ0lzSW5SbGJtRnVkQzFwWkNJNklqSXdNaklpTENKbGVIQnBjbUYwYVc5dUxXUmhkR1VpT2pFM01URXpPRGsxTlRnek16VjkucFZOQkdxcHM5TXJRZVYzdFROM2ZzblhpNGFPbzVRcEljcXdjSEVQVUxLblZnLTNsX0xxQlBBQ05USXdnQmdOUTlXcVNyWWc3b204WldyTWdRM1BtbUEiLCJpYXQiOjE3MTEzODU5NTgsImV4cCI6MTcxMTM4Nzc1OH0.Er_FlpUodaT34EMosYzUiHeFrlnUfLlwYfYQFFhMPn5odte0p0x5bk6Er8oyrux9TvMeroRYsDjkqZ7KsmzUTA
x-envoy-upstream-service-time
231
content-length
7
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
x-frame-options
deny
vary
origin
refresh-token
eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnQtaWQiOiIyMDIyIiwicGxhdGZvcm0tcmVmcmVzaC10b2tlbiI6ImV5SmhiR2NpT2lKSVV6VXhNaUo5LmV5SnFkR2tpT2lKbE1XSTBNR000TVMwd1pXTmxMVFJoTUdZdFltRmtOeTA0TjJZNE9UTmhNemMzTkdJaUxDSjBiMnRsYmkxMGVYQmxJam9pVWtWR1VrVlRTQ0lzSW1Gd2FTMW5ZWFJsZDJGNUxYQnliMlIxWTNRaU9pSlNSMVZGVTFSZlFsVlpYMFpWVEV3aUxDSjBaVzVoYm5RdGFXUWlPaUl5TURJeUlpd2laWGh3YVhKaGRHbHZiaTFrWVhSbElqb3hOekV4TkRjeU16VTRNek0xZlEuamxvWF9wTU94NFp6SUlha2xsMmNmbzRSaU5GbXNGRGx2N25BRzhkMWNGSjljQ0o0UVY1VHQ1V0dXaGlYNXJfRzEyTFlrSUFpX014eVBXUzhyZlVhbmciLCJpYXQiOjE3MTEzODU5NTgsImV4cCI6MTcxMTQ3MjM1OH0.B2YpTl2j9YT4Zqd1spsA8H54Vu8wEaXj_BI4zK7VVTMu4_R7aBqH3VU3HtOeYFoTI_-tLcIc1jV1axd6b4KqXQ
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, must-revalidate, private
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
0-678f6ebbec2ecf547061.css
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/
21 KB
5 KB
Stylesheet
General
Full URL
https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/0-678f6ebbec2ecf547061.css
Requested by
Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-59065667c94d1f291d03.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1062:10:25::1 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6fc4f54c474148b9c2a2a6a2f4031dd88ca6daa5e8c379d8642cdd1590613715
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://thesandboxhanaleibay.buy-ondemand.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-azure-ref-originshield
0rHD3ZQAAAABHmkGHrUPpSINpOIbWc1PuTU5aMjIxMDYwNjEyMDI3ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
date
Mon, 25 Mar 2024 16:59:18 GMT
x-cache
TCP_HIT
x-envoy-upstream-service-time
5
x-xss-protection
1; mode=block
pragma
cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 02 Mar 2024 11:44:31 GMT
etag
"4cb2260fc0d60d01c5504e4cca1735933bebd37a-gzip"
vary
origin,accept-encoding
x-frame-options
deny
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=2592000
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
x-azure-ref
0Zq0BZgAAAABcondLSAxPTa5POlO35vemWVRPMjIxMDkwODIwMDI1ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
accept-ranges
bytes
access-control-allow-headers
client_time, authorization
0-bundle-0f4357f56f1c9e812786.js
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/
1 MB
174 KB
Script
General
Full URL
https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/0-bundle-0f4357f56f1c9e812786.js
Requested by
Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-59065667c94d1f291d03.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1062:10:25::1 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
30f69c4449c42e8beccd4a517e700a862ffa05066aa9b5720fc732dd26775948
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://thesandboxhanaleibay.buy-ondemand.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-azure-ref-originshield
033/5ZQAAAABJj/BdDAaFRIq9altmebjoTU5aMjIxMDYwNjExMDIzADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
date
Mon, 25 Mar 2024 16:59:18 GMT
x-cache
TCP_HIT
x-envoy-upstream-service-time
5
x-xss-protection
1; mode=block
pragma
cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 02 Mar 2024 11:44:31 GMT
etag
"e1e8b9064d201a42d3d0268a4c3d672a31888ea5-gzip"
vary
origin,accept-encoding
x-frame-options
deny
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=2592000
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
x-azure-ref
0Zq0BZgAAAAC5Tk5zFhacSK1nbptrG3tvWVRPMjIxMDkwODIwMDI1ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
accept-ranges
bytes
access-control-allow-headers
client_time, authorization
2-bundle-91758dc63387c733835b.js
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/
76 KB
14 KB
Script
General
Full URL
https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/2-bundle-91758dc63387c733835b.js
Requested by
Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-59065667c94d1f291d03.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1062:10:25::1 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
52060cdfbb2290b54092eaab5c2f30f736e6028d560a7834066f692009a3c7e8
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://thesandboxhanaleibay.buy-ondemand.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-azure-ref-originshield
0h/r5ZQAAAACf5INbZ8plQ4tQjvNZaaYGTU5aMjIxMDYwNjExMDIxADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
date
Mon, 25 Mar 2024 16:59:18 GMT
x-cache
TCP_HIT
x-envoy-upstream-service-time
3
x-xss-protection
1; mode=block
pragma
cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 02 Mar 2024 11:44:31 GMT
etag
"738b547612970372965b2ae679541535ccc1eab5-gzip"
vary
origin,accept-encoding
x-frame-options
deny
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=2592000
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
x-azure-ref
0Zq0BZgAAAAA/uybUxB13R5e/vRd8UXnMWVRPMjIxMDkwODIwMDI1ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
accept-ranges
bytes
access-control-allow-headers
client_time, authorization
3-bundle-0a9724da2ef2440c69eb.js
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/
250 KB
48 KB
Script
General
Full URL
https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/3-bundle-0a9724da2ef2440c69eb.js
Requested by
Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-59065667c94d1f291d03.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1062:10:25::1 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
54d1c287f932cad7ff182da34dd5e7e4ebe4223aaa12c2d443b3518b7a27236d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://thesandboxhanaleibay.buy-ondemand.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-azure-ref-originshield
06tX6ZQAAAAB3wBJehCDVSZe+xM5fjACBTU5aMjIxMDYwNjExMDUxADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
date
Mon, 25 Mar 2024 16:59:18 GMT
x-cache
TCP_HIT
x-envoy-upstream-service-time
4
x-xss-protection
1; mode=block
pragma
cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 02 Mar 2024 11:44:31 GMT
etag
"043e0ce40a2b9e400f7600fa3f63b8d882037849-gzip"
vary
origin,accept-encoding
x-frame-options
deny
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=2592000
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
x-azure-ref
0Zq0BZgAAAADQxDqlQCvYQovKc0sFcY5WWVRPMjIxMDkwODIwMDI1ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
accept-ranges
bytes
access-control-allow-headers
client_time, authorization
agilysys-icon-d4d803d5f5f166a21136c07d266fd006.ttf
ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/
256 KB
117 KB
Font
General
Full URL
https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/agilysys-icon-d4d803d5f5f166a21136c07d266fd006.ttf
Requested by
Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-c957db7d91d9192e2981.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1062:10:25::1 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3acc573a80d88e155a6efd6488ec2f2f477496b00121cf206411f12509440fff
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-c957db7d91d9192e2981.css
Origin
https://thesandboxhanaleibay.buy-ondemand.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-azure-ref-originshield
0s3P4ZQAAAACPVDvFqnxaTbC7up4/BTAPTU5aMjIxMDYwNjExMDE3ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
date
Mon, 25 Mar 2024 16:59:18 GMT
x-cache
TCP_HIT
x-envoy-upstream-service-time
3
x-xss-protection
1; mode=block
pragma
cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 02 Mar 2024 11:44:31 GMT
etag
"c5ab8ed7eaba983f26065b9249cff894826f36ef-gzip"
vary
origin,accept-encoding
x-frame-options
deny
content-type
font/ttf
access-control-allow-origin
*
cache-control
max-age=2592000
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
x-azure-ref
0Zq0BZgAAAACvIQmC8COfQ4uS8cA3K4aoWVRPMjIxMDkwODE5MDI5ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
accept-ranges
bytes
access-control-allow-headers
client_time, authorization
truncated
/
16 KB
16 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Request headers

Referer
Origin
https://thesandboxhanaleibay.buy-ondemand.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type
font/woff2
config
thesandboxhanaleibay.buy-ondemand.com/api/
6 KB
4 KB
XHR
General
Full URL
https://thesandboxhanaleibay.buy-ondemand.com/api/config
Requested by
Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-59065667c94d1f291d03.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.99.12.114 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aa108a9a4ca0729216438b9aadb936bc2cfac4e646b32aac2c405e6b5c52258e
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
client_time
2024-03-25T06:59:18-10:00
Referer
https://thesandboxhanaleibay.buy-ondemand.com/?Cabana=C3
accept-language
en-US,en;q=0.9
Authorization
Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnQtaWQiOiIyMDIyIiwicGxhdGZvcm0tYWNjZXNzLXRva2VuIjoiZXlKaGJHY2lPaUpJVXpVeE1pSjkuZXlKcWRHa2lPaUpoTnpaaVpEQTROaTB6TVRoaExUUXlaR0V0WW1ObU5TMDVaV0kyWTJVMk5UUXpOMlVpTENKMGIydGxiaTEwZVhCbElqb2lRVU5EUlZOVElpd2lZWEJwTFdkaGRHVjNZWGt0Y0hKdlpIVmpkQ0k2SWxKSFZVVlRWRjlDVlZsZlJsVk1UQ0lzSW5SbGJtRnVkQzFwWkNJNklqSXdNaklpTENKbGVIQnBjbUYwYVc5dUxXUmhkR1VpT2pFM01URXpPRGsxTlRnek16VjkucFZOQkdxcHM5TXJRZVYzdFROM2ZzblhpNGFPbzVRcEljcXdjSEVQVUxLblZnLTNsX0xxQlBBQ05USXdnQmdOUTlXcVNyWWc3b204WldyTWdRM1BtbUEiLCJpYXQiOjE3MTEzODU5NTgsImV4cCI6MTcxMTM4Nzc1OH0.Er_FlpUodaT34EMosYzUiHeFrlnUfLlwYfYQFFhMPn5odte0p0x5bk6Er8oyrux9TvMeroRYsDjkqZ7KsmzUTA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Mar 2024 16:59:18 GMT
content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-frame-options
deny
vary
origin,accept-encoding
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, must-revalidate, private
x-envoy-upstream-service-time
5
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
x-xss-protection
1; mode=block
core
api.locize.io/838d5fce-27b5-4368-8c54-8fcb33577f9a/production/en/
109 KB
27 KB
XHR
General
Full URL
https://api.locize.io/838d5fce-27b5-4368-8c54-8fcb33577f9a/production/en/core
Requested by
Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-59065667c94d1f291d03.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-107.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b0ced938e83eeba34bfcbfa4ee43fffaf279b0bbd8fa58e5bf3d04014bf2c68c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://thesandboxhanaleibay.buy-ondemand.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id
viIpaCyStOn8PeDrz06C32KNXjo1noOE
content-encoding
gzip
via
1.1 64142199656297b56ef863f9ccc0c102.cloudfront.net (CloudFront)
date
Mon, 25 Mar 2024 10:40:13 GMT
x-amz-cf-pop
EWR50-C1
age
22747
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 11 Mar 2024 20:00:28 GMT
server
AmazonS3
etag
W/"9046df7ce48d53018929babf7a85ad80"
access-control-max-age
300
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-cache
cache-control
public, stale-while-revalidate=8640, max-age=86400, s-maxage=43200
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
tcCdm5db2fO6JsPNa0xCqX5--S9GPzSlN1tJVjtXMhkfLexdq6IuDQ==
domain-thesandboxhanaleibay.buy-ondemand.com
api.locize.io/838d5fce-27b5-4368-8c54-8fcb33577f9a/production/en/
3 B
629 B
XHR
General
Full URL
https://api.locize.io/838d5fce-27b5-4368-8c54-8fcb33577f9a/production/en/domain-thesandboxhanaleibay.buy-ondemand.com
Requested by
Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-59065667c94d1f291d03.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-107.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

accept-language
en-US,en;q=0.9
Referer
https://thesandboxhanaleibay.buy-ondemand.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id
LP99qA9EAMLqCMMRUwJOQ5lo4sldS.Jg
date
Mon, 25 Mar 2024 16:59:20 GMT
via
1.1 64142199656297b56ef863f9ccc0c102.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
x-cache
Error from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
content-length
3
last-modified
Wed, 08 Apr 2020 15:53:18 GMT
server
AmazonS3
etag
"8a80554c91d9fca8acb82f023de02f11"
access-control-max-age
300
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-cache
cache-control
public, must-revalidate, proxy-revalidate, max-age=0
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
N-DI1eaAT6vfGyKj8lI6WIJWJ7zbSSM1bBQS23UnHnCnbLajVQiCGg==
truncated
/
15 KB
15 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Request headers

Referer
Origin
https://thesandboxhanaleibay.buy-ondemand.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type
font/woff2
closed_sign.png
thesandboxhanaleibay.buy-ondemand.com/static/assets/
2 KB
5 KB
Image
General
Full URL
https://thesandboxhanaleibay.buy-ondemand.com/static/assets/closed_sign.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.99.12.114 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
21a773458b1b75151f667e1afe7e5d9725421293eedc6574cff7e8c47b1fb318
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://thesandboxhanaleibay.buy-ondemand.com/?Cabana=C3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Mon, 25 Mar 2024 16:59:20 GMT
content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-envoy-upstream-service-time
2
content-length
2369
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 02 Mar 2024 11:40:10 GMT
etag
"001fcf3e45d06aa74459e04322190b1e2568d330"
x-frame-options
deny
vary
origin
content-type
image/png
cache-control
max-age=31536000
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
accept-ranges
bytes
091918_1Hotel_HB_logo_BLACK__07.png
ondemand-cdn-static-asset-prod-westus.rguest.com//api/image/2022/c8bff706-33c4-45fa-9fbd-90f940d0fe86/
40 KB
42 KB
XHR
General
Full URL
https://ondemand-cdn-static-asset-prod-westus.rguest.com//api/image/2022/c8bff706-33c4-45fa-9fbd-90f940d0fe86/091918_1Hotel_HB_logo_BLACK__07.png
Requested by
Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-59065667c94d1f291d03.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1062:10:25::1 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4a74af885c998d4868f9477ac82e8818db768ca299d16b268c1dc2ee698bf80d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
client_time
2024-03-25T06:59:19-10:00
Referer
https://thesandboxhanaleibay.buy-ondemand.com/
accept-language
en-US,en;q=0.9
Authorization
Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnQtaWQiOiIyMDIyIiwicGxhdGZvcm0tYWNjZXNzLXRva2VuIjoiZXlKaGJHY2lPaUpJVXpVeE1pSjkuZXlKcWRHa2lPaUpoTnpaaVpEQTROaTB6TVRoaExUUXlaR0V0WW1ObU5TMDVaV0kyWTJVMk5UUXpOMlVpTENKMGIydGxiaTEwZVhCbElqb2lRVU5EUlZOVElpd2lZWEJwTFdkaGRHVjNZWGt0Y0hKdlpIVmpkQ0k2SWxKSFZVVlRWRjlDVlZsZlJsVk1UQ0lzSW5SbGJtRnVkQzFwWkNJNklqSXdNaklpTENKbGVIQnBjbUYwYVc5dUxXUmhkR1VpT2pFM01URXpPRGsxTlRnek16VjkucFZOQkdxcHM5TXJRZVYzdFROM2ZzblhpNGFPbzVRcEljcXdjSEVQVUxLblZnLTNsX0xxQlBBQ05USXdnQmdOUTlXcVNyWWc3b204WldyTWdRM1BtbUEiLCJpYXQiOjE3MTEzODU5NTgsImV4cCI6MTcxMTM4Nzc1OH0.Er_FlpUodaT34EMosYzUiHeFrlnUfLlwYfYQFFhMPn5odte0p0x5bk6Er8oyrux9TvMeroRYsDjkqZ7KsmzUTA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Mon, 25 Mar 2024 16:59:19 GMT
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
31
x-xss-protection
1; mode=block
pragma
cache
referrer-policy
strict-origin-when-cross-origin
vary
origin
x-frame-options
deny
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2592000
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
x-azure-ref
0aK0BZgAAAAChS8mZRniSS4Sv6Hpt/baKWVRPMjIxMDkwODE5MDI5ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
access-control-allow-headers
client_time, authorization
DESKTOP%20BACKGROUND__08.png
ondemand-cdn-static-asset-prod-westus.rguest.com//api/image/2022/c8bff706-33c4-45fa-9fbd-90f940d0fe86/
1 MB
1 MB
XHR
General
Full URL
https://ondemand-cdn-static-asset-prod-westus.rguest.com//api/image/2022/c8bff706-33c4-45fa-9fbd-90f940d0fe86/DESKTOP%20BACKGROUND__08.png
Requested by
Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-59065667c94d1f291d03.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1062:10:25::1 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
53d9c9c22fad10b1cca4b283b5d026dc897acbd75780cde25925427efa155a60
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
client_time
2024-03-25T06:59:19-10:00
Referer
https://thesandboxhanaleibay.buy-ondemand.com/
accept-language
en-US,en;q=0.9
Authorization
Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnQtaWQiOiIyMDIyIiwicGxhdGZvcm0tYWNjZXNzLXRva2VuIjoiZXlKaGJHY2lPaUpJVXpVeE1pSjkuZXlKcWRHa2lPaUpoTnpaaVpEQTROaTB6TVRoaExUUXlaR0V0WW1ObU5TMDVaV0kyWTJVMk5UUXpOMlVpTENKMGIydGxiaTEwZVhCbElqb2lRVU5EUlZOVElpd2lZWEJwTFdkaGRHVjNZWGt0Y0hKdlpIVmpkQ0k2SWxKSFZVVlRWRjlDVlZsZlJsVk1UQ0lzSW5SbGJtRnVkQzFwWkNJNklqSXdNaklpTENKbGVIQnBjbUYwYVc5dUxXUmhkR1VpT2pFM01URXpPRGsxTlRnek16VjkucFZOQkdxcHM5TXJRZVYzdFROM2ZzblhpNGFPbzVRcEljcXdjSEVQVUxLblZnLTNsX0xxQlBBQ05USXdnQmdOUTlXcVNyWWc3b204WldyTWdRM1BtbUEiLCJpYXQiOjE3MTEzODU5NTgsImV4cCI6MTcxMTM4Nzc1OH0.Er_FlpUodaT34EMosYzUiHeFrlnUfLlwYfYQFFhMPn5odte0p0x5bk6Er8oyrux9TvMeroRYsDjkqZ7KsmzUTA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Mon, 25 Mar 2024 16:59:19 GMT
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
72
x-xss-protection
1; mode=block
pragma
cache
referrer-policy
strict-origin-when-cross-origin
vary
origin
x-frame-options
deny
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2592000
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
x-azure-ref
0aK0BZgAAAACqVzOAthwWS5E2Ts8PiXPyWVRPMjIxMDkwODE5MDI5ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
access-control-allow-headers
client_time, authorization
2022
thesandboxhanaleibay.buy-ondemand.com/api/sites/
6 KB
4 KB
XHR
General
Full URL
https://thesandboxhanaleibay.buy-ondemand.com/api/sites/2022
Requested by
Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-59065667c94d1f291d03.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.99.12.114 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
975c4f1078d69e9c301d193170ece87266b200a337eca2100f7cfdd6075f7cb1
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
client_time
2024-03-25T06:59:19-10:00
Referer
https://thesandboxhanaleibay.buy-ondemand.com/?Cabana=C3
accept-language
en-US,en;q=0.9
Authorization
Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnQtaWQiOiIyMDIyIiwicGxhdGZvcm0tYWNjZXNzLXRva2VuIjoiZXlKaGJHY2lPaUpJVXpVeE1pSjkuZXlKcWRHa2lPaUpoTnpaaVpEQTROaTB6TVRoaExUUXlaR0V0WW1ObU5TMDVaV0kyWTJVMk5UUXpOMlVpTENKMGIydGxiaTEwZVhCbElqb2lRVU5EUlZOVElpd2lZWEJwTFdkaGRHVjNZWGt0Y0hKdlpIVmpkQ0k2SWxKSFZVVlRWRjlDVlZsZlJsVk1UQ0lzSW5SbGJtRnVkQzFwWkNJNklqSXdNaklpTENKbGVIQnBjbUYwYVc5dUxXUmhkR1VpT2pFM01URXpPRGsxTlRnek16VjkucFZOQkdxcHM5TXJRZVYzdFROM2ZzblhpNGFPbzVRcEljcXdjSEVQVUxLblZnLTNsX0xxQlBBQ05USXdnQmdOUTlXcVNyWWc3b204WldyTWdRM1BtbUEiLCJpYXQiOjE3MTEzODU5NTgsImV4cCI6MTcxMTM4Nzc1OH0.Er_FlpUodaT34EMosYzUiHeFrlnUfLlwYfYQFFhMPn5odte0p0x5bk6Er8oyrux9TvMeroRYsDjkqZ7KsmzUTA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Mar 2024 16:59:20 GMT
content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-frame-options
deny
vary
origin,accept-encoding
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, must-revalidate, private
x-envoy-upstream-service-time
46
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
x-xss-protection
1; mode=block
091918_1Hotel_HB_logo_BLACK__07.png
ondemand-cdn-static-asset-prod-westus.rguest.com//api/image/2022/c8bff706-33c4-45fa-9fbd-90f940d0fe86/
0
0
Preflight
General
Full URL
https://ondemand-cdn-static-asset-prod-westus.rguest.com//api/image/2022/c8bff706-33c4-45fa-9fbd-90f940d0fe86/091918_1Hotel_HB_logo_BLACK__07.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1062:10:25::1 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,client_time
Access-Control-Request-Method
GET
Origin
https://thesandboxhanaleibay.buy-ondemand.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

access-control-allow-headers
client_time, authorization
access-control-allow-origin
*
cache-control
max-age=2592000
content-length
44
content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
content-type
application/json; charset=utf-8
date
Mon, 25 Mar 2024 16:59:19 GMT
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
pragma
cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-azure-ref
0Z60BZgAAAAB9fOSAxrxGRZVxBKTdFb4rWVRPMjIxMDkwODE5MDI5ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
x-frame-options
deny
x-xss-protection
1; mode=block
DESKTOP%20BACKGROUND__08.png
ondemand-cdn-static-asset-prod-westus.rguest.com//api/image/2022/c8bff706-33c4-45fa-9fbd-90f940d0fe86/
0
0
Preflight
General
Full URL
https://ondemand-cdn-static-asset-prod-westus.rguest.com//api/image/2022/c8bff706-33c4-45fa-9fbd-90f940d0fe86/DESKTOP%20BACKGROUND__08.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1062:10:25::1 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,client_time
Access-Control-Request-Method
GET
Origin
https://thesandboxhanaleibay.buy-ondemand.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

access-control-allow-headers
client_time, authorization
access-control-allow-origin
*
cache-control
max-age=2592000
content-length
44
content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
content-type
application/json; charset=utf-8
date
Mon, 25 Mar 2024 16:59:19 GMT
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
pragma
cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-azure-ref
0Z60BZgAAAAD7+kZ1iAQxQIDOu/R9TQoWWVRPMjIxMDkwODE5MDI5ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
x-frame-options
deny
x-xss-protection
1; mode=block
getKitchenLeadTimesForHomePage
thesandboxhanaleibay.buy-ondemand.com/api/sites/2022/
289 B
2 KB
XHR
General
Full URL
https://thesandboxhanaleibay.buy-ondemand.com/api/sites/2022/getKitchenLeadTimesForHomePage
Requested by
Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-59065667c94d1f291d03.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.99.12.114 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e4d39530c08e37717fa557eae0d35197c43e8eb830421fd386f6dca32eeda96d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
client_time
2024-03-25T06:59:20-10:00
Referer
https://thesandboxhanaleibay.buy-ondemand.com/?Cabana=C3
accept-language
en-US,en;q=0.9
Authorization
Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnQtaWQiOiIyMDIyIiwicGxhdGZvcm0tYWNjZXNzLXRva2VuIjoiZXlKaGJHY2lPaUpJVXpVeE1pSjkuZXlKcWRHa2lPaUpoTnpaaVpEQTROaTB6TVRoaExUUXlaR0V0WW1ObU5TMDVaV0kyWTJVMk5UUXpOMlVpTENKMGIydGxiaTEwZVhCbElqb2lRVU5EUlZOVElpd2lZWEJwTFdkaGRHVjNZWGt0Y0hKdlpIVmpkQ0k2SWxKSFZVVlRWRjlDVlZsZlJsVk1UQ0lzSW5SbGJtRnVkQzFwWkNJNklqSXdNaklpTENKbGVIQnBjbUYwYVc5dUxXUmhkR1VpT2pFM01URXpPRGsxTlRnek16VjkucFZOQkdxcHM5TXJRZVYzdFROM2ZzblhpNGFPbzVRcEljcXdjSEVQVUxLblZnLTNsX0xxQlBBQ05USXdnQmdOUTlXcVNyWWc3b204WldyTWdRM1BtbUEiLCJpYXQiOjE3MTEzODU5NTgsImV4cCI6MTcxMTM4Nzc1OH0.Er_FlpUodaT34EMosYzUiHeFrlnUfLlwYfYQFFhMPn5odte0p0x5bk6Er8oyrux9TvMeroRYsDjkqZ7KsmzUTA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 25 Mar 2024 16:59:20 GMT
content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-frame-options
deny
vary
origin
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, must-revalidate, private
x-envoy-upstream-service-time
144
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
content-length
289
x-xss-protection
1; mode=block
DESKTOP%20BACKGROUND__08.png
ondemand-cdn-static-asset-prod-westus.rguest.com//api/image/2022/c8bff706-33c4-45fa-9fbd-90f940d0fe86/
1 MB
1 MB
XHR
General
Full URL
https://ondemand-cdn-static-asset-prod-westus.rguest.com//api/image/2022/c8bff706-33c4-45fa-9fbd-90f940d0fe86/DESKTOP%20BACKGROUND__08.png
Requested by
Host: ondemand-cdn-static-asset-prod-westus.rguest.com
URL: https://ondemand-cdn-static-asset-prod-westus.rguest.com/static/assets/build/app-bundle-59065667c94d1f291d03.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1062:10:25::1 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
client_time
2024-03-25T06:59:20-10:00
Referer
https://thesandboxhanaleibay.buy-ondemand.com/
accept-language
en-US,en;q=0.9
Authorization
Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnQtaWQiOiIyMDIyIiwicGxhdGZvcm0tYWNjZXNzLXRva2VuIjoiZXlKaGJHY2lPaUpJVXpVeE1pSjkuZXlKcWRHa2lPaUpoTnpaaVpEQTROaTB6TVRoaExUUXlaR0V0WW1ObU5TMDVaV0kyWTJVMk5UUXpOMlVpTENKMGIydGxiaTEwZVhCbElqb2lRVU5EUlZOVElpd2lZWEJwTFdkaGRHVjNZWGt0Y0hKdlpIVmpkQ0k2SWxKSFZVVlRWRjlDVlZsZlJsVk1UQ0lzSW5SbGJtRnVkQzFwWkNJNklqSXdNaklpTENKbGVIQnBjbUYwYVc5dUxXUmhkR1VpT2pFM01URXpPRGsxTlRnek16VjkucFZOQkdxcHM5TXJRZVYzdFROM2ZzblhpNGFPbzVRcEljcXdjSEVQVUxLblZnLTNsX0xxQlBBQ05USXdnQmdOUTlXcVNyWWc3b204WldyTWdRM1BtbUEiLCJpYXQiOjE3MTEzODU5NTgsImV4cCI6MTcxMTM4Nzc1OH0.Er_FlpUodaT34EMosYzUiHeFrlnUfLlwYfYQFFhMPn5odte0p0x5bk6Er8oyrux9TvMeroRYsDjkqZ7KsmzUTA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Mon, 25 Mar 2024 16:59:20 GMT
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
127
x-xss-protection
1; mode=block
pragma
cache
referrer-policy
strict-origin-when-cross-origin
vary
origin
x-frame-options
deny
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2592000
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
x-azure-ref
0aK0BZgAAAABaHRfN8xKcTJj0BhARWdHvWVRPMjIxMDkwODE5MDI5ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
access-control-allow-headers
client_time, authorization
DESKTOP%20BACKGROUND__08.png
ondemand-cdn-static-asset-prod-westus.rguest.com//api/image/2022/c8bff706-33c4-45fa-9fbd-90f940d0fe86/
0
0
Preflight
General
Full URL
https://ondemand-cdn-static-asset-prod-westus.rguest.com//api/image/2022/c8bff706-33c4-45fa-9fbd-90f940d0fe86/DESKTOP%20BACKGROUND__08.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1062:10:25::1 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,client_time
Access-Control-Request-Method
GET
Origin
https://thesandboxhanaleibay.buy-ondemand.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

access-control-allow-headers
client_time, authorization
access-control-allow-origin
*
cache-control
max-age=2592000
content-length
44
content-security-policy
default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
content-type
application/json; charset=utf-8
date
Mon, 25 Mar 2024 16:59:20 GMT
permissions-policy
geolocation=(self), microphone=(self), camera=(self), fullscreen=(self), payment=(self "https://js.stripe.com" "https://*.freedompay.com" "https://*.google.com" "https://*.shift4test.com" "https://*.i4go.com" "https://*.easypay.co.kr")
pragma
cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-azure-ref
0aK0BZgAAAACxX8g+lInKRpsAwv44rGXYWVRPMjIxMDkwODE5MDI5ADU5Mzk0MjQ3LTdlZmQtNDcxOS05ODMxLTdiOGRmZTRkMDA2Mg==
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
x-frame-options
deny
x-xss-protection
1; mode=block
truncated
/
40 KB
40 KB
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4a74af885c998d4868f9477ac82e8818db768ca299d16b268c1dc2ee698bf80d

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type
application/octet-stream
truncated
/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
truncated
URL
data:truncated

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| BASE_PATH function| computeFavFn function| computeBaseFn object| app_css function| LOAD_RESOURCES object| globalEnv string| resourceBasePath object| webpackJsonp object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill boolean| _muiLoadedJS object| mui object| __$$GLOBAL_REWIRE_REGISTRY__ function| __rewire_reset_all__ number| __$$GLOBAL_REWIRE_NEXT_MODULE_ID__ function| _ number| 2f1acc6c3a606b082e5eef5e54414ffb

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.cardinalcommerce.com *.google.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; font-src 'self' data: *.gstatic.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; img-src 'self' data: *.gstatic.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; script-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.cardinalcommerce.com *.cookielaw.org *.googleapis.com *.freedompay.com *.cardinalcommerce.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.net *.stripe.com *.nr-data.net *.fontawesome.com *.pingdom.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.cookielaw.org; style-src 'self' 'unsafe-inline' *.dcap.com *.shift4test.com *.i4go.com *.googleapis.com *.fontawesome.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg; connect-src 'self' *.dcap.com *.shift4test.com *.i4go.com *.google.com google.com *.cardinalcommerce.com *.google-analytics.com *.facebook.com *.disneylandparis.com *.disney.com *.locize.io *.nr-data.net *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.fontawesome.com *.rguest.eu *.pingdom.net *.onetrust.com *.cookielaw.org; frame-ancestors 'self' *.istay.io *.dcap.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; form-action 'self' *.dcap.com *.facebook.com *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; frame-src 'self' intent: *.naver.com *.dcap.com *.samsung.com *.hyundaicard.com *.hanacard.co.kr *.vpay.co.kr *.wooricard.com *.kbcard.com *.nonghyup.com *.lottecard.co.kr *.samsungcard.co.kr *.citibank.co.kr *.kakao.com *.facebook.com *.shift4test.com *.i4go.com *.easypay.co.kr *.cardinalcommerce.com *.alipaydev.com *.alipay.com *.citconpay.com *.hospitalityrevolution.com *.rguest.com *.rguest.eu *.rguest.sg *.google.com *.stripe.com *.windcave.com *.rguest.eu *.alipay.com *.cybersource.com *.freedompay.com; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1hbcac3.l-it.us
api.locize.io
ondemand-cdn-static-asset-prod-westus.rguest.com
thesandboxhanaleibay.buy-ondemand.com
truncated
truncated
13.225.214.107
23.99.12.114
2603:1062:10:25::1
2607:f8b0:4006:809::2013
21a773458b1b75151f667e1afe7e5d9725421293eedc6574cff7e8c47b1fb318
30f69c4449c42e8beccd4a517e700a862ffa05066aa9b5720fc732dd26775948
3acc573a80d88e155a6efd6488ec2f2f477496b00121cf206411f12509440fff
4a74af885c998d4868f9477ac82e8818db768ca299d16b268c1dc2ee698bf80d
52060cdfbb2290b54092eaab5c2f30f736e6028d560a7834066f692009a3c7e8
530598ed8f550a8c6a91173e264bb4b55fa8f21964e71a524e7bed6a214ab438
53d9c9c22fad10b1cca4b283b5d026dc897acbd75780cde25925427efa155a60
54d1c287f932cad7ff182da34dd5e7e4ebe4223aaa12c2d443b3518b7a27236d
6b508f2f53b70d769781668d6a47663bd350ab560a780f85a70c0eb01d574f5c
6fc4f54c474148b9c2a2a6a2f4031dd88ca6daa5e8c379d8642cdd1590613715
975c4f1078d69e9c301d193170ece87266b200a337eca2100f7cfdd6075f7cb1
aa108a9a4ca0729216438b9aadb936bc2cfac4e646b32aac2c405e6b5c52258e
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b0ced938e83eeba34bfcbfa4ee43fffaf279b0bbd8fa58e5bf3d04014bf2c68c
c88a0b907419a70c27ab7c1f8e5fb54441a4d9c3567e4c928fa7b2091194aecf
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
e4d39530c08e37717fa557eae0d35197c43e8eb830421fd386f6dca32eeda96d
ea9a1d1e8faf7e80c4355a14834125dfc5a300d828fc6d284afd0c4017c9ee83
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615