Submitted URL: https://facteursdesucces.ch/
Effective URL: https://pd.promotiondigitale.ch/pub/sft?lang=fr
Submission: On October 18 via api from CH — Scanned from CH

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 15 HTTP transactions. The main IP is 5.149.2.181, located in Dachsen, Switzerland and belongs to NETCETERA-AG-AS, CH. The main domain is pd.promotiondigitale.ch.
TLS certificate: Issued by Thawte TLS RSA CA G1 on January 9th 2024. Valid for: a year.
This is the only time pd.promotiondigitale.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 2a00:f740:100... 28875 (INNO)
10 5.149.2.181 34960 (NETCETERA...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 142.250.186.163 15169 (GOOGLE)
15 5
Domain Requested by
7 pd.promotiondigitale.ch pd.promotiondigitale.ch
3 fonts.gstatic.com fonts.googleapis.com
3 pd-backend.promotiondigitale.ch pd.promotiondigitale.ch
1 www.youtube.com pd.promotiondigitale.ch
1 fonts.googleapis.com pd.promotiondigitale.ch
1 www.facteursdesucces.ch 1 redirects
1 facteursdesucces.ch 1 redirects
15 7

This site contains links to these domains. Also see Links.

Domain
www.gdk-cds.ch
www.bag.admin.ch
www.edi.admin.ch
promotionsante.ch
Subject Issuer Validity Valid
*.promotiondigitale.ch
Thawte TLS RSA CA G1
2024-01-09 -
2025-01-08
a year crt.sh
upload.video.google.com
WR2
2024-09-30 -
2024-12-23
3 months crt.sh
*.google.com
WR2
2024-09-30 -
2024-12-23
3 months crt.sh
*.gstatic.com
WR2
2024-09-30 -
2024-12-23
3 months crt.sh

This page contains 2 frames:

Primary Page: https://pd.promotiondigitale.ch/pub/sft?lang=fr
Frame ID: 2549AC6C73D1604D0D55D0EDB6920F94
Requests: 15 HTTP requests in this frame

Frame: https://www.youtube.com/embed/TxMPN9DptXg?rel=0
Frame ID: 7CD2A5299EF449536753F8E8937281FF
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Promotion Digitale

Page URL History Show full URLs

  1. https://facteursdesucces.ch/ HTTP 301
    https://www.facteursdesucces.ch/ HTTP 301
    https://pd.promotiondigitale.ch/pub/sft?lang=fr Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

15
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

7
Subdomains

5
IPs

3
Countries

5863 kB
Transfer

5887 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://facteursdesucces.ch/ HTTP 301
    https://www.facteursdesucces.ch/ HTTP 301
    https://pd.promotiondigitale.ch/pub/sft?lang=fr Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request sft
pd.promotiondigitale.ch/pub/
Redirect Chain
  • https://facteursdesucces.ch/
  • https://www.facteursdesucces.ch/
  • https://pd.promotiondigitale.ch/pub/sft?lang=fr
2 KB
3 KB
Document
General
Full URL
https://pd.promotiondigitale.ch/pub/sft?lang=fr
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.149.2.181 Dachsen, Switzerland, ASN34960 (NETCETERA-AG-AS, CH),
Reverse DNS
Software
/
Resource Hash
7b69fb267b37222b2f4923e31807bdb1ae42b20d4d9a4b8c3b3b33da36dc1479
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.google.ch/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-length
2515
content-security-policy
default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
content-type
text/html
date
Fri, 18 Oct 2024 10:23:10 GMT
etag
"66e18da0-9d3"
last-modified
Wed, 11 Sep 2024 12:31:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

Connection
Keep-Alive
Content-Length
255
Content-Type
text/html; charset=iso-8859-1
Date
Fri, 18 Oct 2024 10:23:09 GMT
Keep-Alive
timeout=5, max=100
Location
https://pd.promotiondigitale.ch/pub/sft?lang=fr
Server
Apache/2.4.57 (Rocky Linux) OpenSSL/3.0.7
Strict-Transport-Security
max-age=31536000
css
fonts.googleapis.com/
9 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap
Requested by
Host: pd.promotiondigitale.ch
URL: https://pd.promotiondigitale.ch/pub/sft?lang=fr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8e878b38c0c357b63eb23d45c6182fd4f1ac0e92a5601a7e27f04edcfad5b4af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pd.promotiondigitale.ch/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 18 Oct 2024 10:23:10 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 18 Oct 2024 10:23:10 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Fri, 18 Oct 2024 09:14:04 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
index-ef89390b.js
pd.promotiondigitale.ch/assets/
3 MB
3 MB
Script
General
Full URL
https://pd.promotiondigitale.ch/assets/index-ef89390b.js
Requested by
Host: pd.promotiondigitale.ch
URL: https://pd.promotiondigitale.ch/pub/sft?lang=fr
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.149.2.181 Dachsen, Switzerland, ASN34960 (NETCETERA-AG-AS, CH),
Reverse DNS
Software
/
Resource Hash
66771477979b7513f72634e81e2aa1fe10b4f6514d2b6b3d50cd9c73a36764c7
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://pd.promotiondigitale.ch
Referer
https://pd.promotiondigitale.ch/pub/sft?lang=fr

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
etag
"66e18da0-2c9827"
accept-ranges
bytes
content-length
2922535
date
Fri, 18 Oct 2024 10:23:10 GMT
content-type
application/javascript
last-modified
Wed, 11 Sep 2024 12:31:28 GMT
index-f533d7da.css
pd.promotiondigitale.ch/assets/
33 KB
33 KB
Stylesheet
General
Full URL
https://pd.promotiondigitale.ch/assets/index-f533d7da.css
Requested by
Host: pd.promotiondigitale.ch
URL: https://pd.promotiondigitale.ch/pub/sft?lang=fr
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.149.2.181 Dachsen, Switzerland, ASN34960 (NETCETERA-AG-AS, CH),
Reverse DNS
Software
/
Resource Hash
f533d7dae97f1848ce5821f980c48ea3d6dfb1d7aee514a68c04ddd39821e2ba
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pd.promotiondigitale.ch/pub/sft?lang=fr

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
etag
"66e18da0-82ca"
accept-ranges
bytes
content-length
33482
date
Fri, 18 Oct 2024 10:23:10 GMT
content-type
text/css
last-modified
Wed, 11 Sep 2024 12:31:28 GMT
environment.json
pd.promotiondigitale.ch/environment/
233 B
948 B
Fetch
General
Full URL
https://pd.promotiondigitale.ch/environment/environment.json
Requested by
Host: pd.promotiondigitale.ch
URL: https://pd.promotiondigitale.ch/assets/index-ef89390b.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.149.2.181 Dachsen, Switzerland, ASN34960 (NETCETERA-AG-AS, CH),
Reverse DNS
Software
/
Resource Hash
ecae484451cedb15efa13ba6f89a1c584eb95c494611453e008871f68cccd494
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pd.promotiondigitale.ch/pub/sft?lang=fr

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
etag
"66e97535-e9"
accept-ranges
bytes
content-length
233
date
Fri, 18 Oct 2024 10:23:12 GMT
content-type
application/json
last-modified
Tue, 17 Sep 2024 12:25:25 GMT
favicon.ico
pd.promotiondigitale.ch/
117 KB
118 KB
Other
General
Full URL
https://pd.promotiondigitale.ch/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.149.2.181 Dachsen, Switzerland, ASN34960 (NETCETERA-AG-AS, CH),
Reverse DNS
Software
/
Resource Hash
d8c8a01f4b0db9a945cb13bd9f3ac84c3cd5e61aa9b66ee34a4c48f064230b81
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pd.promotiondigitale.ch/pub/sft?lang=fr

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
etag
"66e18ce2-1d5b8"
accept-ranges
bytes
content-length
120248
date
Fri, 18 Oct 2024 10:23:12 GMT
content-type
image/x-icon
last-modified
Wed, 11 Sep 2024 12:28:18 GMT
graphql
pd-backend.promotiondigitale.ch/api/v1/ Frame
0
0
Preflight
General
Full URL
https://pd-backend.promotiondigitale.ch/api/v1/graphql
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.149.2.181 Dachsen, Switzerland, ASN34960 (NETCETERA-AG-AS, CH),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-xsrf-token
Access-Control-Request-Method
POST
Origin
https://pd.promotiondigitale.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type, x-xsrf-token
access-control-allow-methods
POST
access-control-allow-origin
https://pd.promotiondigitale.ch
access-control-max-age
1800
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
date
Fri, 18 Oct 2024 10:23:13 GMT
expires
0
pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
0
graphql
pd-backend.promotiondigitale.ch/api/v1/
201 KB
202 KB
Fetch
General
Full URL
https://pd-backend.promotiondigitale.ch/api/v1/graphql
Requested by
Host: pd.promotiondigitale.ch
URL: https://pd.promotiondigitale.ch/assets/index-ef89390b.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.149.2.181 Dachsen, Switzerland, ASN34960 (NETCETERA-AG-AS, CH),
Reverse DNS
Software
/
Resource Hash
77b1b5d8e06cd5db8f0855bd1d36528b639500995a1746afc7babf5986c433bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

x-xsrf-token
undefined
Referer
https://pd.promotiondigitale.ch/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept
application/graphql-response+json, application/graphql+json, application/json, text/event-stream, multipart/mixed
content-type
application/json

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
f8f7a947-ddaa-423c-aaf1-cc87bdb12581
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
0
access-control-allow-origin
https://pd.promotiondigitale.ch
content-length
206200
date
Fri, 18 Oct 2024 10:23:13 GMT
x-xss-protection
0
content-type
application/json;charset=utf-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
graphql
pd-backend.promotiondigitale.ch/api/v1/
10 KB
10 KB
Fetch
General
Full URL
https://pd-backend.promotiondigitale.ch/api/v1/graphql
Requested by
Host: pd.promotiondigitale.ch
URL: https://pd.promotiondigitale.ch/assets/index-ef89390b.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.149.2.181 Dachsen, Switzerland, ASN34960 (NETCETERA-AG-AS, CH),
Reverse DNS
Software
/
Resource Hash
b993470f19d37ee08a651ff1a4afb5e95b2be4d189bf720ade266211ede31216
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

x-xsrf-token
50ae7a85-e296-484b-b42a-60896d975337
Referer
https://pd.promotiondigitale.ch/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept
application/graphql-response+json, application/graphql+json, application/json, text/event-stream, multipart/mixed
content-type
application/json

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
c9b23c6d-58ec-4f56-9bb6-793a55c7695b
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
0
access-control-allow-origin
https://pd.promotiondigitale.ch
content-length
9824
date
Fri, 18 Oct 2024 10:23:13 GMT
x-xss-protection
0
content-type
application/json;charset=utf-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
TxMPN9DptXg
www.youtube.com/embed/ Frame 7CD2
0
0
Document
General
Full URL
https://www.youtube.com/embed/TxMPN9DptXg?rel=0
Requested by
Host: pd.promotiondigitale.ch
URL: https://pd.promotiondigitale.ch/assets/index-ef89390b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pd.promotiondigitale.ch/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-security-policy
require-trusted-types-for 'script'
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Fri, 18 Oct 2024 10:23:14 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
success-factors-public-header-illustration-7790cd71.svg
pd.promotiondigitale.ch/assets/
445 KB
446 KB
Image
General
Full URL
https://pd.promotiondigitale.ch/assets/success-factors-public-header-illustration-7790cd71.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.149.2.181 Dachsen, Switzerland, ASN34960 (NETCETERA-AG-AS, CH),
Reverse DNS
Software
/
Resource Hash
7790cd711dca9be77197e878f5ca42c3021de2fc8be08f4b2cccb0077d4fe46b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pd.promotiondigitale.ch/pub/sft?lang=fr

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
etag
"66e18da0-6f3bd"
accept-ranges
bytes
content-length
455613
date
Fri, 18 Oct 2024 10:23:13 GMT
content-type
image/svg+xml
last-modified
Wed, 11 Sep 2024 12:31:28 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f3.1e100.net
Software
sffe /
Resource Hash
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://pd.promotiondigitale.ch
Referer
https://fonts.googleapis.com/

Response headers

age
197281
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Thu, 16 Oct 2025 03:35:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 03:35:13 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18536
x-xss-protection
0
server
sffe
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f3.1e100.net
Software
sffe /
Resource Hash
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://pd.promotiondigitale.ch
Referer
https://fonts.googleapis.com/

Response headers

age
303053
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Tue, 14 Oct 2025 22:12:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 22:12:21 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18588
x-xss-protection
0
server
sffe
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f3.1e100.net
Software
sffe /
Resource Hash
4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://pd.promotiondigitale.ch
Referer
https://fonts.googleapis.com/

Response headers

age
297972
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Tue, 14 Oct 2025 23:37:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 23:37:02 GMT
last-modified
Thu, 01 Aug 2024 20:41:19 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18492
x-xss-protection
0
server
sffe
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c8194912ab7d02d3b021a112f3d7800385f5ca90af713763c66ddd08e41d6e00

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/jpeg
truncated
/
27 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
31a0def3069638853ebc8d020fc7b18ad839559b71c957a91fb73319d9b153a2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
success-factor-tool-kids-8f62da72.jpg
pd.promotiondigitale.ch/assets/
2 MB
2 MB
Image
General
Full URL
https://pd.promotiondigitale.ch/assets/success-factor-tool-kids-8f62da72.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.149.2.181 Dachsen, Switzerland, ASN34960 (NETCETERA-AG-AS, CH),
Reverse DNS
Software
/
Resource Hash
8f62da72687abaea874dfca78bfaab6f541ff697938b94746846441069651c84
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pd.promotiondigitale.ch/pub/sft?lang=fr

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
etag
"66e18da0-21503f"
accept-ranges
bytes
content-length
2183231
date
Fri, 18 Oct 2024 10:23:14 GMT
content-type
image/jpeg
last-modified
Wed, 11 Sep 2024 12:31:28 GMT

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| __MUI_LICENSE_INFO__ function| saveAs

4 Cookies

Domain/Path Name / Value
.promotiondigitale.ch/ Name: XSRF-TOKEN
Value: 50ae7a85-e296-484b-b42a-60896d975337
.youtube.com/ Name: YSC
Value: hwNmyowApG8
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: SbxFIK226xs
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJDSBIEGgAgPA%3D%3D

2 Console Messages

Source Level URL
Text
security error URL: https://pd.promotiondigitale.ch/pub/sft?lang=fr(Line 31)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com". Either the 'unsafe-inline' keyword, a hash ('sha256-4y/gEB2/KIwZFTfNqwXJq4olzvmQ0S214m9jwKgNXoc='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://pd.promotiondigitale.ch/pub/sft?lang=fr(Line 32)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com". Either the 'unsafe-inline' keyword, a hash ('sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src 'self' https://www.google.com https://www.gstatic.com; connect-src 'self' *.promotion-digitale.test.netcetera.com *.promotion-digitale.int-test.netcetera.com *.promotiondigitale.ch; script-src-elem 'self' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' https://www.google.com https://www.gstatic.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com; font-src https://fonts.gstatic.com/; form-action 'self'; object-src 'none'; base-uri 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains