urlscan.io logo urlscan.io
SecurityTrails logo

dashboard.staging.sundayapp.dev Open in urlscan Pro
34.120.145.217  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://auth.dashboard.staging.sundayapp.dev/
Effective URL: https://dashboard.staging.sundayapp.dev/
Submission: On April 25 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 15 HTTP transactions. The main IP is 34.120.145.217, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is dashboard.staging.sundayapp.dev.
TLS certificate: Issued by R3 on March 3rd 2023. Valid for: 3 months.
This is the only time dashboard.staging.sundayapp.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
7 34.120.145.217 396982 (GOOGLE-CL...)
4 35.71.155.136 16509 (AMAZON-02)
1 13.224.189.35 16509 (AMAZON-02)
2 18.66.147.43 16509 (AMAZON-02)
15 5
1    2606:4700::6811:ab37 (United States)

ASN13335 (CLOUDFLARENET, US)
auth.dashboard.staging.sundayapp.dev
7    34.120.145.217 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 217.145.120.34.bc.googleusercontent.com
dashboard.staging.sundayapp.dev
4    35.71.155.136 (United States)

ASN16509 (AMAZON-02, US)
PTR: a73d3afe8ff45acb7.awsglobalaccelerator.com
edge.api.flagsmith.com
1    13.224.189.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-35.fra2.r.cloudfront.net
widget.intercom.io
2    18.66.147.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-43.fra60.r.cloudfront.net
js.intercomcdn.com
Apex Domain
Subdomains		 Transfer
8 sundayapp.dev
auth.dashboard.staging.sundayapp.dev
dashboard.staging.sundayapp.dev
2 MB
4 flagsmith.com
edge.api.flagsmith.com — Cisco Umbrella Rank: 141618
2 KB
2 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 5316
206 KB
1 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 3763
4 KB
0 appcues.com Failed
fast.appcues.com Failed
15 5
Domain Requested by
7 dashboard.staging.sundayapp.dev dashboard.staging.sundayapp.dev
4 edge.api.flagsmith.com dashboard.staging.sundayapp.dev
2 js.intercomcdn.com widget.intercom.io
1 widget.intercom.io dashboard.staging.sundayapp.dev
1 auth.dashboard.staging.sundayapp.dev 1 redirects
0 fast.appcues.com Failed dashboard.staging.sundayapp.dev
15 6

This site contains no links.

Subject Issuer Validity Valid
staging.sundayapp.xyz
R3		 2023-03-03 -
2023-06-01		 3 months crt.sh
edge.api.flagsmith.com
Amazon RSA 2048 M01		 2023-02-22 -
2023-12-21		 10 months crt.sh
*.intercom.com
Amazon RSA 2048 M02		 2023-02-14 -
2024-03-14		 a year crt.sh
*.intercomcdn.com
Amazon RSA 2048 M01		 2023-02-21 -
2024-01-29		 a year crt.sh

This page contains 2 frames:

Primary Page: https://dashboard.staging.sundayapp.dev/
Frame ID: 25842ED805F0CF24FBD934418445B937
Requests: 11 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.ebab9d7a.js
Frame ID: BB7C4E44FDB7CEC105549C170841BA11
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

sunday - venue app

Page URL History Show full URLs

  1. https://auth.dashboard.staging.sundayapp.dev/ HTTP 302
    https://dashboard.staging.sundayapp.dev/ Page URL

Page Statistics

15
Requests

93 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

5
IPs

1
Countries

1854 kB
Transfer

7430 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://auth.dashboard.staging.sundayapp.dev/ HTTP 302
    https://dashboard.staging.sundayapp.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
dashboard.staging.sundayapp.dev/
Redirect Chain
  • https://auth.dashboard.staging.sundayapp.dev/
  • https://dashboard.staging.sundayapp.dev/
2 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dashboard.staging.sundayapp.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.145.217 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
217.145.120.34.bc.googleusercontent.com
Software
/
Resource Hash
00f2aae71e4ee3297dbb1bc9fc2f34361344e74452c8e30f60cfe2c835594871
Security Headers
Name Value
Content-Security-Policy connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-security-policy
connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
content-type
text/html
date
Tue, 25 Apr 2023 13:08:17 GMT
last-modified
Tue, 25 Apr 2023 08:58:23 GMT
permissions-policy
accelerometer=(), autoplay=(), camera=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
referrer-policy
same-origin
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-rtt
6

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=60
cf-cache-status
DYNAMIC
cf-ray
7bd6d058d8279176-FRA
content-type
text/html; charset=utf-8
date
Tue, 25 Apr 2023 13:08:17 GMT
location
https://dashboard.staging.sundayapp.dev/
ot-baggage-auth0-request-id
7bd6d058d8279176
ot-tracer-sampled
true
ot-tracer-spanid
65bf0fde4b79e7cd
ot-tracer-traceid
320f18f837fb71bd
server
cloudflare
strict-transport-security
max-age=31536000
traceparent
00-0000000000000000320f18f837fb71bd-65bf0fde4b79e7cd-01
tracestate
auth0-request-id=7bd6d058d8279176,auth0=true
vary
Accept, Accept-Encoding
x-auth0-requestid
52305cb8293cce20653d
x-content-type-options
nosniff
version.js
dashboard.staging.sundayapp.dev/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://dashboard.staging.sundayapp.dev/version.js
Requested by
Host: dashboard.staging.sundayapp.dev
URL: https://dashboard.staging.sundayapp.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.145.217 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
217.145.120.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.staging.sundayapp.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 13:08:17 GMT
content-encoding
gzip
referrer-policy
same-origin
content-security-policy
connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html
x-rtt
6
permissions-policy
accelerometer=(), autoplay=(), camera=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
config.js
dashboard.staging.sundayapp.dev/config/ 		9 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dashboard.staging.sundayapp.dev/config/config.js
Requested by
Host: dashboard.staging.sundayapp.dev
URL: https://dashboard.staging.sundayapp.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.145.217 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
217.145.120.34.bc.googleusercontent.com
Software
/
Resource Hash
bb7870d64a41489c182158d6f207d16b4cbf57719a6e20045f0b74bf52e724c9
Security Headers
Name Value
Content-Security-Policy connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.staging.sundayapp.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 13:08:17 GMT
content-encoding
br
referrer-policy
same-origin
content-security-policy
connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
last-modified
Tue, 25 Apr 2023 09:12:50 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 google
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-rtt
6
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
accelerometer=(), autoplay=(), camera=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
index-a7112ae7.js
dashboard.staging.sundayapp.dev/assets/ 		2 MB
333 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dashboard.staging.sundayapp.dev/assets/index-a7112ae7.js
Requested by
Host: dashboard.staging.sundayapp.dev
URL: https://dashboard.staging.sundayapp.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.145.217 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
217.145.120.34.bc.googleusercontent.com
Software
/
Resource Hash
2a204abdc117b598239835159f8c91465d22a7d7271794b40cb5a45629cc7e4a
Security Headers
Name Value
Content-Security-Policy connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://dashboard.staging.sundayapp.dev/
Origin
https://dashboard.staging.sundayapp.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 13:08:17 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
via
1.1 google
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
referrer-policy
same-origin
last-modified
Tue, 25 Apr 2023 08:58:23 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-rtt
6
cache-control
max-age=31536000
permissions-policy
accelerometer=(), autoplay=(), camera=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
expires
Wed, 24 Apr 2024 13:08:17 GMT
vendor-7317ced3.js
dashboard.staging.sundayapp.dev/assets/ 		5 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://dashboard.staging.sundayapp.dev/assets/vendor-7317ced3.js
Requested by
Host: dashboard.staging.sundayapp.dev
URL: https://dashboard.staging.sundayapp.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.145.217 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
217.145.120.34.bc.googleusercontent.com
Software
/
Resource Hash
f899bf24494db1fbf3dfa2a24f7f95fbe85e5795efabb96dc69e524b9d25c4e1
Security Headers
Name Value
Content-Security-Policy connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://dashboard.staging.sundayapp.dev/
Origin
https://dashboard.staging.sundayapp.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 13:08:17 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
via
1.1 google
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
referrer-policy
same-origin
last-modified
Tue, 25 Apr 2023 08:58:23 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-rtt
6
cache-control
max-age=31536000
permissions-policy
accelerometer=(), autoplay=(), camera=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
expires
Wed, 24 Apr 2024 13:08:17 GMT
index-d814a174.css
dashboard.staging.sundayapp.dev/assets/ 		88 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dashboard.staging.sundayapp.dev/assets/index-d814a174.css
Requested by
Host: dashboard.staging.sundayapp.dev
URL: https://dashboard.staging.sundayapp.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.145.217 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
217.145.120.34.bc.googleusercontent.com
Software
/
Resource Hash
d814a174ff821c14f6ab0abde4f8bb99aa6694c89e40c5162c09553f6a9da199
Security Headers
Name Value
Content-Security-Policy connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.staging.sundayapp.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 13:08:17 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
via
1.1 google
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
referrer-policy
same-origin
last-modified
Tue, 25 Apr 2023 08:58:23 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
x-rtt
6
cache-control
max-age=31536000
permissions-policy
accelerometer=(), autoplay=(), camera=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
expires
Wed, 24 Apr 2024 13:08:17 GMT
135886.js
fast.appcues.com/ 		0
0
/
edge.api.flagsmith.com/api/v1/flags/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://edge.api.flagsmith.com/api/v1/flags/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.155.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a73d3afe8ff45acb7.awsglobalaccelerator.com
Software
awselb/2.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-environment-key
Access-Control-Request-Method
GET
Origin
https://dashboard.staging.sundayapp.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
*
access-control-expose-headers
x-flagsmith-document-updated-at
access-control-max-age
86400
allow
GET, HEAD, OPTIONS
content-length
0
content-type
application/json
date
Tue, 25 Apr 2023 13:08:18 GMT
server
awselb/2.0
/
edge.api.flagsmith.com/api/v1/flags/ 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://edge.api.flagsmith.com/api/v1/flags/
Requested by
Host: dashboard.staging.sundayapp.dev
URL: https://dashboard.staging.sundayapp.dev/assets/vendor-7317ced3.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.155.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a73d3afe8ff45acb7.awsglobalaccelerator.com
Software
awselb/2.0 /
Resource Hash
58cbf8208dcf4707621ca843cd0dfdf8832324502dfffc3253432330fbd063f3

Request headers

x-environment-key
UUvV5sb2p9nje4wxNhst2c
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

aws-lambda-region
eu-west-2
date
Tue, 25 Apr 2023 13:08:18 GMT
content-encoding
gzip
aws-resource-region
eu-west-2
server
awselb/2.0
content-type
application/json
access-control-allow-origin
*
x-flagsmith-document-updated-at
1682338517.144854
cache-control
max-age=0
access-control-allow-credentials
true
access-control-expose-headers
x-flagsmith-document-updated-at
access-control-allow-headers
*
content-length
947
/
edge.api.flagsmith.com/api/v1/flags/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://edge.api.flagsmith.com/api/v1/flags/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.155.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a73d3afe8ff45acb7.awsglobalaccelerator.com
Software
awselb/2.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-environment-key
Access-Control-Request-Method
GET
Origin
https://dashboard.staging.sundayapp.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
*
access-control-expose-headers
x-flagsmith-document-updated-at
access-control-max-age
86400
allow
GET, HEAD, OPTIONS
content-length
0
content-type
application/json
date
Tue, 25 Apr 2023 13:08:18 GMT
server
awselb/2.0
/
edge.api.flagsmith.com/api/v1/flags/ 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://edge.api.flagsmith.com/api/v1/flags/
Requested by
Host: dashboard.staging.sundayapp.dev
URL: https://dashboard.staging.sundayapp.dev/assets/vendor-7317ced3.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.155.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a73d3afe8ff45acb7.awsglobalaccelerator.com
Software
awselb/2.0 /
Resource Hash
2770355105ef547e47dd81b27e53a25e04ef18397636249176a68903d4b03ade

Request headers

x-environment-key
UUvV5sb2p9nje4wxNhst2c
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

aws-lambda-region
eu-west-2
date
Tue, 25 Apr 2023 13:08:18 GMT
content-encoding
gzip
aws-resource-region
eu-west-2
server
awselb/2.0
content-type
application/json
access-control-allow-origin
*
x-flagsmith-document-updated-at
1682338517.144854
cache-control
max-age=0
access-control-allow-credentials
true
access-control-expose-headers
x-flagsmith-document-updated-at
access-control-allow-headers
*
content-length
952
yqh6ppps
widget.intercom.io/widget/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.intercom.io/widget/yqh6ppps
Requested by
Host: dashboard.staging.sundayapp.dev
URL: https://dashboard.staging.sundayapp.dev/assets/vendor-7317ced3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-35.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4b984c2112f01b24a55cc231ce8eebed8658d1316d6b070b5fc5461cfa0d40a7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
fP9beoFr1VepK3.h2kf6X8ntYQPtCwM8
content-encoding
gzip
via
1.1 f046bfa1468bb4385e357c8c9128cf50.cloudfront.net (CloudFront)
date
Tue, 25 Apr 2023 13:02:19 GMT
x-amz-cf-pop
FRA2-C1
age
658
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
3266
last-modified
Tue, 25 Apr 2023 12:24:14 GMT
server
AmazonS3
etag
"4b1c3023a7c289ebe6e93842d9b9a966"
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=900, s-maxage=900, public
accept-ranges
bytes
x-amz-cf-id
PH_ArjT3RCiWvYM-FDQ6cVxB0UCSqKqn9gIpyxYxs_7zaR7kD4uO1A==
signup-illustration.jpeg
dashboard.staging.sundayapp.dev/ 		168 KB
168 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dashboard.staging.sundayapp.dev/signup-illustration.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.145.217 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
217.145.120.34.bc.googleusercontent.com
Software
/
Resource Hash
2578d07de3076f9e793ed379667891a7d628288049b0e1d3f5e06a494a16bf1b
Security Headers
Name Value
Content-Security-Policy connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.staging.sundayapp.dev/sign-in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 13:08:18 GMT
content-security-policy
connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
171794
referrer-policy
same-origin
last-modified
Tue, 25 Apr 2023 08:58:01 GMT
x-frame-options
SAMEORIGIN
content-type
image/jpeg
x-rtt
6
cache-control
max-age=31536000
permissions-policy
accelerometer=(), autoplay=(), camera=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 24 Apr 2024 13:08:18 GMT
frame-modern.ebab9d7a.js
js.intercomcdn.com/ Frame BB7C 		504 KB
133 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.ebab9d7a.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/yqh6ppps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-43.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6903bdf9024aa8557877674b08d4dabddd6a188d700dbe62b8a77bfef364e77d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 12:24:18 GMT
content-encoding
gzip
via
1.1 da392114e7046bd9720a70f40c796f62.cloudfront.net (CloudFront)
x-amz-version-id
DHSZKmdc4yFm83rdso.MTfqByi3XH8DT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P4
age
2641
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
135011
last-modified
Tue, 25 Apr 2023 12:21:38 GMT
server
AmazonS3
etag
"45b2e258e63bef7ff9781d3a9b34f568"
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
gZA_QqjoThNZtiDkY8w7X2LXUtYrdBwa-SDdelGtazI40z5hfI4bEQ==
vendor-modern.3bac1c8c.js
js.intercomcdn.com/ Frame BB7C 		237 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.3bac1c8c.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/yqh6ppps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-43.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1f97d7b6011451ee000372405b18c26343b2326e57773b4a12e7a93d15c64441
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
_PGXdHwu4aKww3bWJiGDb4oWoJe7z.6z
content-encoding
gzip
via
1.1 da392114e7046bd9720a70f40c796f62.cloudfront.net (CloudFront)
date
Tue, 25 Apr 2023 12:14:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P4
age
3210
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
74624
last-modified
Fri, 21 Apr 2023 14:32:47 GMT
server
AmazonS3
etag
"78755e4b2a9859725e79b8cfece2f747"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
yxeR5yPedcHVy24bMJv7WGG09HQDyaiVeyP3EkRPNlbD_erOAolJtQ==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fast.appcues.com
URL
https://fast.appcues.com/135886.js

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| sundayEnv object| AppcuesSettings object| DD_LOGS object| DD_RUM function| FlagsmithEventSource object| flagsmith object| _reactFireDatabaseCachedQueries object| _reactFirePreloadedObservables object| _reactFireFirestoreQueryCache object| __REACT_INTL_CONTEXT__ function| saveAs function| Intercom function| __intercomAssignLocation function| __intercomReloadLocation

2 Cookies

Domain/Path Name / Value
.auth.dashboard.staging.sundayapp.dev/ Name: __cf_bm
Value: rvl5zoRks7_s1dlZzxCrWAq7Cuo0kM70Fkndjklg_ns-1682428097-0-AR71obexlZ/hbnVdkyh/k8AYgCzlc2eKZtv9xzn5/Wfqk4MfznkG7+NvoZ9VOd4O7wGo58/08NZhTiD4qGotvq8=
dashboard.staging.sundayapp.dev/ Name: _dd_s
Value: logs=1&id=1df5a9ce-9577-4a4b-bdc2-23ffb5070ae8&created=1682428098140&expire=1682428998141

5 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
network error URL: https://dashboard.staging.sundayapp.dev/version.js
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://dashboard.staging.sundayapp.dev/
Message:
Refused to execute script from 'https://dashboard.staging.sundayapp.dev/version.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://dashboard.staging.sundayapp.dev/
Message:
Refused to load the script 'https://fast.appcues.com/135886.js' because it violates the following Content Security Policy directive: "script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy connect-src 'self' blob: https://cdn.segment.com/ https://api.segment.io/ https://in.eu2.segmentapis.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://browser-http-intake.logs.datadoghq.eu/ https://rum-http-intake.logs.datadoghq.eu/ https://session-replay.browser-intake-datadoghq.eu/ https://api.vpos.staging.sundayapp.xyz https://grpc.vpos.staging.sundayapp.xyz https://api.payment.staging.sundayapp.xyz https://api.voucher.staging.sundayapp.xyz https://api.staging.sundayapp.dev https://api.menu-back-end.staging.sundayapp.dev https://api.ordering.staging.sundayapp.xyz https://api.venues.staging.sundayapp.dev https://staging.sundayapp.in https://staging.sun-d.dev https://api.bookkeeping.staging.sundayapp.dev https://api.accounting.staging.sundayapp.dev https://api.connectors.staging.sundayapp.dev https://api.global-configuration.staging.sundayapp.xyz https://api.venue-feedback.staging.sundayapp.xyz https://api.loyalty-dispatcher.staging.sundayapp.xyz https://api.consent-manager.staging.sundayapp.xyz https://api.billing.staging.sundayapp.xyz https://api.receipt.staging.sundayapp.xyz https://api.merchant-engagement.staging.sundayapp.dev https://api.merchant-accounts.staging.sundayapp.dev https://api.vpos-venue.staging.sundayapp.xyz https://api.refresh-bill.staging.sundayapp.xyz https://hooks.zapier.com/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/sunday-staging.appspot.com/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaseinstallations.googleapis.com/v1/projects/sunday-staging/ https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-staging/ https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://securetoken.googleapis.com/v1/token https://identitytoolkit.googleapis.com/ https://widget.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io wss://nexus-websocket-a.intercom.io https://v2.convertapi.com/convert/pdf/to/jpg https://nightswatch-trial.ikentoo.com https://nightswatch.ikentoo.com https://www.google-analytics.com/ https://accounts.google.com/ https://edge.api.flagsmith.com/ https://staff-performance-cloud-function-spike-zfixig2dzq-ew.a.run.app https://merchant-dashboard-stats-zfixig2dzq-ew.a.run.app https://api.payment-terminal.staging.sundayapp.dev https://api.reconciliation.staging.sundayapp.xyz ; default-src 'self' blob: https://js.intercomcdn.com https://intercom-sheets.com/ https://intercom.help https://fonts.intercomcdn.com/ https://vars.hotjar.com/ ; img-src 'self' blob: data: https://www.google.com/images/cleardot.gif https://js.intercomcdn.com https://downloads.intercomcdn.com https://static.intercomassets.com https://*.intercom-attachments-1.com/ https://*.intercom-attachments-2.com/ https://*.intercom-attachments-3.com/ https://*.intercom-attachments-4.com/ https://*.intercom-attachments-5.com/ https://*.intercom-attachments-6.com/ https://*.intercom-attachments-7.com/ https://*.intercom-attachments-8.com/ https://*.intercom-attachments-9.com/ https://*.intercom-attachments-10.com/ https://*.intercom-attachments-11.com/ https://*.intercom-attachments-12.com/ https://firebasestorage.googleapis.com/ https://api.menu-back-end.staging.sundayapp.dev https://media.zelty.fr ; object-src 'none' ; script-src 'self' blob: 'unsafe-inline' 'sha256-uFCnwV0a5IryCZy+3xNDMxqSx+f7TRPwsJQzjZBlblw=' 'sha256-rbSoJHXNX7hCAxLOeSv/EXhxMjVnmictiH6VrXFKjUo=' 'unsafe-eval' https://widget.intercom.io/ https://js.intercomcdn.com https://static.intercomassets.com https://www.googletagmanager.com/gtag/ https://cdn.segment.com/ https://accounts.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://cdn.segment.com/ https://*.hotjar.com/ https://widget.intercom.io/ https://www.googletagmanager.com/ https://js.intercomcdn.com/ https://accounts.google.com/ ; style-src 'unsafe-inline' 'self' https://static.intercomassets.com/ https://fonts.intercomcdn.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN