hackerone.com Open in urlscan Pro
2606:4700::6810:6434 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hackerone.com/reports/793532
Submission: On August 14 via api (August 14th 2022, 10:58:05 pm UTC) from US — Scanned from DE

Summary HTTP 52 Redirects Links 43 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 52 HTTP transactions. The main IP is 2606:4700::6810:6434, located in United States and belongs to CLOUDFLARENET, US. The main domain is hackerone.com. The Cisco Umbrella rank of the primary domain is 94038.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 21st 2022. Valid for: a year.

This is the only time hackerone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
44	2606:4700::68... 2606:4700::6810:6434	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:ea35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
2	2600:9000:205... 2600:9000:2057:1c00:4:4c7d:87c0:93a1	16509 (AMAZON-02) (AMAZON-02)
52	5

44 2606:4700::6810:6434 (United States)

ASN13335 (CLOUDFLARENET, US)

hackerone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:ea35 (United States)

ASN13335 (CLOUDFLARENET, US)

errors.hackerone.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2057:1c00:4:4c7d:87c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

profile-photos.hackerone-user-content.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	hackerone.com hackerone.com — Cisco Umbrella Rank: 94038	2 MB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52	21 KB
2	hackerone-user-content.com profile-photos.hackerone-user-content.com — Cisco Umbrella Rank: 548591	17 KB
1	hackerone.net errors.hackerone.net — Cisco Umbrella Rank: 794947	574 B
52	4

	Domain	Requested by
44	hackerone.com	hackerone.com
3	www.google-analytics.com	hackerone.com www.google-analytics.com
2	profile-photos.hackerone-user-content.com
1	errors.hackerone.net	hackerone.com
52	4

This site contains links to these domains. Also see Links.

Domain
www.hackerone.com
docs.hackerone.com
www.facebook.com
twitter.com
www.linkedin.com
news.ycombinator.com
www.reddit.com
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com

Subject Issuer	Validity	Valid
hackerone.com DigiCert SHA2 Extended Validation Server CA	`2022-02-21` - `2023-03-24`	a year	crt.sh
errors.hackerone.net DigiCert SHA2 Extended Validation Server CA	`2022-01-12` - `2023-02-12`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
profile-photos.hackerone-user-content.com Amazon	`2022-05-16` - `2023-06-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://hackerone.com/reports/793532
Frame ID: 4616B1450E391C18A8D115269E3F9803
Requests: 53 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

#793532 Email Spoofing

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

52
Requests

96 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

2123 kB
Transfer

6094 kB
Size

7
Cookies

43 Outgoing links

These are links going to different origins than the main page.

URL: https://www.hackerone.com/solutions/vulnerability-management-system
Title: Vulnerability Management

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/solutions/cloud-security-solution
Title: Cloud Security

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/solutions/application-security-testing-software
Title: Application Security

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/contact
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/security-incident
Title: Contacted by a hacker?

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/product/overview
Title: Platform Overview

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/product/bug-bounty-platform
Title: HackerOne Bounty

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/product/response-vulnerability-disclosure-program
Title: HackerOne Response

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/product/security-assessments
Title: HackerOne Assessments

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/product/insights
Title: HackerOne Insights

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/services
Title: HackerOne Services

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/product/pentest
Title: HackerOne Pentests

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/partners
Title: Partner Overview

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/partners/integrations
Title: Integrations

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/partners/aws
Title: AWS

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/company
Title: About us

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/leadership
Title: Leadership

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/trust
Title: Trust

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/press
Title: Press

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/press-archive
Title: Press Releases

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/hackers
Title: Hackers

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/hackers/hacker101
Title: Hacker101

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/hacktivity
Title: Hacktivity

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/leaderboard
Title: Leaderboard

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/hacktivitycon
Title: h@cktivitycon

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/resources
Title: Resource Center

Search URL Search Domain Scan URL

URL: https://docs.hackerone.com/
Title: Documentation

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/events
Title: Events

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/security-at
Title: Security@Conference

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/vulnerability-and-security-testing-blog
Title: Blog

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/blog/category/application-security
Title: Application Security

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/blog/category/ethical-hacker
Title: Ethical Hacker

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/blog/category/penetration-testing
Title: Penetration Testing

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/blog/category/security-compliance
Title: Security Compliance

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/blog/category/vulnerability-management
Title: Vulnerability Management

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fhackerone.com%2Freports%2F793532

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A%2F%2Fhackerone.com%2Freports%2F793532&text=Email%20Spoofing

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?url=https%3A%2F%2Fhackerone.com%2Freports%2F793532

Search URL Search Domain Scan URL

URL: https://news.ycombinator.com/submitlink?u=https%3A%2F%2Fhackerone.com%2Freports%2F793532&t=Email%20Spoofing

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Fhackerone.com%2Freports%2F793532&title=Email%20Spoofing

Search URL Search Domain Scan URL

URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/NKei4U2X61U5ms6NKBZFpLhX?response-content-disposition=attachment%3B%20filename%3D%22NextcloudSPF.png%22%3B%20filename%2A%3DUTF-8%27%27NextcloudSPF.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ3WUASTDC%2F20220814%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20220814T225759Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEEQaCXVzLXdlc3QtMiJHMEUCIQDMllUMLMF8DikeMXngrQSWxYBLFXPClemQukyJNAQFWgIgCXChfH7KHPCQTwDh9urGbFqctcpCt58taeQiMTBrGQoq2wQIrf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARADGgwwMTM2MTkyNzQ4NDkiDMgzwrx0jSZTVSAT0yqvBAlyYwactaFHApkM18zFIlyCMmqqx4BRhCO5ytOaF2gyg%2F%2BQ3UNhl2yy2EvrVaPjR%2F8GzvX%2Fcuqbd1SamqKxnuVlMEkjITDlLds1AYieXMbwipykvhzPf9Gig0P%2FcVoeSN2pljtBzW%2BNBf6uz8m8aLQSxgDNPk2ZzhArCCSquON8C0%2Fg7YUgYHT8hIEJkvV%2FvQKE0qqnr%2B%2FItrNwL0UrtnfEosA%2BTsHBH3CelcbTdZETYFLAWAIcDpnQTmx1%2FZRdwV41vZXTBF13X9ETdBSnfNqQO%2BMwIaC%2BPRn9pnVse89WVvlaIcj3xj5o3lq6E59pUp6CPgDmS%2F71QXtDG6oeaLaxf%2FHkwmYwPsAmsjb2nmRwVL9VFtraEi8Ivze5qzLfyXcAzU%2BYCDe3K1p9lZX%2BndH435gHkjQ2SvUuZjoYMVxVRpMPmf5DoyR1s2SQdcoYbz74QzgTFt%2F7jH7gPxbiYXvuouy22NZybNolRxnuykMwy2dQdJMmqoBO%2B19ISrllV8nfy1kn25YEz4riGAxv1Etm%2FJQnrcpIIIlDwuVXqIQZoEAsXhccRQbH1xMoZyF4RTzYGK3jBcbs%2BbwUKmegY4wDx90ptGl9fKgKCKQ7Z04q5122oLw9KK%2BDHyt92T1M3yuAFrwBno3qfQpJ00WaJXqmxT1zxrjuW%2Fsp8wCUunKrdXOqREebnmVlUAiyeW4GzmummlWY8tq4uSeHeeM0t3EzZsFpsdmG%2FTn%2FI3Xy9sQwna7llwY6qQEXFGXImPWpo56lLwBECEyUW%2BIKxF9%2BAZFW6hO6w95dflTUxmJ42%2Fbiz0I9TFclRsPe%2B4b4m1us%2FUs89mT%2F9zknxv9t2Atdg5uEJdnanhCUDi58W7PKgpRIX7gErA0jteIn80M6af2PjljYr7DDUOyOEnJQkNVLH%2BSRGwZCAUSFghUa%2FGYiQbNwzVpK5MXa2gneH5ojmwirorSdLXFg6uysJpS%2B5iiRZ%2FQU&X-Amz-SignedHeaders=host&X-Amz-Signature=8ed6bef67139747ea64f3063f9b165a757ed2d225721220691d1781d760d05b0
Title: NextcloudSPF.png

Search URL Search Domain Scan URL

URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/7JSsverKgmdC3Z295AjaQxuZ?response-content-disposition=attachment%3B%20filename%3D%22NextcloudDMARC.png%22%3B%20filename%2A%3DUTF-8%27%27NextcloudDMARC.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ3WUASTDC%2F20220814%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20220814T225759Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEEQaCXVzLXdlc3QtMiJHMEUCIQDMllUMLMF8DikeMXngrQSWxYBLFXPClemQukyJNAQFWgIgCXChfH7KHPCQTwDh9urGbFqctcpCt58taeQiMTBrGQoq2wQIrf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARADGgwwMTM2MTkyNzQ4NDkiDMgzwrx0jSZTVSAT0yqvBAlyYwactaFHApkM18zFIlyCMmqqx4BRhCO5ytOaF2gyg%2F%2BQ3UNhl2yy2EvrVaPjR%2F8GzvX%2Fcuqbd1SamqKxnuVlMEkjITDlLds1AYieXMbwipykvhzPf9Gig0P%2FcVoeSN2pljtBzW%2BNBf6uz8m8aLQSxgDNPk2ZzhArCCSquON8C0%2Fg7YUgYHT8hIEJkvV%2FvQKE0qqnr%2B%2FItrNwL0UrtnfEosA%2BTsHBH3CelcbTdZETYFLAWAIcDpnQTmx1%2FZRdwV41vZXTBF13X9ETdBSnfNqQO%2BMwIaC%2BPRn9pnVse89WVvlaIcj3xj5o3lq6E59pUp6CPgDmS%2F71QXtDG6oeaLaxf%2FHkwmYwPsAmsjb2nmRwVL9VFtraEi8Ivze5qzLfyXcAzU%2BYCDe3K1p9lZX%2BndH435gHkjQ2SvUuZjoYMVxVRpMPmf5DoyR1s2SQdcoYbz74QzgTFt%2F7jH7gPxbiYXvuouy22NZybNolRxnuykMwy2dQdJMmqoBO%2B19ISrllV8nfy1kn25YEz4riGAxv1Etm%2FJQnrcpIIIlDwuVXqIQZoEAsXhccRQbH1xMoZyF4RTzYGK3jBcbs%2BbwUKmegY4wDx90ptGl9fKgKCKQ7Z04q5122oLw9KK%2BDHyt92T1M3yuAFrwBno3qfQpJ00WaJXqmxT1zxrjuW%2Fsp8wCUunKrdXOqREebnmVlUAiyeW4GzmummlWY8tq4uSeHeeM0t3EzZsFpsdmG%2FTn%2FI3Xy9sQwna7llwY6qQEXFGXImPWpo56lLwBECEyUW%2BIKxF9%2BAZFW6hO6w95dflTUxmJ42%2Fbiz0I9TFclRsPe%2B4b4m1us%2FUs89mT%2F9zknxv9t2Atdg5uEJdnanhCUDi58W7PKgpRIX7gErA0jteIn80M6af2PjljYr7DDUOyOEnJQkNVLH%2BSRGwZCAUSFghUa%2FGYiQbNwzVpK5MXa2gneH5ojmwirorSdLXFg6uysJpS%2B5iiRZ%2FQU&X-Amz-SignedHeaders=host&X-Amz-Signature=98e116e74772dee376b3feac78e60b36f1474dcf2f6101b491a1e4ed7459c2f1
Title: NextcloudDMARC.png

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

52 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 793532 Show response
hackerone.com/reports/ 4 KB
3 KB 384ms
267ms Document
text/html 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/reports/793532

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0e987468d82fcca8c058d10924b7baebdf23a7693c4d22e39775027910dfc05

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu 'nonce-UP+tE58xgOO+QNmEtAOp4hMtFn/cmYqWYNeQE8ZNR8M=' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
cf-cache-status: DYNAMIC
cf-ray: 73ad4ae25ec29bfa-FRA
content-disposition: inline; filename="response.html"
content-encoding: br
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu 'nonce-UP+tE58xgOO+QNmEtAOp4hMtFn/cmYqWYNeQE8ZNR8M=' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
content-type: text/html; charset=utf-8
date: Sun, 14 Aug 2022 22:57:58 GMT
etag: W/"a0e987468d82fcca8c058d10924b7bae"
expect-ct: enforce, max-age=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: DENY
x-permitted-cross-domain-policies: none
x-request-id: edcf1c9d-05c0-44d8-97ab-c31d2fd1e572
x-xss-protection: 1; mode=block

GET
H2 200 main.c66d4f8f.css
hackerone.com/assets/static/css/ 647 KB
115 KB 37ms
35ms Stylesheet
text/css 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/css/main.c66d4f8f.css

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/793532

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48ce383ce8e2a06d480bd1dfc540e497013bd16ce41cf6c8e96c5200d1c29bc4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 217266
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 12 Aug 2022 10:35:58 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae408689bfa-FRA
expires: Wed, 14 Sep 2022 22:57:58 GMT

GET
H2 200 vendor-15ee4573575dd8e19a3cc51d9b1aae0c754012e126a9a69ccde702fe2f9d7f4b.css
hackerone.com/assets/ 10 KB
1 KB 37ms
36ms Stylesheet
text/css 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/vendor-15ee4573575dd8e19a3cc51d9b1aae0c754012e126a9a69ccde702fe2f9d7f4b.css

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/793532

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15ee4573575dd8e19a3cc51d9b1aae0c754012e126a9a69ccde702fe2f9d7f4b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213076
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 05 Jul 2022 21:46:21 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae408699bfa-FRA
expires: Wed, 14 Sep 2022 22:57:58 GMT

GET
H2 200 constants-d23b92279df473b55c1ec04f1d5bf59b2bb2c9da4656881ad81b5155792427ec.js Show response
hackerone.com/assets/ 57 KB
20 KB 37ms
36ms Script
application/javascript 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/constants-d23b92279df473b55c1ec04f1d5bf59b2bb2c9da4656881ad81b5155792427ec.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/793532

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d23b92279df473b55c1ec04f1d5bf59b2bb2c9da4656881ad81b5155792427ec

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 182790
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 12 Aug 2022 19:26:30 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/javascript
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae4086a9bfa-FRA
expires: Wed, 14 Sep 2022 22:57:58 GMT

GET
H2 200 main.7078ac6d.js Show response
hackerone.com/assets/static/js/ 5 MB
1 MB 32ms
32ms Script
application/javascript 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/js/main.7078ac6d.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/793532

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de01919a7bdc4f6920e72f5eed60ea269df8b01a80b4e7d1691e852d69bd766e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 182790
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 12 Aug 2022 20:10:27 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/javascript
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae4086b9bfa-FRA
expires: Wed, 14 Sep 2022 22:57:58 GMT

GET
H2 200 application-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.js Show response
hackerone.com/assets/ 0
966 B 33ms
32ms Script
application/javascript 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/application-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/793532

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213076
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 28 Jul 2022 10:34:16 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/javascript
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae4086c9bfa-FRA
expires: Wed, 14 Sep 2022 22:57:58 GMT

POST
H2 200 /
errors.hackerone.net/api/30/security/ 0
574 B 258ms
192ms Other
text/plain 2606:4700::6811:ea35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/793532

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ea35 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; block-all-mixed-content; form-action 'none'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/34/csp-report/?sentry_key=959b5f6ed24d477c928e8dd455cc5071
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sun, 14 Aug 2022 22:57:58 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
vary: Origin
content-length: 0
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: https://hackerone.com
access-control-expose-headers: x-sentry-error, retry-after, x-sentry-rate-limits
content-security-policy: default-src 'none'; block-all-mixed-content; form-action 'none'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/34/csp-report/?sentry_key=959b5f6ed24d477c928e8dd455cc5071
cf-ray: 73ad4ae47fd99be6-FRA

GET
H2 200 gates Show response
hackerone.com/ 2 B
2 KB 212ms
211ms XHR
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/gates

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://hackerone.com/reports/793532
X-CSRF-Token: migWguunuUq1MHbytl1GMOxzILj46oaXrQao329xlfuiJjkkbM1N/DUKa8JFzmXwo9kmxrxPgygsS1PlFWqB9g==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
X-Requested-With: XMLHttpRequest

Response headers

date: Sun, 14 Aug 2022 22:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response.json"
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: 01e2b1f5-9cd3-4993-acc1-8f428469c2a9
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"44136fa355b3678a1146ad16f7e8649e"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae5ea119bfa-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 66ms
18ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 6959
date: Sun, 14 Aug 2022 21:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sun, 14 Aug 2022 23:02:00 GMT

GET
H2 200 current_user Show response
hackerone.com/ 151 B
2 KB 208ms
207ms XHR
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/current_user

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ea7c202fd7d1281d31f13d2ecc4ca4c90d2f75463957c609c7aebb04f1305f9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://hackerone.com/reports/793532
X-CSRF-Token: migWguunuUq1MHbytl1GMOxzILj46oaXrQao329xlfuiJjkkbM1N/DUKa8JFzmXwo9kmxrxPgygsS1PlFWqB9g==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
X-Requested-With: XMLHttpRequest

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response.json"
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: 29dad003-2fb6-48a0-8f0b-2ddb1f1bb41c
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"9ea7c202fd7d1281d31f13d2ecc4ca4c"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae95d819bfa-FRA

GET
H2 200 6335.1ea552c5.chunk.js Show response
hackerone.com/assets/static/js/ 548 B
1 KB 30ms
30ms Script
application/javascript 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/js/6335.1ea552c5.chunk.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13b1254e99cedf4e761a0b26fb9e0feca98be5f7742afb9cb599be4d027baf3f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1669198
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 26 Jul 2022 15:14:47 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/javascript
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae96d959bfa-FRA
expires: Wed, 14 Sep 2022 22:57:59 GMT

GET
H2 200 1149.56700bca.chunk.js Show response
hackerone.com/assets/static/js/ 9 KB
2 KB 31ms
31ms Script
application/javascript 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/js/1149.56700bca.chunk.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a21f408a8b298675870fd3d89b22824759a5904f6c0e44712095d674a7cf3c10

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1669276
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 26 Jul 2022 15:14:45 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/javascript
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae97d979bfa-FRA
expires: Wed, 14 Sep 2022 22:57:59 GMT

POST
H2 200 graphql Show response
hackerone.com/ 20 B
862 B 214ms
213ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88ecf92326f1ff8da3d81eb38e1a84528de5661b7ec30b895ba82c43118380af

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept: */*
Referer: https://hackerone.com/reports/793532
x-csrf-token: migWguunuUq1MHbytl1GMOxzILj46oaXrQao329xlfuiJjkkbM1N/DUKa8JFzmXwo9kmxrxPgygsS1PlFWqB9g==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type: application/json

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: 6ca615bb-092c-4ace-b955-88edcfe0c292
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"88ecf92326f1ff8da3d81eb38e1a8452"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae98db79bfa-FRA

POST
H2 200 graphql Show response
hackerone.com/ 20 B
610 B 226ms
225ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88ecf92326f1ff8da3d81eb38e1a84528de5661b7ec30b895ba82c43118380af

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept: */*
Referer: https://hackerone.com/reports/793532
x-csrf-token: migWguunuUq1MHbytl1GMOxzILj46oaXrQao329xlfuiJjkkbM1N/DUKa8JFzmXwo9kmxrxPgygsS1PlFWqB9g==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type: application/json

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: 4b8fdbb9-4898-4673-bf66-32ec8637f48d
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"88ecf92326f1ff8da3d81eb38e1a8452"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae98db99bfa-FRA

POST
H2 200 graphql Show response
hackerone.com/ 148 B
762 B 724ms
723ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15a2eae8251ba9c9f0c210ebdef1314afc4033b4ac6ae864228ef7ce473c9d6c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept: */*
Referer: https://hackerone.com/reports/793532
x-csrf-token: migWguunuUq1MHbytl1GMOxzILj46oaXrQao329xlfuiJjkkbM1N/DUKa8JFzmXwo9kmxrxPgygsS1PlFWqB9g==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type: application/json

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: 7cbea3c2-18de-4fe3-a0e7-52eb466b92c1
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"15a2eae8251ba9c9f0c210ebdef1314a"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae98dbc9bfa-FRA

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 21:59:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3499
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 14 Aug 2022 22:59:40 GMT

GET 793532.json
hackerone.com/reports/ 0
0

POST
H2 200 graphql Show response
hackerone.com/ 9 KB
3 KB 253ms
252ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a4677949f78f8899f00d9f3e78b1e3be2438f9dae6f31bcefae2879131104cb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept: */*
Referer: https://hackerone.com/reports/793532
x-csrf-token: migWguunuUq1MHbytl1GMOxzILj46oaXrQao329xlfuiJjkkbM1N/DUKa8JFzmXwo9kmxrxPgygsS1PlFWqB9g==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type: application/json

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: 998b045a-868e-4707-9f6b-9ee3be7a26e4
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"8a4677949f78f8899f00d9f3e78b1e3b"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae9bdf69bfa-FRA

POST
H2 200 graphql Show response
hackerone.com/ 688 B
2 KB 762ms
762ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e07d221678f1e533fa6be6b84c04a56ea1a3e2e0683baf46626c0f4352674c1e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept: */*
Referer: https://hackerone.com/reports/793532
x-csrf-token: migWguunuUq1MHbytl1GMOxzILj46oaXrQao329xlfuiJjkkbM1N/DUKa8JFzmXwo9kmxrxPgygsS1PlFWqB9g==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type: application/json

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: 5342bb67-e839-493b-b094-0bbc9245e2ee
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"e07d221678f1e533fa6be6b84c04a56e"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae9bdf79bfa-FRA

POST
H2 200 graphql Show response
hackerone.com/ 385 B
1 KB 805ms
804ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ea4b6bc3ac92433e2f081643a1f849e19851099d8394d97b9ebd30d14fe3402

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept: */*
Referer: https://hackerone.com/reports/793532
x-csrf-token: migWguunuUq1MHbytl1GMOxzILj46oaXrQao329xlfuiJjkkbM1N/DUKa8JFzmXwo9kmxrxPgygsS1PlFWqB9g==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type: application/json

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: 57eb6a39-8f3a-431e-b18e-c6860f1abc00
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"4ea4b6bc3ac92433e2f081643a1f849e"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae9bdf89bfa-FRA

POST
H2 200 graphql Show response
hackerone.com/ 20 B
645 B 300ms
299ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88ecf92326f1ff8da3d81eb38e1a84528de5661b7ec30b895ba82c43118380af

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept: */*
Referer: https://hackerone.com/reports/793532
x-csrf-token: migWguunuUq1MHbytl1GMOxzILj46oaXrQao329xlfuiJjkkbM1N/DUKa8JFzmXwo9kmxrxPgygsS1PlFWqB9g==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type: application/json

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: e53147b3-6885-4bae-8bf5-cbdfeb730855
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"88ecf92326f1ff8da3d81eb38e1a8452"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4ae9ce049bfa-FRA

POST
H2 200 collect Show response
www.google-analytics.com/ 35 B
239 B 25ms
25ms XHR
image/gif 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/collect

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://hackerone.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 14 Aug 2022 22:57:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: https://hackerone.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 chevron-left.a035abc1dda32a1b506721df22dadee4.svg Show response
hackerone.com/assets/static/media/ 161 B
955 B 32ms
32ms XHR
image/svg+xml 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/chevron-left.a035abc1dda32a1b506721df22dadee4.svg

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66a1750b4eaba9bc9006423272119330f9391be376bbf1dbc8c57e3ca0ad8cc6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213076
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 29 Jul 2022 14:10:57 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: image/svg+xml
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aeabf149bfa-FRA
expires: Wed, 14 Sep 2022 22:57:59 GMT

GET
DATA 200
OK truncated
/ 161 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77a39b17916dc620e07d86cc1fef024e93f607ca39e4a2ee957755648c5ee80c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 Poppins-SemiBold.cce5625b56ec678e4202.ttf
hackerone.com/assets/static/media/ 152 KB
152 KB 36ms
35ms Font
application/octet-stream 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/Poppins-SemiBold.cce5625b56ec678e4202.ttf

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.c66d4f8f.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf9c1ff640acc8bb5441a9b564360943f9db90969742aa33a36329b2828d2759

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/css/main.c66d4f8f.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213076
vary: Accept-Encoding
content-length: 155192
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 29 Jul 2022 14:10:56 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/octet-stream
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
accept-ranges: bytes
cf-ray: 73ad4aeacf249bfa-FRA
expires: Wed, 14 Sep 2022 22:57:59 GMT

GET
H2 200 Poppins-Regular.8081832fc5cfbf634aa6.ttf
hackerone.com/assets/static/media/ 154 KB
155 KB 29ms
28ms Font
application/octet-stream 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/Poppins-Regular.8081832fc5cfbf634aa6.ttf

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.c66d4f8f.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/css/main.c66d4f8f.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213076
vary: Accept-Encoding
content-length: 158192
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 29 Jul 2022 14:10:57 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/octet-stream
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
accept-ranges: bytes
cf-ray: 73ad4aeacf259bfa-FRA
expires: Wed, 14 Sep 2022 22:57:59 GMT

GET
H2 200 UbuntuMono-Bold.e7cc8f5c505bc1717762.ttf
hackerone.com/assets/static/media/ 170 KB
170 KB 33ms
33ms Font
application/octet-stream 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/UbuntuMono-Bold.e7cc8f5c505bc1717762.ttf

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.c66d4f8f.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1febee51defc0145669117eae46e891ca4e3e4b9836cfe494c822062d300fa2b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/css/main.c66d4f8f.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213076
vary: Accept-Encoding
content-length: 174008
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 29 Jul 2022 14:10:57 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/octet-stream
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
accept-ranges: bytes
cf-ray: 73ad4aeacf279bfa-FRA
expires: Wed, 14 Sep 2022 22:57:59 GMT

GET
H2 200 logo-white.32021b7f9d0cc11235a5f8fb15c91697.svg
hackerone.com/assets/static/media/ 6 KB
3 KB 33ms
32ms Image
image/svg+xml 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hackerone.com/assets/static/media/logo-white.32021b7f9d0cc11235a5f8fb15c91697.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d04d9b6203e0a41075d3283ef1ba7e4786bd6964d0b6006f6fbfad2aefbecb99

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213076
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 29 Jul 2022 14:10:57 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: image/svg+xml
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aeaff5a9bfa-FRA
expires: Wed, 14 Sep 2022 22:57:59 GMT

GET
H2 200 793532.json Show response
hackerone.com/reports/ 10 KB
5 KB 344ms
344ms XHR
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/reports/793532.json

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b4570df7c3fba097937fc9535930d2f34f9245d79a9c369d48047035e2154a2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://hackerone.com/reports/793532
X-CSRF-Token: aXR2H1qbDaCMyaYhzCruI07T++eQ0n4eBeNTYSmIoFpRelm53fH5FgzzuxE/uc3jAXn9mdR3e6GErqhbU5O0Vw==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
X-Requested-With: XMLHttpRequest

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response.json"
x-xss-protection: 1; mode=block
x-request-id: f5128d45-5c31-49ed-989a-30f12fe5698b
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"9b4570df7c3fba097937fc9535930d2f"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aeb8fdb9bfa-FRA

GET
H2 200 sidebar-expand.8715a037a403b68aea530265e6ba4dd9.svg Show response
hackerone.com/assets/static/media/ 304 B
1 KB 28ms
27ms XHR
image/svg+xml 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/sidebar-expand.8715a037a403b68aea530265e6ba4dd9.svg

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29184e7e7ab81e3a3a03b7878c141d52a2102e6c8fb28525037f97e3e4005ad0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213076
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 29 Jul 2022 14:10:56 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: image/svg+xml
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aeb8fe59bfa-FRA
expires: Wed, 14 Sep 2022 22:57:59 GMT

PATCH
H2 401 notifications Show response
hackerone.com/ 49 B
1 KB 207ms
207ms XHR
*/* 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/notifications

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9150fbd683b9c553d2881b9d1ea04168329e5a2cd999ce0ec99ee34b8eab678

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://hackerone.com/reports/793532
X-CSRF-Token: aXR2H1qbDaCMyaYhzCruI07T++eQ0n4eBeNTYSmIoFpRelm53fH5FgzzuxE/uc3jAXn9mdR3e6GErqhbU5O0Vw==
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-request-id: 6db4e5a2-27e0-4d2e-865b-a4eed29156d8
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: */*; charset=utf-8
cache-control: no-cache
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aedb9c59bfa-FRA

GET
H2 200 participants Show response
hackerone.com/reports/793532/ 2 KB
3 KB 287ms
287ms XHR
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/reports/793532/participants

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d00792d8c8ac523a0582703689d39bd422ea40f31e5c8a7ca031eb6e6a0fa7d1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://hackerone.com/reports/793532
X-CSRF-Token: aXR2H1qbDaCMyaYhzCruI07T++eQ0n4eBeNTYSmIoFpRelm53fH5FgzzuxE/uc3jAXn9mdR3e6GErqhbU5O0Vw==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
X-Requested-With: XMLHttpRequest

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response.json"
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: c5152b04-a91c-4c1d-b63f-96fbc70f4623
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"d00792d8c8ac523a0582703689d39bd4"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aedb9c99bfa-FRA

GET
H2 200 baseline_arrow_drop_up.5019adc68b4ed2e827b0ba9395f0f815.svg Show response
hackerone.com/assets/static/media/ 451 B
1 KB 38ms
38ms XHR
image/svg+xml 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/baseline_arrow_drop_up.5019adc68b4ed2e827b0ba9395f0f815.svg

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1858984bd0041e7013109298629cbba60b3ff6b12258cfd60572fbf77e713f84

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213076
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 29 Jul 2022 14:10:57 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: image/svg+xml
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aedda009bfa-FRA
expires: Wed, 14 Sep 2022 22:57:59 GMT

POST graphql
hackerone.com/ 0
0

POST
H2 200 graphql Show response
hackerone.com/ 310 B
819 B 351ms
351ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

905e81883cd202cbad6838a8227aab7562b3f3fd5666bbfc0c4810f90101af16

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept: */*
Referer: https://hackerone.com/reports/793532
x-csrf-token: aXR2H1qbDaCMyaYhzCruI07T++eQ0n4eBeNTYSmIoFpRelm53fH5FgzzuxE/uc3jAXn9mdR3e6GErqhbU5O0Vw==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type: application/json

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: 5ec210f6-dd5e-4ebf-9fb4-94c734f27106
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"905e81883cd202cbad6838a8227aab75"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aedea089bfa-FRA

POST
H2 200 graphql Show response
hackerone.com/ 739 B
2 KB 336ms
336ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94286e60cab2bdf6057f75d737c16b5fa4479c081365107c137293ee86027f7a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept: */*
Referer: https://hackerone.com/reports/793532
x-csrf-token: aXR2H1qbDaCMyaYhzCruI07T++eQ0n4eBeNTYSmIoFpRelm53fH5FgzzuxE/uc3jAXn9mdR3e6GErqhbU5O0Vw==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type: application/json

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: 3a2e0750-5c22-4d3f-a152-104c7c0124d2
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"94286e60cab2bdf6057f75d737c16b5f"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aedea099bfa-FRA

GET
H2 200 effra-regular.58638933bea19af32939.woff
hackerone.com/assets/static/media/ 26 KB
26 KB 29ms
28ms Font
application/font-woff 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/effra-regular.58638933bea19af32939.woff

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.c66d4f8f.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

447f89ebd0d856515058930185bfe0eb54716368f39d2be50bde10bb296e8e89

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/css/main.c66d4f8f.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213076
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 29 Jul 2022 14:10:56 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/font-woff
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aedfa0e9bfa-FRA
expires: Wed, 14 Sep 2022 22:57:59 GMT

GET
H2 200 hackerone.28988fd0c3628ca2df69.ttf
hackerone.com/assets/static/media/ 10 KB
10 KB 32ms
31ms Font
application/octet-stream 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/hackerone.28988fd0c3628ca2df69.ttf

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.c66d4f8f.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac29c7c90220cf0e4ac4bcf95ffb5249c9d075ac3c97e2e29f80926ff400863b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/css/main.c66d4f8f.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213077
vary: Accept-Encoding
content-length: 10596
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 29 Jul 2022 14:10:56 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/octet-stream
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
accept-ranges: bytes
cf-ray: 73ad4aedfa109bfa-FRA
expires: Wed, 14 Sep 2022 22:58:00 GMT

GET
H2 200 effra-medium.21ad2cc3831b535ed009.woff
hackerone.com/assets/static/media/ 24 KB
24 KB 30ms
30ms Font
application/font-woff 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/effra-medium.21ad2cc3831b535ed009.woff

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.c66d4f8f.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93102c54e14f85b42e97b24077e6cd2fc83d9be4b7a659bece4568d7af47863c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/css/main.c66d4f8f.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213075
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 29 Jul 2022 14:10:57 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/font-woff
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aedfa129bfa-FRA
expires: Wed, 14 Sep 2022 22:58:00 GMT

GET
H2 200 edit.0d86487cdb411dca795307bacf71c61d.svg Show response
hackerone.com/assets/static/media/ 276 B
266 B 35ms
35ms XHR
image/svg+xml 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/edit.0d86487cdb411dca795307bacf71c61d.svg

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f5ab1c0873416012a02bf62b119978c922dcec241b60eeeda727559e536b7dd

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213077
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 29 Jul 2022 14:10:57 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: image/svg+xml
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aeefb309bfa-FRA
expires: Wed, 14 Sep 2022 22:58:00 GMT

GET
H2 200 plus-light.8c4f2f9e022ea6e2b184bd898aab3cab.svg Show response
hackerone.com/assets/static/media/ 251 B
1002 B 28ms
28ms XHR
image/svg+xml 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/plus-light.8c4f2f9e022ea6e2b184bd898aab3cab.svg

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abf812db4242d3e4f93c1de48dfa58dec2fc39b9611ccf8ac34549ff78f89856

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213077
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 29 Jul 2022 14:10:57 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: image/svg+xml
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aeefb329bfa-FRA
expires: Wed, 14 Sep 2022 22:58:00 GMT

POST
H2 200 graphql Show response
hackerone.com/ 9 KB
2 KB 344ms
344ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7bc42013e0cdb0469453550c5c1f5355e060c760830d6bc9f86e0e1b90177de0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept: */*
Referer: https://hackerone.com/reports/793532
x-csrf-token: aXR2H1qbDaCMyaYhzCruI07T++eQ0n4eBeNTYSmIoFpRelm53fH5FgzzuxE/uc3jAXn9mdR3e6GErqhbU5O0Vw==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type: application/json

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: d666dc9e-e69e-444b-8543-c9be37588ab0
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"7bc42013e0cdb0469453550c5c1f5355"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aef1b549bfa-FRA

POST
H2 200 graphql Show response
hackerone.com/ 3 KB
2 KB 713ms
713ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e0e22f9a43cd8782d59dbfca37fe5fe0e731d8ddba230f8c2e79be2f30ae51e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept: */*
Referer: https://hackerone.com/reports/793532
x-csrf-token: aXR2H1qbDaCMyaYhzCruI07T++eQ0n4eBeNTYSmIoFpRelm53fH5FgzzuxE/uc3jAXn9mdR3e6GErqhbU5O0Vw==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type: application/json

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: 705ce7d3-f4e5-47c5-a6be-9a0244e99b22
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"5e0e22f9a43cd8782d59dbfca37fe5fe"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aef2b5a9bfa-FRA

GET
H2 200 default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png
hackerone.com/assets/avatars/ 5 KB
5 KB 36ms
35ms Image
image/png 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hackerone.com/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213601
cf-polished: status=not_needed
vary: Accept-Encoding
content-length: 4711
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Jul 2022 00:52:36 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: image/png
expires: Wed, 14 Sep 2022 22:58:00 GMT
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
accept-ranges: bytes
cf-ray: 73ad4aef9be89bfa-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 cfb5ce879980903632ec207d964e3dec5a51b239937fc4ae085dd0486900150e
profile-photos.hackerone-user-content.com/variants/5DBbeB7om4ZiKgskrEoeTyGH/ 15 KB
15 KB 132ms
35ms Image
image/png 2600:9000:2057:1c00:4:4c7d:87c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://profile-photos.hackerone-user-content.com/variants/5DBbeB7om4ZiKgskrEoeTyGH/cfb5ce879980903632ec207d964e3dec5a51b239937fc4ae085dd0486900150e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:4:4c7d:87c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44b00b7720ad5430bef12c902738300703ba4bd9670a36230cd7406d219dba68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: GSspR4lW0MSZb.zpxlZTOHsBeRjGet5L
via: 1.1 7ed7afde326861e358c3c83359e99894.cloudfront.net (CloudFront)
etag: "492d92a43feda5d3d72d82afac4c8bff"
age: 511
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 15086
last-modified: Mon, 14 Feb 2022 10:55:32 GMT
server: AmazonS3
date: Sun, 14 Aug 2022 22:49:30 GMT
vary: Accept-Encoding
content-type: image/png
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: VQKadAXS94sCBaKP-KWPWJBp7yjXXT8l4IOTqiLhl92ezhGvRvV2eg==

GET
H2 200 09a7bad8220ce67519b06131f3ddde29b10260323d6b0807903677b262febb88
profile-photos.hackerone-user-content.com/variants/000/085/490/36610443c8b0c3299ac448e346f39fad337e790b_original.jpg/ 1 KB
2 KB 132ms
36ms Image
image/jpeg 2600:9000:2057:1c00:4:4c7d:87c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://profile-photos.hackerone-user-content.com/variants/000/085/490/36610443c8b0c3299ac448e346f39fad337e790b_original.jpg/09a7bad8220ce67519b06131f3ddde29b10260323d6b0807903677b262febb88
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:4:4c7d:87c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 54f9ad37b10cc252c879b9d7195945c2ccbf1d6a239356d3546b9d990a31aaa5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: MxpzacajUtrbL7BdMF_xvvt6.PsoRAxV
via: 1.1 7ed7afde326861e358c3c83359e99894.cloudfront.net (CloudFront)
etag: "86549fa1ddbadcd86ef320f420487a12"
age: 5
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 1465
last-modified: Mon, 14 Feb 2022 10:59:30 GMT
server: AmazonS3
date: Sun, 14 Aug 2022 22:57:56 GMT
vary: Accept-Encoding
content-type: image/jpeg
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: EUywGvo6oKFr9uzU77EFMgwBQLxiftX5OmD3jfFA9_GK3gRk8jUUjg==

POST
H2 200 events Show response
hackerone.com/ 32 B
2 KB 214ms
213ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/events

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

815b69b828e2756ab81ee652d5a7179399f5f845ee5cf662a68257020e5764c3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://hackerone.com/reports/793532
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: 6a5f3d3a-9856-4038-acb4-1b9cbfc314e5
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"815b69b828e2756ab81ee652d5a71793"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4aef9be99bfa-FRA

GET
H2 200 default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png
hackerone.com/assets/avatars/ 5 KB
6 KB 32ms
31ms Image
image/png 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hackerone.com/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213601
cf-polished: status=not_needed
vary: Accept-Encoding
content-length: 4711
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Jul 2022 00:52:36 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: image/png
expires: Wed, 14 Sep 2022 22:58:00 GMT
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
accept-ranges: bytes
cf-ray: 73ad4af03caa9bfa-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 more_vert-24px.5836aa97c64814de21ea46543b347aa4.svg Show response
hackerone.com/assets/static/media/ 283 B
330 B 32ms
31ms XHR
image/svg+xml 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/media/more_vert-24px.5836aa97c64814de21ea46543b347aa4.svg

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f59e208f5babcf58c07505356ca1f109a9e1972e839b991dff19f709a28eeba

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213073
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 29 Jul 2022 14:10:56 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: image/svg+xml
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4af06cd39bfa-FRA
expires: Wed, 14 Sep 2022 22:58:00 GMT

POST
H2 200 graphql Show response
hackerone.com/ 325 B
2 KB 280ms
280ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

613ad81ea44926584f41595c31b043020ae714ad14127f529f40147aa2f8c3b4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept: */*
Referer: https://hackerone.com/reports/793532
x-csrf-token: aXR2H1qbDaCMyaYhzCruI07T++eQ0n4eBeNTYSmIoFpRelm53fH5FgzzuxE/uc3jAXn9mdR3e6GErqhbU5O0Vw==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type: application/json

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: 93561c72-3138-4369-bad3-5c1e4869d1cb
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"613ad81ea44926584f41595c31b04302"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4af06cd89bfa-FRA

POST
H2 200 graphql Show response
hackerone.com/ 30 KB
5 KB 996ms
996ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e997be7db7da8d78bc6f00a509be610f7774874c5dcc01f39e9ec30c8a4bd859

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept: */*
Referer: https://hackerone.com/reports/793532
x-csrf-token: aXR2H1qbDaCMyaYhzCruI07T++eQ0n4eBeNTYSmIoFpRelm53fH5FgzzuxE/uc3jAXn9mdR3e6GErqhbU5O0Vw==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type: application/json

Response headers

date: Sun, 14 Aug 2022 22:58:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: b2bfd7c7-f777-4817-b5c2-b0a985a8c851
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"e997be7db7da8d78bc6f00a509be610f"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4af07cdc9bfa-FRA

GET
H2 200 default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png
hackerone.com/assets/avatars/ 5 KB
5 KB 30ms
30ms Image
image/png 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hackerone.com/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/793532
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 22:58:00 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1213601
cf-polished: status=not_needed
vary: Accept-Encoding
content-length: 4711
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Jul 2022 00:52:36 GMT
server: cloudflare
x-frame-options: DENY
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: image/png
expires: Wed, 14 Sep 2022 22:58:00 GMT
cache-control: public, max-age=2678400
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com errors.hackerone.net api.amplitude.com *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com cdn.amplitude.com; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
accept-ranges: bytes
cf-ray: 73ad4af3bff99bfa-FRA
cf-bgj: imgq:100,h2pri

POST
H2 200 events Show response
hackerone.com/ 32 B
871 B 232ms
231ms Fetch
application/json 2606:4700::6810:6434
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/events

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.7078ac6d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6434 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4751646586d363200e083435198e1aabb8b590c03089e5614c4d9096d18edc9d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://hackerone.com/reports/793532
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 14 Aug 2022 22:58:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-disposition: inline; filename="response."
vary: Accept
x-xss-protection: 1; mode=block
x-request-id: 69e25f76-1cce-44d3-85f4-7ec76983261d
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
etag: W/"4751646586d363200e083435198e1aab"
expect-ct: enforce, max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-ray: 73ad4af75bab9bfa-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hackerone.com
URL: https://hackerone.com/reports/793532.json

Domain: hackerone.com
URL: https://hackerone.com/graphql

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
hackerone.com/	1970-01-20 14:00:53	Name: h1_device_id Value: b0a8c4db-d753-431f-adcf-97f42d02acbe
hackerone.com/	1970-01-20 05:15:18	Name: _dd_s Value: rum=0&expire=1660518779164
.hackerone.com/	1970-01-20 14:51:17	Name: _ga Value: GA1.2.1505132559.1660517879
.hackerone.com/	1970-01-20 05:16:44	Name: _gid Value: GA1.2.1712941903.1660517879
.hackerone.com/	1970-01-20 14:00:53	Name: AMP_MKTG_b7cba2c14c Value: JTdCJTdE
.hackerone.com/	1970-01-20 14:00:53	Name: AMP_b7cba2c14c Value: JTdCJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJkZXZpY2VJZCUyMiUzQSUyMjljY2MzNmZiLWMwOTktNDhmNy04NTk2LWFmYjlkNWMzNGMzNyUyMiUyQyUyMmxhc3RFdmVudFRpbWUlMjIlM0ExNjYwNTE3ODgwNDg0JTJDJTIyc2Vzc2lvbklkJTIyJTNBMTY2MDUxNzg3OTE3NyUyQyUyMnVzZXJJZCUyMiUzQW51bGwlN0Q=
hackerone.com/	1970-01-20 05:35:27	Name: __Host-session Value: TEo4OFdIRVV6NmJBbklRQ0hmamg5cGF3ek1BblRBNE03VmRyR0R1TGs0SGl0cXVubkNsa0sxM3RrVmtLWGdRditRTDZyRXNYb2h5SThzK1hOTDRFaytuYTJXWjIxZmdXU3FuM1ZJdS9VREdCMnV3cktlalI1Q0JGVVd3bWFyZGZXelJYa054U011dVdsMFQvK3Z0NG5LaGxudUp2cEJDRUdxVVFZcVFMazNYdFgxK2RXKzJEUFJTVUt1Mi8zU0x0S3d4RTRDSVZSazA4N3h6MXg0bWIrZTE2cVBTNThvZ2ViaFBibUgzVzJNR2orazBMc1p1NGhsZTFBOHE1cG51UDZvYkRUVzVjTVVuSHZMM0JSQjdWeGZ5bTZRbHpuRzYxMVNLbm5YaG1zaGxvbTNxajU4c2xMSkV6OVc5RHd5azdyVnB5cU9JSFYyL3FvREpXdFZramxRPT0tLVlIOWpUb0w5ZEkwVFNaZ0YyQUZYM2c9PQ%3D%3D--2ce4f90d4c1c3d22962e37ff5a35a84152de1887

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://hackerone.com/notifications Message: Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' www.google-analytics.com errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' www.google-analytics.com js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu 'nonce-UP+tE58xgOO+QNmEtAOp4hMtFn/cmYqWYNeQE8ZNR8M=' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

errors.hackerone.net
hackerone.com
profile-photos.hackerone-user-content.com
www.google-analytics.com
hackerone.com
2600:9000:2057:1c00:4:4c7d:87c0:93a1
2606:4700::6810:6434
2606:4700::6811:ea35
2a00:1450:4001:800::200e
13b1254e99cedf4e761a0b26fb9e0feca98be5f7742afb9cb599be4d027baf3f
15a2eae8251ba9c9f0c210ebdef1314afc4033b4ac6ae864228ef7ce473c9d6c
15ee4573575dd8e19a3cc51d9b1aae0c754012e126a9a69ccde702fe2f9d7f4b
1858984bd0041e7013109298629cbba60b3ff6b12258cfd60572fbf77e713f84
1febee51defc0145669117eae46e891ca4e3e4b9836cfe494c822062d300fa2b
29184e7e7ab81e3a3a03b7878c141d52a2102e6c8fb28525037f97e3e4005ad0
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
447f89ebd0d856515058930185bfe0eb54716368f39d2be50bde10bb296e8e89
44b00b7720ad5430bef12c902738300703ba4bd9670a36230cd7406d219dba68
4751646586d363200e083435198e1aabb8b590c03089e5614c4d9096d18edc9d
48ce383ce8e2a06d480bd1dfc540e497013bd16ce41cf6c8e96c5200d1c29bc4
4ea4b6bc3ac92433e2f081643a1f849e19851099d8394d97b9ebd30d14fe3402
4f59e208f5babcf58c07505356ca1f109a9e1972e839b991dff19f709a28eeba
54f9ad37b10cc252c879b9d7195945c2ccbf1d6a239356d3546b9d990a31aaa5
5e0e22f9a43cd8782d59dbfca37fe5fe0e731d8ddba230f8c2e79be2f30ae51e
613ad81ea44926584f41595c31b043020ae714ad14127f529f40147aa2f8c3b4
66a1750b4eaba9bc9006423272119330f9391be376bbf1dbc8c57e3ca0ad8cc6
71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918
77a39b17916dc620e07d86cc1fef024e93f607ca39e4a2ee957755648c5ee80c
78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527
7bc42013e0cdb0469453550c5c1f5355e060c760830d6bc9f86e0e1b90177de0
7f5ab1c0873416012a02bf62b119978c922dcec241b60eeeda727559e536b7dd
815b69b828e2756ab81ee652d5a7179399f5f845ee5cf662a68257020e5764c3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88ecf92326f1ff8da3d81eb38e1a84528de5661b7ec30b895ba82c43118380af
8a4677949f78f8899f00d9f3e78b1e3be2438f9dae6f31bcefae2879131104cb
905e81883cd202cbad6838a8227aab7562b3f3fd5666bbfc0c4810f90101af16
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93102c54e14f85b42e97b24077e6cd2fc83d9be4b7a659bece4568d7af47863c
94286e60cab2bdf6057f75d737c16b5fa4479c081365107c137293ee86027f7a
9b4570df7c3fba097937fc9535930d2f34f9245d79a9c369d48047035e2154a2
9ea7c202fd7d1281d31f13d2ecc4ca4c90d2f75463957c609c7aebb04f1305f9
a0e987468d82fcca8c058d10924b7baebdf23a7693c4d22e39775027910dfc05
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a21f408a8b298675870fd3d89b22824759a5904f6c0e44712095d674a7cf3c10
a9150fbd683b9c553d2881b9d1ea04168329e5a2cd999ce0ec99ee34b8eab678
abf812db4242d3e4f93c1de48dfa58dec2fc39b9611ccf8ac34549ff78f89856
ac29c7c90220cf0e4ac4bcf95ffb5249c9d075ac3c97e2e29f80926ff400863b
bf9c1ff640acc8bb5441a9b564360943f9db90969742aa33a36329b2828d2759
d00792d8c8ac523a0582703689d39bd422ea40f31e5c8a7ca031eb6e6a0fa7d1
d04d9b6203e0a41075d3283ef1ba7e4786bd6964d0b6006f6fbfad2aefbecb99
d23b92279df473b55c1ec04f1d5bf59b2bb2c9da4656881ad81b5155792427ec
de01919a7bdc4f6920e72f5eed60ea269df8b01a80b4e7d1691e852d69bd766e
e07d221678f1e533fa6be6b84c04a56ea1a3e2e0683baf46626c0f4352674c1e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e997be7db7da8d78bc6f00a509be610f7774874c5dcc01f39e9ec30c8a4bd859

hackerone.com Open in urlscan Pro 2606:4700::6810:6434 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

52 Requests

96 %HTTPS

100 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

2123 kBTransfer

6094 kBSize

7 Cookies

43 Outgoing links

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

hackerone.com Open in urlscan Pro
2606:4700::6810:6434 Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

96 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

2123 kB
Transfer

6094 kB
Size

7
Cookies

52 HTTP transactions
1 data transactions