Submitted URL: https://botiga.albajussa.cat/
Effective URL: https://botiga.albajussa.cat/web/login
Submission: On April 27 via api from US — Scanned from AT

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 65.108.238.179, located in Helsinki, Finland and belongs to HETZNER-AS, DE. The main domain is botiga.albajussa.cat.
TLS certificate: Issued by R3 on April 18th 2024. Valid for: 3 months.
This is the only time botiga.albajussa.cat was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 16 65.108.238.179 24940 (HETZNER-AS)
14 1
Apex Domain
Subdomains
Transfer
16 albajussa.cat
botiga.albajussa.cat
857 KB
14 1
Domain Requested by
16 botiga.albajussa.cat 2 redirects botiga.albajussa.cat
14 1

This site contains links to these domains. Also see Links.

Domain
www.odoo.com
Subject Issuer Validity Valid
botiga.albajussa.cat
R3
2024-04-18 -
2024-07-17
3 months crt.sh

This page contains 1 frames:

Primary Page: https://botiga.albajussa.cat/web/login
Frame ID: 9FFE2C8BED514454BBA99305C1127DD7
Requests: 14 HTTP requests in this frame

Screenshot

Page Title

Odoo

Page URL History Show full URLs

  1. https://botiga.albajussa.cat/ HTTP 303
    http://botiga.albajussa.cat/web HTTP 307
    https://botiga.albajussa.cat/web HTTP 303
    http://botiga.albajussa.cat/web/login HTTP 307
    https://botiga.albajussa.cat/web/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

855 kB
Transfer

2659 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://botiga.albajussa.cat/ HTTP 303
    http://botiga.albajussa.cat/web HTTP 307
    https://botiga.albajussa.cat/web HTTP 303
    http://botiga.albajussa.cat/web/login HTTP 307
    https://botiga.albajussa.cat/web/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login
botiga.albajussa.cat/web/
Redirect Chain
  • https://botiga.albajussa.cat/
  • http://botiga.albajussa.cat/web
  • https://botiga.albajussa.cat/web
  • http://botiga.albajussa.cat/web/login
  • https://botiga.albajussa.cat/web/login
5 KB
3 KB
Document
General
Full URL
https://botiga.albajussa.cat/web/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.108.238.179 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.179.238.108.65.clients.your-server.de
Software
Werkzeug/0.16.1 Python/3.9.18 /
Resource Hash
65ee0ae1b953d54261e47f60e1b0f02b9172adab5d5b6ad1de10dfacd649b0fd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-AT,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
1709
Content-Security-Policy
default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Content-Type
text/html; charset=utf-8
Date
Sat, 27 Apr 2024 08:50:32 GMT
Keep-Alive
timeout=5, max=98
Referrer-Policy
same-origin
Server
Werkzeug/0.16.1 Python/3.9.18
Strict-Transport-Security
max-age=15552000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
X-XSS-Protection
1; mode=block

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://botiga.albajussa.cat/web/login
Non-Authoritative-Reason
HSTS
fontawesome-webfont.woff2
botiga.albajussa.cat/web/static/lib/fontawesome/fonts/
75 KB
76 KB
Font
General
Full URL
https://botiga.albajussa.cat/web/static/lib/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: botiga.albajussa.cat
URL: https://botiga.albajussa.cat/web/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.108.238.179 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.179.238.108.65.clients.your-server.de
Software
Werkzeug/0.16.1 Python/3.9.18 /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://botiga.albajussa.cat/web/login
Origin
https://botiga.albajussa.cat
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 27 Apr 2024 08:50:32 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Connection
Keep-Alive
Content-Length
77160
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Wed, 02 Nov 2022 14:10:11 GMT
Server
Werkzeug/0.16.1 Python/3.9.18
Etag
"wzsdm-1667398211-77160-2223376861"
X-Frame-Options
sameorigin
Content-Type
font/woff2
Cache-Control
max-age=604800, public
Keep-Alive
timeout=5, max=97
Expires
Sat, 04 May 2024 08:50:32 GMT
web.assets_common.min.css
botiga.albajussa.cat/web/assets/3139-305f33e/
156 KB
26 KB
Stylesheet
General
Full URL
https://botiga.albajussa.cat/web/assets/3139-305f33e/web.assets_common.min.css
Requested by
Host: botiga.albajussa.cat
URL: https://botiga.albajussa.cat/web/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.108.238.179 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.179.238.108.65.clients.your-server.de
Software
Werkzeug/0.16.1 Python/3.9.18 /
Resource Hash
f58f1a2902949e4cd9758e2f7d15ef293e5bf6fa1ce13e29ec60c75075273edb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://botiga.albajussa.cat/web/login
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 27 Apr 2024 08:50:32 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Server
Werkzeug/0.16.1 Python/3.9.18
ETag
4462ccea40a51c04ae4f7e3b4b48d10b10074e13
Vary
Accept-Encoding
X-Frame-Options
sameorigin
Content-Type
text/css
Cache-Control
max-age=31536000
Keep-Alive
timeout=5, max=100
web.assets_frontend.min.css
botiga.albajussa.cat/web/assets/3140-1388466/
349 KB
46 KB
Stylesheet
General
Full URL
https://botiga.albajussa.cat/web/assets/3140-1388466/web.assets_frontend.min.css
Requested by
Host: botiga.albajussa.cat
URL: https://botiga.albajussa.cat/web/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.108.238.179 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.179.238.108.65.clients.your-server.de
Software
Werkzeug/0.16.1 Python/3.9.18 /
Resource Hash
f69912c92307e6d7edfe8576e1a9d3751ea2d383f5fbea97c04f3581458d73b7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://botiga.albajussa.cat/web/login
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 27 Apr 2024 08:50:32 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Server
Werkzeug/0.16.1 Python/3.9.18
ETag
b65ae1969e163717cf0333a6f28a607c8f00f294
Vary
Accept-Encoding
X-Frame-Options
sameorigin
Content-Type
text/css
Cache-Control
max-age=31536000
Keep-Alive
timeout=5, max=100
web.assets_common_minimal.min.js
botiga.albajussa.cat/web/assets/2653-2687790/
26 KB
9 KB
Script
General
Full URL
https://botiga.albajussa.cat/web/assets/2653-2687790/web.assets_common_minimal.min.js
Requested by
Host: botiga.albajussa.cat
URL: https://botiga.albajussa.cat/web/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.108.238.179 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.179.238.108.65.clients.your-server.de
Software
Werkzeug/0.16.1 Python/3.9.18 /
Resource Hash
d9282c61a984fbc1970567118bc4ac43df2c0b931d1ec17644c902080446466f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://botiga.albajussa.cat/web/login
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 27 Apr 2024 08:50:32 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
7965
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Server
Werkzeug/0.16.1 Python/3.9.18
ETag
90aa6b775b03c6a19408e23ecce07afdfd9866f0
Vary
Accept-Encoding
X-Frame-Options
sameorigin
Content-Type
application/javascript
Cache-Control
max-age=31536000
Keep-Alive
timeout=5, max=99
web.assets_frontend_minimal.min.js
botiga.albajussa.cat/web/assets/205-9256a4d/
3 KB
2 KB
Script
General
Full URL
https://botiga.albajussa.cat/web/assets/205-9256a4d/web.assets_frontend_minimal.min.js
Requested by
Host: botiga.albajussa.cat
URL: https://botiga.albajussa.cat/web/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.108.238.179 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.179.238.108.65.clients.your-server.de
Software
Werkzeug/0.16.1 Python/3.9.18 /
Resource Hash
3504f767e5737f09b72259714dc6bf82369dcd527a8c71b281bb485937007829
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://botiga.albajussa.cat/web/login
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 27 Apr 2024 08:50:33 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
1004
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Server
Werkzeug/0.16.1 Python/3.9.18
ETag
0ee951439c6eb9f6df65166aa4dda9b8351ecd0e
Vary
Accept-Encoding
X-Frame-Options
sameorigin
Content-Type
application/javascript
Cache-Control
max-age=31536000
Keep-Alive
timeout=5, max=99
company_logo
botiga.albajussa.cat/web/binary/
9 KB
11 KB
Image
General
Full URL
https://botiga.albajussa.cat/web/binary/company_logo
Requested by
Host: botiga.albajussa.cat
URL: https://botiga.albajussa.cat/web/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.108.238.179 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.179.238.108.65.clients.your-server.de
Software
Werkzeug/0.16.1 Python/3.9.18 /
Resource Hash
154af7892608e0986c77637698ba5e6c11ae8bb600030fd582dc3b35f84ef3d4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://botiga.albajussa.cat/web/login
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 27 Apr 2024 08:50:32 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Fri, 26 Apr 2024 16:56:43 GMT
Server
Werkzeug/0.16.1 Python/3.9.18
ETag
"odoo-2024-04-26 16:56:43.118487-9646-298255238"
X-Frame-Options
sameorigin
Access-Control-Allow-Methods
GET, POST
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Accept-Ranges
none
Keep-Alive
timeout=5, max=100
Expires
Sat, 04 May 2024 08:50:32 GMT
Roboto-Regular.ttf
botiga.albajussa.cat/web/static/fonts/google/Roboto/
167 KB
168 KB
Font
General
Full URL
https://botiga.albajussa.cat/web/static/fonts/google/Roboto/Roboto-Regular.ttf
Requested by
Host: botiga.albajussa.cat
URL: https://botiga.albajussa.cat/web/assets/3139-305f33e/web.assets_common.min.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.108.238.179 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.179.238.108.65.clients.your-server.de
Software
Werkzeug/0.16.1 Python/3.9.18 /
Resource Hash
9e79eaebefe9cb1188defba9413ad6d383cff1f0b4334f0b878634648fb70322
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://botiga.albajussa.cat/web/assets/3139-305f33e/web.assets_common.min.css
Origin
https://botiga.albajussa.cat
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 27 Apr 2024 08:50:33 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Connection
Keep-Alive
Content-Length
170984
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Wed, 02 Nov 2022 14:10:11 GMT
Server
Werkzeug/0.16.1 Python/3.9.18
Etag
"wzsdm-1667398211-170984-1099040497"
X-Frame-Options
sameorigin
Content-Type
application/x-font-ttf
Cache-Control
max-age=604800, public
Keep-Alive
timeout=5, max=98
Expires
Sat, 04 May 2024 08:50:33 GMT
web.assets_common_lazy.min.js
botiga.albajussa.cat/web/assets/3141-1ee5877/
1 MB
324 KB
Script
General
Full URL
https://botiga.albajussa.cat/web/assets/3141-1ee5877/web.assets_common_lazy.min.js
Requested by
Host: botiga.albajussa.cat
URL: https://botiga.albajussa.cat/web/assets/205-9256a4d/web.assets_frontend_minimal.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.108.238.179 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.179.238.108.65.clients.your-server.de
Software
Werkzeug/0.16.1 Python/3.9.18 /
Resource Hash
20b803156a178b2c2ad910d1fe9a16c3a39c4b4f7206c4ff96a6fe3062b6ff8e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://botiga.albajussa.cat/web/login
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 27 Apr 2024 08:50:33 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Server
Werkzeug/0.16.1 Python/3.9.18
ETag
749cb24f63f0fa99837a20f72e1f097d7afb71c9
Vary
Accept-Encoding
X-Frame-Options
sameorigin
Content-Type
application/javascript
Cache-Control
max-age=31536000
Keep-Alive
timeout=5, max=97
favicon.ico
botiga.albajussa.cat/web/static/img/
1 KB
2 KB
Other
General
Full URL
https://botiga.albajussa.cat/web/static/img/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.108.238.179 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.179.238.108.65.clients.your-server.de
Software
Werkzeug/0.16.1 Python/3.9.18 /
Resource Hash
4bd1ab3d744c19286e0676a67eddb7d4a649d690589b7e7ac93c9b5a419db8b0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://botiga.albajussa.cat/web/login
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 27 Apr 2024 08:50:33 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Connection
Keep-Alive
Content-Length
1150
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Wed, 02 Nov 2022 14:10:11 GMT
Server
Werkzeug/0.16.1 Python/3.9.18
Etag
"wzsdm-1667398211-1150-440534096"
X-Frame-Options
sameorigin
Content-Type
image/vnd.microsoft.icon
Cache-Control
max-age=604800, public
Keep-Alive
timeout=5, max=98
Expires
Sat, 04 May 2024 08:50:33 GMT
web.assets_frontend_lazy.min.js
botiga.albajussa.cat/web/assets/3142-2cc8f92/
418 KB
106 KB
Script
General
Full URL
https://botiga.albajussa.cat/web/assets/3142-2cc8f92/web.assets_frontend_lazy.min.js
Requested by
Host: botiga.albajussa.cat
URL: https://botiga.albajussa.cat/web/assets/205-9256a4d/web.assets_frontend_minimal.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.108.238.179 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.179.238.108.65.clients.your-server.de
Software
Werkzeug/0.16.1 Python/3.9.18 /
Resource Hash
7fdad938e51289f55326b8b919a72f723fe1845f8beb2cd7984e45a206231da0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://botiga.albajussa.cat/web/login
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 27 Apr 2024 08:50:33 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Server
Werkzeug/0.16.1 Python/3.9.18
ETag
d78edf0b9ac6213e88e46407ee9979c4f3c15c24
Vary
Accept-Encoding
X-Frame-Options
sameorigin
Content-Type
application/javascript
Cache-Control
max-age=31536000
Keep-Alive
timeout=5, max=96
3f9840f92d2d22f10fb83244d7f7c08c01533309
botiga.albajussa.cat/website/translations/
73 KB
74 KB
XHR
General
Full URL
https://botiga.albajussa.cat/website/translations/3f9840f92d2d22f10fb83244d7f7c08c01533309
Requested by
Host: botiga.albajussa.cat
URL: https://botiga.albajussa.cat/web/assets/3141-1ee5877/web.assets_common_lazy.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.108.238.179 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.179.238.108.65.clients.your-server.de
Software
Werkzeug/0.16.1 Python/3.9.18 /
Resource Hash
bf038dc736d522034fda4a988b23e9f7e324406a81f16e8ab75fe56affebd769
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept
*/*
Referer
https://botiga.albajussa.cat/web/login
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 27 Apr 2024 08:50:33 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Referrer-Policy
same-origin
Content-Security-Policy
default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Server
Werkzeug/0.16.1 Python/3.9.18
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
Content-Type
application/json
Cache-Control
public, max-age=31536000
Connection
Keep-Alive
Keep-Alive
timeout=5, max=95
Content-Length
74793
X-XSS-Protection
1; mode=block
1714207833733
botiga.albajussa.cat/web/webclient/qweb/
23 KB
7 KB
Fetch
General
Full URL
https://botiga.albajussa.cat/web/webclient/qweb/1714207833733?bundle=web.assets_frontend
Requested by
Host: botiga.albajussa.cat
URL: https://botiga.albajussa.cat/web/assets/3142-2cc8f92/web.assets_frontend_lazy.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.108.238.179 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.179.238.108.65.clients.your-server.de
Software
Werkzeug/0.16.1 Python/3.9.18 /
Resource Hash
3aa405df9a00c4aa8929553f0ce836f07007851af4fe967ff7277c1918aea28f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://botiga.albajussa.cat/web/login
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 27 Apr 2024 08:50:33 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Encoding
gzip
Content-Security-Policy
default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Server
Werkzeug/0.16.1 Python/3.9.18
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET, POST
Content-Type
text/xml
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
X-Frame-Options
sameorigin
Keep-Alive
timeout=5, max=94
3f9840f92d2d22f10fb83244d7f7c08c01533309
botiga.albajussa.cat/website/translations/
73 KB
0
Fetch
General
Full URL
https://botiga.albajussa.cat/website/translations/3f9840f92d2d22f10fb83244d7f7c08c01533309
Requested by
Host: botiga.albajussa.cat
URL: https://botiga.albajussa.cat/web/assets/3142-2cc8f92/web.assets_frontend_lazy.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
65.108.238.179 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.179.238.108.65.clients.your-server.de
Software
Werkzeug/0.16.1 Python/3.9.18 /
Resource Hash
bf038dc736d522034fda4a988b23e9f7e324406a81f16e8ab75fe56affebd769
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://botiga.albajussa.cat/web/login
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 27 Apr 2024 08:50:33 GMT
Content-Security-Policy
default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Server
Werkzeug/0.16.1 Python/3.9.18
X-Frame-Options
sameorigin
Content-Type
application/json
Cache-Control
public, max-age=31536000
Content-Length
74793
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| odoo function| ES6Promise object| version object| QWeb2 function| _renderImageOnCanvas function| _ function| moment object| owl function| $ function| jQuery function| Popper object| Util function| Alert function| Button function| Carousel function| Collapse function| Dropdown function| Modal function| Tooltip function| Popover function| ScrollSpy function| Tab function| Toast object| Select2 function| ClipboardJS number| ix object| vkbeautify function| _Markup object| luxon

3 Cookies

Domain/Path Name / Value
botiga.albajussa.cat/ Name: session_id
Value: e1594c65d9b1fa993ccc07689178a58c76a6264a
botiga.albajussa.cat/ Name: tz
Value: Europe/Vienna
botiga.albajussa.cat/ Name: frontend_lang
Value: ca_ES

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; img-src 'self' 'unsafe-eval' *.googleapis.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.odoocdn.com;script-src *.google-analytics.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com *.odoocdn.com; object-src 'none';connect-src *.cavabeso.com http://tienda.cavabeso.com 'self';script-src-elem apis.google.com *.google-analytics.com 'self' 'unsafe-inline';frame-src *.googleapis.com 'self'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block