URL: https://content.bill.design/
Submission: On December 17 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 7 IPs in 3 countries across 7 domains to perform 28 HTTP transactions. The main IP is 52.208.141.225, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is content.bill.design.
TLS certificate: Issued by R3 on December 17th 2021. Valid for: 3 months.
This is the only time content.bill.design was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 14 52.208.141.225 16509 (AMAZON-02)
1 2a04:4e42:600... 54113 (FASTLY)
5 35.188.42.15 15169 (GOOGLE)
2 52.30.132.97 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 52.218.41.248 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
28 7
Domain Requested by
14 content.bill.design 1 redirects content.bill.design
browser.sentry-cdn.com
5 sentry.io browser.sentry-cdn.com
4 fonts.gstatic.com fonts.googleapis.com
2 api.zeroheight.com browser.sentry-cdn.com
1 zeroheight-user-uploads.s3-eu-west-1.amazonaws.com
1 zeroheight.s3-eu-west-1.amazonaws.com content.bill.design
1 fonts.googleapis.com content.bill.design
1 browser.sentry-cdn.com content.bill.design
28 8

This site contains links to these domains. Also see Links.

Domain
terms.zeroheight.com
zeroheight.com
Subject Issuer Validity Valid
content.bill.design
R3
2021-12-17 -
2022-03-17
3 months crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA H2 2021
2021-11-26 -
2022-12-28
a year crt.sh
sentry.io
DigiCert SHA2 Secure Server CA
2020-06-02 -
2022-06-07
2 years crt.sh
*.api.zeroheight.com
Amazon
2021-11-01 -
2022-11-29
a year crt.sh
upload.video.google.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
*.s3-eu-west-1.amazonaws.com
Amazon
2021-03-26 -
2022-03-08
a year crt.sh
*.gstatic.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh

This page contains 1 frames:

Primary Page: https://content.bill.design/
Frame ID: AFA8BC34530CE5EBA6B7068E8B5A81E6
Requests: 27 HTTP requests in this frame

Screenshot

Page Title

Bill.com Content Style Guide

Detected technologies

Overall confidence: 100%
Detected patterns
  • <script[^>]*src="[^"]*browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
  • browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • /(?:([\d.])+/)?highlight(?:\.min)?\.js

Page Statistics

28
Requests

96 %
HTTPS

43 %
IPv6

7
Domains

8
Subdomains

7
IPs

3
Countries

1618 kB
Transfer

5982 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25
  • https://content.bill.design/uploads/aoUBiGEv1UQ7MBpS9RMh0A.svg HTTP 302
  • https://zeroheight-user-uploads.s3-eu-west-1.amazonaws.com/images/aoUBiGEv1UQ7MBpS9RMh0A.svg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJXTVUC4XZENV3LPQ%2F20211217%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20211217T111919Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=2bf5861e4317392ba16cbe816f94fe730a8a2e3b142bde812c0e683fedf2cdfb

28 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
content.bill.design/
14 KB
6 KB
Document
General
Full URL
https://content.bill.design/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.141.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-141-225.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
00815690beca76580879bcc2255958b3ed7714af960977ee409fea245b9c3962
Security Headers
Name Value
Content-Security-Policy default-src https: 'self'; connect-src *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com https: 'self'; font-src 'self' data: script.hotjar.com https:; img-src 'self' https: data: blob: script.hotjar.com; object-src 'self' https: data:; script-src 'self' js.stripe.c 'unsafe-eval' static.hotjar.com script.hotjar.com 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
nginx
Date
Fri, 17 Dec 2021 11:19:18 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
ETag
W/"8629e293f61db63ff165a6eb03af2089"
Cache-Control
max-age=0, private, must-revalidate
X-Request-Id
74e0ed16-4655-4618-a652-1296ead61f7c
X-Runtime
0.295942
X-Frame-Options
sameorigin
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
Referrer-Policy
origin-when-cross-origin, strict-origin-when-cross-origin
Content-Security-Policy
default-src https: 'self'; connect-src *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com https: 'self'; font-src 'self' data: script.hotjar.com https:; img-src 'self' https: data: blob: script.hotjar.com; object-src 'self' https: data:; script-src 'self' js.stripe.c 'unsafe-eval' static.hotjar.com script.hotjar.com 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'
Content-Encoding
gzip
plugin-c9a4f278f19eddf637a59e87ac046777dcd30c988dd9209d371564f8264023a1.css
content.bill.design/the-other-assets/
43 KB
10 KB
Stylesheet
General
Full URL
https://content.bill.design/the-other-assets/plugin-c9a4f278f19eddf637a59e87ac046777dcd30c988dd9209d371564f8264023a1.css
Requested by
Host: content.bill.design
URL: https://content.bill.design/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.141.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-141-225.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e1d51a98095f83cc97558ea3ce4ddc008561b7d4942fa05076a9b6a09727c130

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://content.bill.design/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Dec 2021 09:43:57 GMT
Server
nginx
ETag
W/"61bc5bdd-ac64"
Vary
Accept-Encoding
Content-Type
text/css
Transfer-Encoding
chunked
Connection
keep-alive
style.css
content.bill.design/zhapp/1.5.9.1102/
424 KB
82 KB
Stylesheet
General
Full URL
https://content.bill.design/zhapp/1.5.9.1102/style.css
Requested by
Host: content.bill.design
URL: https://content.bill.design/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.141.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-141-225.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
d860a41e01b713d060a045b2e4e21e1006e402ae06373f0e2e66f7c86d12a590

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://content.bill.design/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Dec 2021 09:44:30 GMT
Server
nginx
ETag
W/"61bc5bfe-69e5c"
Vary
Accept-Encoding
Content-Type
text/css
Transfer-Encoding
chunked
Connection
keep-alive
SpaceGrotesk.css
content.bill.design/fonts/
635 B
865 B
Stylesheet
General
Full URL
https://content.bill.design/fonts/SpaceGrotesk.css
Requested by
Host: content.bill.design
URL: https://content.bill.design/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.141.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-141-225.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
9d6bc673da8459803b24621dd2a278e425c6aca2b32490c46c20163b1849d6db

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://content.bill.design/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
Last-Modified
Fri, 17 Dec 2021 09:43:57 GMT
Server
nginx
ETag
"61bc5bdd-27b"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
635
bundle.min.js
browser.sentry-cdn.com/6.9.0/
69 KB
21 KB
Script
General
Full URL
https://browser.sentry-cdn.com/6.9.0/bundle.min.js
Requested by
Host: content.bill.design
URL: https://content.bill.design/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
68d1336631cb48dc0d49b9ef0f7018b1f5d352972d9431d9cb538ce9e4d09f84
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://content.bill.design/
Origin
https://content.bill.design
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 11:19:19 GMT
content-encoding
gzip
last-modified
Mon, 12 Jul 2021 09:57:30 GMT
server
Fastly
age
4937808
etag
"5dfa95365c77257a685f8d453e654b86"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
21712
expires
Fri, 21 Oct 2022 07:42:30 GMT
highlight.min.js
content.bill.design/
45 KB
19 KB
Script
General
Full URL
https://content.bill.design/highlight.min.js
Requested by
Host: content.bill.design
URL: https://content.bill.design/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.141.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-141-225.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
fc17e22241e51e856285975ce9316e8fb3262744d6716b0c5e4783170862d33c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://content.bill.design/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Dec 2021 09:43:57 GMT
Server
nginx
ETag
W/"61bc5bdd-b3b3"
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
app.js
content.bill.design/zhapp/1.5.9.1102/
5 MB
1 MB
Script
General
Full URL
https://content.bill.design/zhapp/1.5.9.1102/app.js
Requested by
Host: content.bill.design
URL: https://content.bill.design/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.141.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-141-225.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
412422dd290b9d04f0a989c62e2487c350ad56516e741e73d410b1bf6e63f916

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://content.bill.design/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Dec 2021 09:44:29 GMT
Server
nginx
ETag
W/"61bc5bfd-48a82c"
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
/
sentry.io/api/1297203/envelope/
2 B
409 B
Fetch
General
Full URL
https://sentry.io/api/1297203/envelope/?sentry_key=2cda59db5cb04520a5bffe1736d73cee&sentry_version=7
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.9.0/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
15.42.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://content.bill.design/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
vary
Origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/json
access-control-allow-origin
https://content.bill.design
access-control-expose-headers
x-sentry-error, x-sentry-rate-limits, retry-after
x-envoy-upstream-service-time
0
Connection
keep-alive
Content-Length
2
view
api.zeroheight.com/
0
0
Preflight
General
Full URL
https://api.zeroheight.com/view
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.132.97 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-132-97.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://content.bill.design
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Fri, 17 Dec 2021 11:19:19 GMT
content-type
application/json
content-length
1
x-amzn-requestid
bcd8e88a-47fc-4f83-b239-43918c7f3a2c
access-control-allow-origin
https://content.bill.design
access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
x-amz-apigw-id
KfbIuEAbDoEFkQQ=
access-control-allow-methods
OPTIONS,POST
latest_version_number
content.bill.design/api/
49 B
1 KB
XHR
General
Full URL
https://content.bill.design/api/latest_version_number
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.9.0/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.141.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-141-225.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
090e2fff18ec778438dd8fc7449dec61d8ca23dbe3b57d144da6cc1985c3f40a
Security Headers
Name Value
Content-Security-Policy default-src https: 'self'; connect-src *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com https: 'self'; font-src 'self' data: script.hotjar.com https:; img-src 'self' https: data: blob: script.hotjar.com; object-src 'self' https: data:; script-src 'self' js.stripe.c 'unsafe-eval' static.hotjar.com script.hotjar.com 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://content.bill.design/
X-CSRF-Token
MtApm6LQPZEhxcEJaptuxZz8xNVXcFsxWIUYSsOUhByr/duML4B+qLelo3zql6YTe+mgdz3gl4kR9psbjwb0AA==
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
Authorization
Token token="l6omzIGaBDvm-h2kKA84Hg"
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
X-Request-Id
f9f0f6fd-763c-47bf-be61-cda285c54930
X-Runtime
0.005036
Referrer-Policy
origin-when-cross-origin, strict-origin-when-cross-origin
Server
nginx
X-Frame-Options
sameorigin
ETag
W/"045e55f3ec0322153d56c4fe5b98f1bf"
X-Download-Options
noopen
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/html; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
Content-Security-Policy
default-src https: 'self'; connect-src *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com https: 'self'; font-src 'self' data: script.hotjar.com https:; img-src 'self' https: data: blob: script.hotjar.com; object-src 'self' https: data:; script-src 'self' js.stripe.c 'unsafe-eval' static.hotjar.com script.hotjar.com 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'
spin.gif
content.bill.design/images/zhapp/
31 KB
31 KB
Image
General
Full URL
https://content.bill.design/images/zhapp/spin.gif
Requested by
Host: content.bill.design
URL: https://content.bill.design/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.141.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-141-225.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
00ce3cf487e823d14a89eab41ece2d3deadb0545ab404cacc2a22ecd796b04ae

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://content.bill.design/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
Last-Modified
Fri, 17 Dec 2021 09:43:57 GMT
Server
nginx
ETag
"61bc5bdd-7c9f"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31903
full-logo-350.png
content.bill.design/images/zhapp/
9 KB
9 KB
Image
General
Full URL
https://content.bill.design/images/zhapp/full-logo-350.png
Requested by
Host: content.bill.design
URL: https://content.bill.design/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.141.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-141-225.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
42c00a91566d54e8b87465709fcb882fca52e6354a334101b34c318830282b87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://content.bill.design/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
Last-Modified
Fri, 17 Dec 2021 09:43:57 GMT
Server
nginx
ETag
"61bc5bdd-2419"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
9241
multidrag.png
content.bill.design/images/zhapp/
523 B
754 B
Image
General
Full URL
https://content.bill.design/images/zhapp/multidrag.png
Requested by
Host: content.bill.design
URL: https://content.bill.design/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.141.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-141-225.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
92f9c5adcb1361309d91e0587b85b10fa3279396e9aa791f2759e7be5514c3eb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://content.bill.design/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
Last-Modified
Fri, 17 Dec 2021 09:43:57 GMT
Server
nginx
ETag
"61bc5bdd-20b"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
523
/
sentry.io/api/1297203/envelope/
2 B
409 B
Fetch
General
Full URL
https://sentry.io/api/1297203/envelope/?sentry_key=2cda59db5cb04520a5bffe1736d73cee&sentry_version=7
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.9.0/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
15.42.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://content.bill.design/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
vary
Origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/json
access-control-allow-origin
https://content.bill.design
access-control-expose-headers
retry-after, x-sentry-error, x-sentry-rate-limits
x-envoy-upstream-service-time
0
Connection
keep-alive
Content-Length
2
/
sentry.io/api/1297203/envelope/
2 B
409 B
Fetch
General
Full URL
https://sentry.io/api/1297203/envelope/?sentry_key=2cda59db5cb04520a5bffe1736d73cee&sentry_version=7
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.9.0/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
15.42.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://content.bill.design/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
vary
Origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/json
access-control-allow-origin
https://content.bill.design
access-control-expose-headers
x-sentry-error, retry-after, x-sentry-rate-limits
x-envoy-upstream-service-time
0
Connection
keep-alive
Content-Length
2
load_blocks
content.bill.design/api/styleguide/
28 KB
4 KB
XHR
General
Full URL
https://content.bill.design/api/styleguide/load_blocks
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.9.0/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.141.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-141-225.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
0471e7ef0a708bb96b2949aa8e903c261ee6707b79a069ca9c45b9ec483bbdb4
Security Headers
Name Value
Content-Security-Policy default-src https: 'self'; connect-src *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com https: 'self'; font-src 'self' data: script.hotjar.com https:; img-src 'self' https: data: blob: script.hotjar.com; object-src 'self' https: data:; script-src 'self' js.stripe.c 'unsafe-eval' static.hotjar.com script.hotjar.com 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

X-CSRF-Token
MtApm6LQPZEhxcEJaptuxZz8xNVXcFsxWIUYSsOUhByr/duML4B+qLelo3zql6YTe+mgdz3gl4kR9psbjwb0AA==
Accept-Language
de-DE,de;q=0.9
Authorization
Token token="l6omzIGaBDvm-h2kKA84Hg"
Content-Type
application/x-www-form-urlencoded; charset=UTF-8
Accept
*/*
Referer
https://content.bill.design/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
X-Request-Id
da253c31-543b-4d23-bfc1-aa9e15aaaef7
X-Runtime
0.136670
Referrer-Policy
origin-when-cross-origin, strict-origin-when-cross-origin
Server
nginx
X-Frame-Options
sameorigin
ETag
W/"5f8315e6b7c7813fe2427386d5960c1a"
X-Download-Options
noopen
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
Content-Security-Policy
default-src https: 'self'; connect-src *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com https: 'self'; font-src 'self' data: script.hotjar.com https:; img-src 'self' https: data: blob: script.hotjar.com; object-src 'self' https: data:; script-src 'self' js.stripe.c 'unsafe-eval' static.hotjar.com script.hotjar.com 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'
load_pages
content.bill.design/api/styleguide/
544 KB
50 KB
XHR
General
Full URL
https://content.bill.design/api/styleguide/load_pages
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.9.0/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.141.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-141-225.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4f09114af58b4b327826e8e93e45f286d94c3ed00eaf6059ba48ec0dc5967767
Security Headers
Name Value
Content-Security-Policy default-src https: 'self'; connect-src *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com https: 'self'; font-src 'self' data: script.hotjar.com https:; img-src 'self' https: data: blob: script.hotjar.com; object-src 'self' https: data:; script-src 'self' js.stripe.c 'unsafe-eval' static.hotjar.com script.hotjar.com 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

X-CSRF-Token
MtApm6LQPZEhxcEJaptuxZz8xNVXcFsxWIUYSsOUhByr/duML4B+qLelo3zql6YTe+mgdz3gl4kR9psbjwb0AA==
Accept-Language
de-DE,de;q=0.9
Authorization
Token token="l6omzIGaBDvm-h2kKA84Hg"
Content-Type
application/x-www-form-urlencoded; charset=UTF-8
Accept
*/*
Referer
https://content.bill.design/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
X-Request-Id
e3680fcc-7702-45bb-a027-863e8f530636
X-Runtime
0.203392
Referrer-Policy
origin-when-cross-origin, strict-origin-when-cross-origin
Server
nginx
X-Frame-Options
sameorigin
ETag
W/"e965f652863bfcde644d12ca32245ab1"
X-Download-Options
noopen
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
Content-Security-Policy
default-src https: 'self'; connect-src *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com https: 'self'; font-src 'self' data: script.hotjar.com https:; img-src 'self' https: data: blob: script.hotjar.com; object-src 'self' https: data:; script-src 'self' js.stripe.c 'unsafe-eval' static.hotjar.com script.hotjar.com 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'
published_releases
content.bill.design/api/styleguide/58278/
36 B
1 KB
XHR
General
Full URL
https://content.bill.design/api/styleguide/58278/published_releases
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.9.0/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.141.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-141-225.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cc3b4ffee8c8f1e62a17ebb1653ed2d9b98a86fd33fd0ad91c048df6cb2b257f
Security Headers
Name Value
Content-Security-Policy default-src https: 'self'; connect-src *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com https: 'self'; font-src 'self' data: script.hotjar.com https:; img-src 'self' https: data: blob: script.hotjar.com; object-src 'self' https: data:; script-src 'self' js.stripe.c 'unsafe-eval' static.hotjar.com script.hotjar.com 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://content.bill.design/
X-CSRF-Token
MtApm6LQPZEhxcEJaptuxZz8xNVXcFsxWIUYSsOUhByr/duML4B+qLelo3zql6YTe+mgdz3gl4kR9psbjwb0AA==
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
Authorization
Token token="l6omzIGaBDvm-h2kKA84Hg"
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
X-Request-Id
0c8c8bd8-94e9-46af-9659-d84552907366
X-Runtime
0.019643
Referrer-Policy
origin-when-cross-origin, strict-origin-when-cross-origin
Server
nginx
X-Frame-Options
sameorigin
ETag
W/"59e20440320c032b5645409ae4bb9682"
X-Download-Options
noopen
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
Content-Security-Policy
default-src https: 'self'; connect-src *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com https: 'self'; font-src 'self' data: script.hotjar.com https:; img-src 'self' https: data: blob: script.hotjar.com; object-src 'self' https: data:; script-src 'self' js.stripe.c 'unsafe-eval' static.hotjar.com script.hotjar.com 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'
css
fonts.googleapis.com/
9 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Barlow:100,200,300,400,500,600,700,800,900
Requested by
Host: content.bill.design
URL: https://content.bill.design/zhapp/1.5.9.1102/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ce48ce6f0f5bf4b1f6e8430d5d5b44c32c965baef2a686df03324b4dc24e013e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://content.bill.design/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 17 Dec 2021 11:05:37 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 17 Dec 2021 11:19:19 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 17 Dec 2021 11:19:19 GMT
view
api.zeroheight.com/
28 B
381 B
Fetch
General
Full URL
https://api.zeroheight.com/view
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.9.0/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.132.97 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-132-97.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
a55cdbdee33189e33d7d91aee0487d88a6d5ba6b4e457859bfe2239ce671565f

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Referer
https://content.bill.design/
Accept-Language
de-DE,de;q=0.9
Authorization
Token token="l6omzIGaBDvm-h2kKA84Hg"
Content-Type
application/json

Response headers

date
Fri, 17 Dec 2021 11:19:19 GMT
mode
cors
referrer-policy
no-referrer
access-control-allow-headers
Content-Type
x-amzn-requestid
06d635d2-4d7d-4aea-934e-d8a18476b1a4
credentials
omit
access-control-allow-methods
OPTIONS,POST,GET
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-61bc7237-3512e5b900ce526f18639e7a;Sampled=0
access-control-allow-credentials
true
x-amz-apigw-id
KfbIvEcfjoEFROg=
content-length
28
/
sentry.io/api/1297203/envelope/
2 B
409 B
Fetch
General
Full URL
https://sentry.io/api/1297203/envelope/?sentry_key=2cda59db5cb04520a5bffe1736d73cee&sentry_version=7
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.9.0/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
15.42.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://content.bill.design/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
vary
Origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/json
access-control-allow-origin
https://content.bill.design
access-control-expose-headers
x-sentry-rate-limits, retry-after, x-sentry-error
x-envoy-upstream-service-time
0
Connection
keep-alive
Content-Length
2
/
sentry.io/api/1297203/envelope/
2 B
409 B
Fetch
General
Full URL
https://sentry.io/api/1297203/envelope/?sentry_key=2cda59db5cb04520a5bffe1736d73cee&sentry_version=7
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.9.0/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
15.42.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://content.bill.design/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
vary
Origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/json
access-control-allow-origin
https://content.bill.design
access-control-expose-headers
x-sentry-rate-limits, retry-after, x-sentry-error
x-envoy-upstream-service-time
0
Connection
keep-alive
Content-Length
2
logo.png
zeroheight.s3-eu-west-1.amazonaws.com/zeroheight-huddle/logos/36530/58278/
5 KB
5 KB
Image
General
Full URL
https://zeroheight.s3-eu-west-1.amazonaws.com/zeroheight-huddle/logos/36530/58278/logo.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJXTVUC4XZENV3LPQ%2F20211217%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20211217T111918Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=034846e7187fb07f4799cb65e69dd15d381b14b0859fdc01168458ba7723c641
Requested by
Host: content.bill.design
URL: https://content.bill.design/94b48113c/p/01cb7a-billcom-content-style-guide
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.41.248 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-eu-west-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
f40872881c9f0f3b651004060cded36a768d2123145faf162f624169626120d4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://content.bill.design/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 11:19:20 GMT
Last-Modified
Fri, 23 Apr 2021 18:22:56 GMT
Server
AmazonS3
x-amz-request-id
1Z4RYCJKN5FVPVFA
ETag
"723f5b990e165d09793b5333b202487c"
Content-Type
image/png
x-amz-version-id
rD9u75Lc96U1WRdOrvLIPcNf.ZDHxuVm
Accept-Ranges
bytes
Content-Length
4723
x-amz-id-2
m2lTdujw5rCXCpmRRB/iHqMCk45D2Q10+SNnSxe3ehq45sjAj0zaRp/DLf+dfhuqytElXPTg9qI=
7cHpv4kjgoGqM7E_DMs5.woff2
fonts.gstatic.com/s/barlow/v5/
20 KB
20 KB
Font
General
Full URL
https://fonts.gstatic.com/s/barlow/v5/7cHpv4kjgoGqM7E_DMs5.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Barlow:100,200,300,400,500,600,700,800,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
023694a0472dde38c6600bf88e6330765839e53f64f94edb63714aeab3de7e51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://content.bill.design
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 21:51:56 GMT
x-content-type-options
nosniff
age
221243
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20444
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 17:04:46 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 21:51:56 GMT
7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v5/
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E3t-4s51os.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Barlow:100,200,300,400,500,600,700,800,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://content.bill.design
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 11:01:25 GMT
x-content-type-options
nosniff
age
173874
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21080
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 17:05:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 11:01:25 GMT
7cHqv4kjgoGqM7E3_-gs51os.woff2
fonts.gstatic.com/s/barlow/v5/
20 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E3_-gs51os.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Barlow:100,200,300,400,500,600,700,800,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bf6c1e2f8c250b7efeb5d250181599880b1c17efc3c94466aa5d847454bf14ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://content.bill.design
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 10:55:09 GMT
x-content-type-options
nosniff
age
260650
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20348
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 17:07:49 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 10:55:09 GMT
aoUBiGEv1UQ7MBpS9RMh0A.svg
zeroheight-user-uploads.s3-eu-west-1.amazonaws.com/images/
Redirect Chain
  • https://content.bill.design/uploads/aoUBiGEv1UQ7MBpS9RMh0A.svg
  • https://zeroheight-user-uploads.s3-eu-west-1.amazonaws.com/images/aoUBiGEv1UQ7MBpS9RMh0A.svg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJXTVUC4XZENV3LPQ%2F20211217%2Feu-west-1%2Fs3%2Faws...
31 KB
31 KB
Image
General
Full URL
https://zeroheight-user-uploads.s3-eu-west-1.amazonaws.com/images/aoUBiGEv1UQ7MBpS9RMh0A.svg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJXTVUC4XZENV3LPQ%2F20211217%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20211217T111919Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=2bf5861e4317392ba16cbe816f94fe730a8a2e3b142bde812c0e683fedf2cdfb
Protocol
HTTP/1.1
Server
52.218.41.248 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-eu-west-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
804716d32a0c9ef02b4b0b336c83dae5cade784acc0b72ed5ea1cb5f9d69b096

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://content.bill.design/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 17 Dec 2021 11:19:20 GMT
Last-Modified
Tue, 31 Aug 2021 21:48:46 GMT
Server
AmazonS3
x-amz-request-id
1Z4V38B74GZP03HM
ETag
"bfae7b4a044a827913a298f6f2ab6fdc"
Content-Type
image/svg+xml
x-amz-version-id
null
Accept-Ranges
bytes
Content-Length
31277
x-amz-id-2
IypPHzOOvYOaxv4fRPbCHg7w01vhosdyi84iYQNLsrRPdYbJj7ClWXR/OB/lDHCUoCI63+f6CZE=

Redirect headers

Date
Fri, 17 Dec 2021 11:19:19 GMT
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Request-Id
48c264ad-7c2d-4425-a2b6-9713aaaca3c5
X-Runtime
0.005379
Referrer-Policy
origin-when-cross-origin, strict-origin-when-cross-origin
Server
nginx
X-Frame-Options
sameorigin
X-Download-Options
noopen
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/html; charset=utf-8
Location
https://zeroheight-user-uploads.s3-eu-west-1.amazonaws.com/images/aoUBiGEv1UQ7MBpS9RMh0A.svg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJXTVUC4XZENV3LPQ%2F20211217%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20211217T111919Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=2bf5861e4317392ba16cbe816f94fe730a8a2e3b142bde812c0e683fedf2cdfb
Cache-Control
no-cache
Content-Security-Policy
default-src https: 'self'; connect-src *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com https: 'self'; font-src 'self' data: script.hotjar.com https:; img-src 'self' https: data: blob: script.hotjar.com; object-src 'self' https: data:; script-src 'self' js.stripe.c 'unsafe-eval' static.hotjar.com script.hotjar.com 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'
7cHqv4kjgoGqM7E30-8s51os.woff2
fonts.gstatic.com/s/barlow/v5/
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E30-8s51os.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Barlow:100,200,300,400,500,600,700,800,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
46710f0509008ad4a31212927e35441764b757d672b2ed4f892ee4e2f0804abb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://content.bill.design
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 20:14:08 GMT
x-content-type-options
nosniff
age
227111
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21072
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 17:05:33 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 20:14:08 GMT

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| forgeryToken boolean| showCookieBanner string| cookieBannerAccentColor string| cookieBannerLinkColor object| Sentry object| __SENTRY__ string| APP_VERSION string| APP_MODE object| USER_INFO object| AVAILABLE_PLANS object| USER_ATTACHMENTS_WHITELIST number| USER_ATTACHMENTS_BATCH_LIMIT string| USER_ATTACHMENTS_MAX_FILE_SIZE string| FIGMA_CLIENT_ID string| ZEPLIN_CLIENT_ID boolean| KEEP_OPEN object| styleguideDetails string| STRIPE_KEY object| hljs object| SENTRY_RELEASE object| regeneratorRuntime object| Backbone object| scCGSHMRCache function| Quill object| less object| jsonlint boolean| loadingFigmaImages

3 Cookies

Domain/Path Name / Value
content.bill.design/ Name: loc_code
Value: DE
.bill.design/ Name: viewer_uid
Value: RlcvaFJaMEhNdlJNWlBXUWFqcm9XTVdPQndjR3BhdkxNVnJkYmw3QnR3bz0tLVVpOERTaEIwM2dGSXlla09hcDlJRVE9PQ%3D%3D--f588cd4ab37e5a84ad2a7843568bc3f5153c5cec
content.bill.design/ Name: _zeroheight_session
Value: OXFXdHBYL0I4YUl4YS8zZjk2K1ZjY0FCU1FIWllZN3IzMEVaQ1FnYUdCQ3BYYUkyVFFIM3hZWkJsNzlMWTZkTHpYdktzaGRCTGs0QXkwcmN3dzlJTTBpb1dCVjRsdXRQUHdKa1loWmh0WlhscTdTMEhNMDBWOEhtUUp4ZHU1MFdCQ3pud3llNDZzM2gzb08zRkNoT0VRPT0tLW5zLzNtN0FRUmU5cGdPMUhkdGNnZ3c9PQ%3D%3D--14ca1bc138827faae5857cc13fe00812c4b3d320

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: 'self'; connect-src *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com https: 'self'; font-src 'self' data: script.hotjar.com https:; img-src 'self' https: data: blob: script.hotjar.com; object-src 'self' https: data:; script-src 'self' js.stripe.c 'unsafe-eval' static.hotjar.com script.hotjar.com 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.zeroheight.com
browser.sentry-cdn.com
content.bill.design
fonts.googleapis.com
fonts.gstatic.com
sentry.io
zeroheight-user-uploads.s3-eu-west-1.amazonaws.com
zeroheight.s3-eu-west-1.amazonaws.com
2a00:1450:4001:808::200a
2a00:1450:4001:810::2003
2a04:4e42:600::729
35.188.42.15
52.208.141.225
52.218.41.248
52.30.132.97
00815690beca76580879bcc2255958b3ed7714af960977ee409fea245b9c3962
00ce3cf487e823d14a89eab41ece2d3deadb0545ab404cacc2a22ecd796b04ae
023694a0472dde38c6600bf88e6330765839e53f64f94edb63714aeab3de7e51
0471e7ef0a708bb96b2949aa8e903c261ee6707b79a069ca9c45b9ec483bbdb4
090e2fff18ec778438dd8fc7449dec61d8ca23dbe3b57d144da6cc1985c3f40a
412422dd290b9d04f0a989c62e2487c350ad56516e741e73d410b1bf6e63f916
42c00a91566d54e8b87465709fcb882fca52e6354a334101b34c318830282b87
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46710f0509008ad4a31212927e35441764b757d672b2ed4f892ee4e2f0804abb
4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8
4f09114af58b4b327826e8e93e45f286d94c3ed00eaf6059ba48ec0dc5967767
68d1336631cb48dc0d49b9ef0f7018b1f5d352972d9431d9cb538ce9e4d09f84
804716d32a0c9ef02b4b0b336c83dae5cade784acc0b72ed5ea1cb5f9d69b096
92f9c5adcb1361309d91e0587b85b10fa3279396e9aa791f2759e7be5514c3eb
9d6bc673da8459803b24621dd2a278e425c6aca2b32490c46c20163b1849d6db
a55cdbdee33189e33d7d91aee0487d88a6d5ba6b4e457859bfe2239ce671565f
bf6c1e2f8c250b7efeb5d250181599880b1c17efc3c94466aa5d847454bf14ef
cc3b4ffee8c8f1e62a17ebb1653ed2d9b98a86fd33fd0ad91c048df6cb2b257f
ce48ce6f0f5bf4b1f6e8430d5d5b44c32c965baef2a686df03324b4dc24e013e
d860a41e01b713d060a045b2e4e21e1006e402ae06373f0e2e66f7c86d12a590
e1d51a98095f83cc97558ea3ce4ddc008561b7d4942fa05076a9b6a09727c130
f40872881c9f0f3b651004060cded36a768d2123145faf162f624169626120d4
fc17e22241e51e856285975ce9316e8fb3262744d6716b0c5e4783170862d33c