urlscan.io logo urlscan.io
SecurityTrails logo

account.brighthr.com Open in urlscan Pro
2606:4700:20::ac43:48b5  Public Scan

Go To Rescan Add Verdict Report
URL: https://account.brighthr.com/invite/c2d72dd5-5810-4c18-9d81-7ce7092a1162/
Submission: On May 14 via manual from PH — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 7 domains to perform 20 HTTP transactions. The main IP is 2606:4700:20::ac43:48b5, located in United States and belongs to CLOUDFLARENET, US. The main domain is account.brighthr.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 14th 2024. Valid for: a year.
This is the only time account.brighthr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

5    2606:4700:20::ac43:48b5 (United States)

ASN13335 (CLOUDFLARENET, US)
account.brighthr.com
1    2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
1    2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
api.brighthr.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    142.250.74.206 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f14.1e100.net
www.google-analytics.com
1    148.113.163.172 (Canada)

ASN16276 (OVH, FR)
PTR: prd-usage-5.tjsint.net
usage.trackjs.com
2    2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)
cloudflareinsights.com
1    2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
7 brighthr.com
account.brighthr.com
api.brighthr.com — Cisco Umbrella Rank: 148446
413 KB
5 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
region1.google-analytics.com — Cisco Umbrella Rank: 2533
21 KB
3 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 804
cloudflareinsights.com — Cisco Umbrella Rank: 791
7 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
173 KB
1 gstatic.com
fonts.gstatic.com
32 KB
1 trackjs.com
usage.trackjs.com — Cisco Umbrella Rank: 3072
229 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
811 B
20 7
Domain Requested by
5 account.brighthr.com account.brighthr.com
4 www.google-analytics.com account.brighthr.com
www.googletagmanager.com
2 cloudflareinsights.com account.brighthr.com
2 api.brighthr.com account.brighthr.com
2 www.googletagmanager.com account.brighthr.com
www.googletagmanager.com
1 fonts.gstatic.com fonts.googleapis.com
1 usage.trackjs.com
1 region1.google-analytics.com www.googletagmanager.com
1 fonts.googleapis.com account.brighthr.com
1 static.cloudflareinsights.com account.brighthr.com
20 10

This site contains no links.

Subject Issuer Validity Valid
account.brighthr.com
Cloudflare Inc ECC CA-3		 2024-02-14 -
2024-12-31		 a year crt.sh
cloudflareinsights.com
GTS CA 1P5		 2024-05-08 -
2024-08-06		 3 months crt.sh
upload.video.google.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.google-analytics.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
api.brighthr.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-06 -
2024-12-06		 a year crt.sh
*.trackjs.com
RapidSSL TLS RSA CA G1		 2023-07-31 -
2024-08-11		 a year crt.sh
*.gstatic.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://account.brighthr.com/invite/c2d72dd5-5810-4c18-9d81-7ce7092a1162/
Frame ID: A5253C2E48C464D39F881B23EEC3B0A3
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bright account

Detected technologies

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

20
Requests

100 %
HTTPS

82 %
IPv6

7
Domains

10
Subdomains

11
IPs

3
Countries

647 kB
Transfer

1979 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
account.brighthr.com/invite/c2d72dd5-5810-4c18-9d81-7ce7092a1162/ 		965 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://account.brighthr.com/invite/c2d72dd5-5810-4c18-9d81-7ce7092a1162/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:48b5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
efe49a53b7ab93731b6c889715acd58cf558975b67c731ca783ec5d776575136
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.brighthr.com cloudflareinsights.com capture.trackjs.com *.google-analytics.com localhost:44301; font-src 'self' data: fonts.gstatic.com; frame-src challenges.cloudflare.com www.google.com; img-src 'self' data: https:; manifest-src 'self'; script-src 'self' 'unsafe-inline' data: cdn.trackjs.com challenges.cloudflare.com static.cloudflareinsights.com *.google-analytics.com connect.facebook.net *.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests; report-uri https://brighthr.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
883e35b1f9c64d44-FRA
content-encoding
br
content-security-policy
default-src 'none'; connect-src 'self' *.brighthr.com cloudflareinsights.com capture.trackjs.com *.google-analytics.com localhost:44301; font-src 'self' data: fonts.gstatic.com; frame-src challenges.cloudflare.com www.google.com; img-src 'self' data: https:; manifest-src 'self'; script-src 'self' 'unsafe-inline' data: cdn.trackjs.com challenges.cloudflare.com static.cloudflareinsights.com *.google-analytics.com connect.facebook.net *.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests; report-uri https://brighthr.report-uri.com/r/d/csp/enforce;
content-type
text/html; charset=utf-8
date
Tue, 14 May 2024 22:08:56 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sjUl%2BId1cdQER%2F4kO1RPAT0Op5g9Qut9ZBd%2F4weMLu048ErLNbGoVlc9qVtnHFB858lJG9KvqlKfkj4XE9n1YJ17GIJxpgkp6UMnr2DhBDDa%2FRKtnHficHV4Ul6c0VBRkt1CfrxZ1PMvOMN1Ot5gCs41fg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
main.fc4e4359.js
account.brighthr.com/static/js/ 		1 MB
389 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.brighthr.com/static/js/main.fc4e4359.js
Requested by
Host: account.brighthr.com
URL: https://account.brighthr.com/invite/c2d72dd5-5810-4c18-9d81-7ce7092a1162/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:48b5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6240ca6385fdbc12b9dcf06d8127f968431f219d72badad3ef758bfb4bc7d38
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.brighthr.com cloudflareinsights.com capture.trackjs.com *.google-analytics.com localhost:44301; font-src 'self' data: fonts.gstatic.com; frame-src challenges.cloudflare.com www.google.com; img-src 'self' data: https:; manifest-src 'self'; script-src 'self' 'unsafe-inline' data: cdn.trackjs.com challenges.cloudflare.com static.cloudflareinsights.com *.google-analytics.com connect.facebook.net *.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests; report-uri https://brighthr.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://account.brighthr.com/invite/c2d72dd5-5810-4c18-9d81-7ce7092a1162/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 22:08:56 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'none'; connect-src 'self' *.brighthr.com cloudflareinsights.com capture.trackjs.com *.google-analytics.com localhost:44301; font-src 'self' data: fonts.gstatic.com; frame-src challenges.cloudflare.com www.google.com; img-src 'self' data: https:; manifest-src 'self'; script-src 'self' 'unsafe-inline' data: cdn.trackjs.com challenges.cloudflare.com static.cloudflareinsights.com *.google-analytics.com connect.facebook.net *.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests; report-uri https://brighthr.report-uri.com/r/d/csp/enforce;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"b1f6045df3bcf40df0e709d761bd1858"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bo2oQ9uSSgbNaCpffuzj3EmWswpIyhpb2BcFcGm8ivtCSbKZBl4agtgWyK68VObPJ%2BGl9sKsLZU1vqMYsCuKPST8chEDsV6wMrMIkUc%2FLaAA10cQ4x8oz5Yh05ogVITZ6PYbGGCGRptaIESCbxKMN%2F3kCw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
vary
Accept-Encoding
cf-ray
883e35b28a6c4d44-FRA
main.d563473f.css
account.brighthr.com/static/css/ 		42 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://account.brighthr.com/static/css/main.d563473f.css
Requested by
Host: account.brighthr.com
URL: https://account.brighthr.com/invite/c2d72dd5-5810-4c18-9d81-7ce7092a1162/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:48b5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e64961ad210ff9a70f3b23d3add0ae44496c99e5bd3d03defee40b0e2432d509
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.brighthr.com cloudflareinsights.com capture.trackjs.com *.google-analytics.com localhost:44301; font-src 'self' data: fonts.gstatic.com; frame-src challenges.cloudflare.com www.google.com; img-src 'self' data: https:; manifest-src 'self'; script-src 'self' 'unsafe-inline' data: cdn.trackjs.com challenges.cloudflare.com static.cloudflareinsights.com *.google-analytics.com connect.facebook.net *.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests; report-uri https://brighthr.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://account.brighthr.com/invite/c2d72dd5-5810-4c18-9d81-7ce7092a1162/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 22:08:56 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'none'; connect-src 'self' *.brighthr.com cloudflareinsights.com capture.trackjs.com *.google-analytics.com localhost:44301; font-src 'self' data: fonts.gstatic.com; frame-src challenges.cloudflare.com www.google.com; img-src 'self' data: https:; manifest-src 'self'; script-src 'self' 'unsafe-inline' data: cdn.trackjs.com challenges.cloudflare.com static.cloudflareinsights.com *.google-analytics.com connect.facebook.net *.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests; report-uri https://brighthr.report-uri.com/r/d/csp/enforce;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"97d0e07c5bccb203fc7feba90f3e0a36"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bl0lBLbpBjXG%2Bxt6MIvpALAQb66zmxH2AvQo8Ppu34s7XojKTzkk5E%2BoObcshl8Y4%2BPNDf2WOQeBCKMz%2B20xlCulthdsKUhislv0a%2B9atOLCw%2B7MVKvZG0nTKIpnYqbw8scE3XUKQlojmCf2vTE9PLBWvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
vary
Accept-Encoding
cf-ray
883e35b28a6a4d44-FRA
t.js
account.brighthr.com/ 		29 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.brighthr.com/t.js
Requested by
Host: account.brighthr.com
URL: https://account.brighthr.com/invite/c2d72dd5-5810-4c18-9d81-7ce7092a1162/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:48b5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e24447b6e22e330e82e67867a5e98863f7a8222d96b31342c2dde873cb95c61e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.brighthr.com cloudflareinsights.com capture.trackjs.com *.google-analytics.com localhost:44301; font-src 'self' data: fonts.gstatic.com; frame-src challenges.cloudflare.com www.google.com; img-src 'self' data: https:; manifest-src 'self'; script-src 'self' 'unsafe-inline' data: cdn.trackjs.com challenges.cloudflare.com static.cloudflareinsights.com *.google-analytics.com connect.facebook.net *.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests; report-uri https://brighthr.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://account.brighthr.com/invite/c2d72dd5-5810-4c18-9d81-7ce7092a1162/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 22:08:56 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'none'; connect-src 'self' *.brighthr.com cloudflareinsights.com capture.trackjs.com *.google-analytics.com localhost:44301; font-src 'self' data: fonts.gstatic.com; frame-src challenges.cloudflare.com www.google.com; img-src 'self' data: https:; manifest-src 'self'; script-src 'self' 'unsafe-inline' data: cdn.trackjs.com challenges.cloudflare.com static.cloudflareinsights.com *.google-analytics.com connect.facebook.net *.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests; report-uri https://brighthr.report-uri.com/r/d/csp/enforce;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"47254142a3a62fb3f2ffb239a8200da1"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cp0suqM1TWQhDYNYO1GyTIhubyNvuvVBmFGpLg%2FBaBRP1Xj2axLEA0fX2dx3GZ8ZR8RwkGrA6ZdYg3YenWImDpE%2F36paab3sAgRuZhn4G3oznyxN%2F7U9p3bhE%2Fh4S0rqUEo1EMP6Gxnf%2FPjjRmBJ6hbgkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
vary
Accept-Encoding
cf-ray
883e35b28a6b4d44-FRA
beacon.min.js
static.cloudflareinsights.com/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js
Requested by
Host: account.brighthr.com
URL: https://account.brighthr.com/invite/c2d72dd5-5810-4c18-9d81-7ce7092a1162/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9eb189676a78d42d7a8487eef683702ada6c5c866399eefbc0df319d5f7c6d7

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://account.brighthr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 22:08:56 GMT
content-encoding
gzip
last-modified
Mon, 06 May 2024 19:01:13 GMT
server
cloudflare
etag
W/"2024.5.0"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
883e35b399261957-FRA
css2
fonts.googleapis.com/ 		812 B
811 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Albert+Sans:wght@300..900&display=swap
Requested by
Host: account.brighthr.com
URL: https://account.brighthr.com/static/css/main.d563473f.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
709e24ee85e2fa65201db5de2c0ca12a6945e3657fcacd714d59e8baff7b545a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://account.brighthr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Tue, 14 May 2024 22:08:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 14 May 2024 22:08:56 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 14 May 2024 22:08:56 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: account.brighthr.com
URL: https://account.brighthr.com/static/js/main.fc4e4359.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://account.brighthr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 14 May 2024 21:41:03 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1674
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Tue, 14 May 2024 23:41:03 GMT
js
www.googletagmanager.com/gtag/ 		307 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-0NPJV2YJ85
Requested by
Host: account.brighthr.com
URL: https://account.brighthr.com/static/js/main.fc4e4359.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
98ea8be34bca9170518aeb4aadf659753aceb1c7442c2c10673df0b203047aa0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://account.brighthr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 22:08:57 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
105076
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 14 May 2024 22:08:57 GMT
c2d72dd5-5810-4c18-9d81-7ce7092a1162
api.brighthr.com/v1/account/invite/ 		99 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.brighthr.com/v1/account/invite/c2d72dd5-5810-4c18-9d81-7ce7092a1162
Requested by
Host: account.brighthr.com
URL: https://account.brighthr.com/t.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
60a35d22f1e126160141fb8091bfe612d69b4785a9e7afad0d105b3067ffe615
Security Headers
Name Value
Content-Security-Policy base-uri 'self';connect-src https://dc.services.visualstudio.com 'self';default-src 'self';font-src data: https://fonts.gstatic.com 'self';frame-ancestors 'none';frame-src 'self';img-src data: https: 'self';manifest-src 'self';object-src 'none';report-uri https://brighthr.report-uri.com/r/d/csp/enforce;sandbox allow-forms allow-same-origin allow-scripts;script-src https://js.monitor.azure.com 'self';style-src 'self';upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

BrightSession
8d5742da-9c7b-4604-ad98-26d7e9d86c93
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://account.brighthr.com/
BrightClient
WebApp
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 22:08:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
base-uri 'self';connect-src https://dc.services.visualstudio.com 'self';default-src 'self';font-src data: https://fonts.gstatic.com 'self';frame-ancestors 'none';frame-src 'self';img-src data: https: 'self';manifest-src 'self';object-src 'none';report-uri https://brighthr.report-uri.com/r/d/csp/enforce;sandbox allow-forms allow-same-origin allow-scripts;script-src https://js.monitor.azure.com 'self';style-src 'self';upgrade-insecure-requests;
x-cache
CONFIG_NOCACHE
x-azure-apim
region=UK South;product=internal;api=Account-1;operation=GET-Wildcard-1
x-xss-protection
1; mode=block
request-context
appId=cid-v1:7116dbbd-c1eb-45eb-a93a-4592fbc1853d
referrer-policy
no-referrer
vary
Origin,Accept-Encoding
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://brighthr.report-uri.com/a/d/g"}],"include_subdomains":true}
access-control-expose-headers
Content-Encoding,Transfer-Encoding,Vary,Strict-Transport-Security,Request-Context,X-Content-Type-Options,Referrer-Policy,X-Frame-Options,X-XSS-Protection,Content-Security-Policy,Report-To,Date,Server,X-Azure-APIM
x-azure-ref
20240514T220857Z-1675f555588f447719xkneu8fc000000011g000000017rtc
c2d72dd5-5810-4c18-9d81-7ce7092a1162
api.brighthr.com/v1/account/invite/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.brighthr.com/v1/account/invite/c2d72dd5-5810-4c18-9d81-7ce7092a1162
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
brightclient,brightsession
Access-Control-Request-Method
GET
Origin
https://account.brighthr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
brightclient,brightsession
access-control-allow-methods
GET
access-control-allow-origin
*
content-length
0
date
Tue, 14 May 2024 22:08:57 GMT
request-context
appId=cid-v1:7116dbbd-c1eb-45eb-a93a-4592fbc1853d
x-azure-ref
20240514T220857Z-1675f555588f447719xkneu8fc000000011g000000017rsu
x-cache
CONFIG_NOCACHE
collect
www.google-analytics.com/j/ 		3 B
211 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1262657268&t=pageview&_s=1&dl=https%3A%2F%2Faccount.brighthr.com%2Finvite%2Fc2d72dd5-5810-4c18-9d81-7ce7092a1162%2F&dp=%2Finvite%2Fc2d72dd5-5810-4c18-9d81-7ce7092a1162%2F&ul=de-de&de=UTF-8&dt=Bright%20account&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1086662873&gjid=773532491&cid=1486560508.1715724537&tid=UA-67739736-13&_gid=1771756749.1715724537&_r=1&_slc=1&z=782339314
Requested by
Host: account.brighthr.com
URL: https://account.brighthr.com/t.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://account.brighthr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 14 May 2024 22:08:57 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://account.brighthr.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		191 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-67739736-13&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0NPJV2YJ85
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
aa108a9646548b809b888cd89bb33ecf9ea04a1e64f79320e9681d2007cc5d2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://account.brighthr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 22:08:57 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
71034
x-xss-protection
0
last-modified
Tue, 14 May 2024 21:16:12 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 14 May 2024 22:08:57 GMT
collect
region1.google-analytics.com/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-0NPJV2YJ85&gtm=45je45d0v880011957za200&_p=1715724536936&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1486560508.1715724537&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.201%7CGoogle%2520Chrome%3B124.0.6367.201%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=1&sid=1715724537&sct=1&seg=0&dl=https%3A%2F%2Faccount.brighthr.com%2Finvite%2Fc2d72dd5-5810-4c18-9d81-7ce7092a1162%2F&dt=Bright%20account&en=scroll&_fv=1&_ss=1&epn.percent_scrolled=90&tfd=529
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0NPJV2YJ85
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://account.brighthr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 14 May 2024 22:08:57 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://account.brighthr.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1262657268&t=pageview&_s=1&dl=https%3A%2F%2Faccount.brighthr.com%2Finvite%2Fc2d72dd5-5810-4c18-9d81-7ce7092a1162%2F&ul=de-de&de=UTF-8&dt=Bright%20account&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAUABAAAAACAAI~&jid=256643799&gjid=218557357&cid=1486560508.1715724537&tid=UA-67739736-13&_gid=1771756749.1715724537&_r=1&gtm=457e45d0z8880011957za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&jsscut=1&npa=1&z=820530560
Requested by
Host: account.brighthr.com
URL: https://account.brighthr.com/t.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.206 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://account.brighthr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 14 May 2024 22:08:57 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://account.brighthr.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/ 		52 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-67739736-13&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://account.brighthr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 21:41:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1674
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Tue, 14 May 2024 23:41:03 GMT
usage.gif
usage.trackjs.com/ 		43 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usage.trackjs.com/usage.gif?token=e8af43bf2c1f4b0f97d57f4712dc464c&correlationId=681ea1ce-1025-4c77-b327-cb3280052845&application=account-prod&x=2d5f9f64-e211-4e2c-bea8-4a50de0b8d53&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.113.163.172 , Canada, ASN16276 (OVH, FR),
Reverse DNS
prd-usage-5.tjsint.net
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://account.brighthr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 14 May 2024 22:08:57 GMT
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
rum
cloudflareinsights.com/cdn-cgi/ 		0
37 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cloudflareinsights.com/cdn-cgi/rum
Requested by
Host: account.brighthr.com
URL: https://account.brighthr.com/t.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://account.brighthr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 14 May 2024 22:08:57 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://account.brighthr.com
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
883e35b5998f8ebb-FRA
rum
cloudflareinsights.com/cdn-cgi/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://cloudflareinsights.com/cdn-cgi/rum
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://account.brighthr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://account.brighthr.com
access-control-max-age
86400
cf-ray
883e35b589878ebb-FRA
content-encoding
gzip
content-type
text/plain
date
Tue, 14 May 2024 22:08:57 GMT
server
cloudflare
vary
Origin
x-content-type-options
nosniff
x-frame-options
DENY
favicon.ico
account.brighthr.com/ 		15 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://account.brighthr.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:48b5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d3e2807157b3af9bda27b1b6500060f272527914ed72729c8d4b7f8d0774ac4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.brighthr.com cloudflareinsights.com capture.trackjs.com *.google-analytics.com localhost:44301; font-src 'self' data: fonts.gstatic.com; frame-src challenges.cloudflare.com www.google.com; img-src 'self' data: https:; manifest-src 'self'; script-src 'self' 'unsafe-inline' data: cdn.trackjs.com challenges.cloudflare.com static.cloudflareinsights.com *.google-analytics.com connect.facebook.net *.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests; report-uri https://brighthr.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://account.brighthr.com/invite/c2d72dd5-5810-4c18-9d81-7ce7092a1162/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 22:08:57 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'none'; connect-src 'self' *.brighthr.com cloudflareinsights.com capture.trackjs.com *.google-analytics.com localhost:44301; font-src 'self' data: fonts.gstatic.com; frame-src challenges.cloudflare.com www.google.com; img-src 'self' data: https:; manifest-src 'self'; script-src 'self' 'unsafe-inline' data: cdn.trackjs.com challenges.cloudflare.com static.cloudflareinsights.com *.google-analytics.com connect.facebook.net *.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests; report-uri https://brighthr.report-uri.com/r/d/csp/enforce;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"dd64bd8db06e068da310aed9500f0318"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LA8Z1PJEGp2A2CxM8jzsxsdtnNTs6beLsQDN9MjxubmCRP84Jw5mBg2oL6QiL8dduqjCPuNbJUcwTWP1ckPa6XQmlm4NqYQEW8Rsa8IWleQ8kmHy34%2FpbxfE75OEJRlhlyy183dn6p3wfHvo5jdL3JtKCw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/vnd.microsoft.icon
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
vary
Accept-Encoding
cf-ray
883e35b55d4b4d44-FRA
i7dOIFdwYjGaAMFtZd_QA1ZbYFc.woff2
fonts.gstatic.com/s/albertsans/v1/ 		31 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/albertsans/v1/i7dOIFdwYjGaAMFtZd_QA1ZbYFc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Albert+Sans:wght@300..900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b7372b629e997f9980d46c4dea3a384f8d1c9f2fcb21ad395711d14f80fda8c4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://account.brighthr.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 14:40:30 GMT
x-content-type-options
nosniff
age
26907
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32208
x-xss-protection
0
last-modified
Wed, 06 Jul 2022 18:26:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 May 2025 14:40:30 GMT

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trackJs object| TrackJS object| webpackChunkbrightaccount_webapp string| GoogleAnalyticsObject function| ga object| dataLayer function| gtag object| __cfBeacon object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager function| onYouTubeIframeAPIReady

5 Cookies

Domain/Path Name / Value
.brighthr.com/ Name: _gid
Value: GA1.2.1771756749.1715724537
.brighthr.com/ Name: _gat
Value: 1
.brighthr.com/ Name: _ga_0NPJV2YJ85
Value: GS1.1.1715724537.1.0.1715724537.0.0.0
.brighthr.com/ Name: _ga
Value: GA1.2.1486560508.1715724537
.brighthr.com/ Name: _gat_gtag_UA_67739736_13
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.brighthr.com cloudflareinsights.com capture.trackjs.com *.google-analytics.com localhost:44301; font-src 'self' data: fonts.gstatic.com; frame-src challenges.cloudflare.com www.google.com; img-src 'self' data: https:; manifest-src 'self'; script-src 'self' 'unsafe-inline' data: cdn.trackjs.com challenges.cloudflare.com static.cloudflareinsights.com *.google-analytics.com connect.facebook.net *.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests; report-uri https://brighthr.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.brighthr.com
api.brighthr.com
cloudflareinsights.com
fonts.googleapis.com
fonts.gstatic.com
region1.google-analytics.com
static.cloudflareinsights.com
usage.trackjs.com
www.google-analytics.com
www.googletagmanager.com
142.250.74.206
148.113.163.172
2001:4860:4802:32::36
2001:4860:4802:36::178
2606:4700:20::ac43:48b5
2606:4700::6810:4f49
2606:4700::6810:5049
2620:1ec:46::45
2a00:1450:4001:803::2003
2a00:1450:4001:81d::200a
2a00:1450:4001:82f::2008
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1d3e2807157b3af9bda27b1b6500060f272527914ed72729c8d4b7f8d0774ac4
60a35d22f1e126160141fb8091bfe612d69b4785a9e7afad0d105b3067ffe615
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
709e24ee85e2fa65201db5de2c0ca12a6945e3657fcacd714d59e8baff7b545a
98ea8be34bca9170518aeb4aadf659753aceb1c7442c2c10673df0b203047aa0
aa108a9646548b809b888cd89bb33ecf9ea04a1e64f79320e9681d2007cc5d2e
b7372b629e997f9980d46c4dea3a384f8d1c9f2fcb21ad395711d14f80fda8c4
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e24447b6e22e330e82e67867a5e98863f7a8222d96b31342c2dde873cb95c61e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6240ca6385fdbc12b9dcf06d8127f968431f219d72badad3ef758bfb4bc7d38
e64961ad210ff9a70f3b23d3add0ae44496c99e5bd3d03defee40b0e2432d509
efe49a53b7ab93731b6c889715acd58cf558975b67c731ca783ec5d776575136
f9eb189676a78d42d7a8487eef683702ada6c5c866399eefbc0df319d5f7c6d7