urlscan.io logo urlscan.io
SecurityTrails logo

identity.app.anova.com Open in urlscan Pro
2620:1ec:48::44  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://identity.unify.anova.com/
Effective URL: https://identity.app.anova.com/Account/Login?ReturnUrl=%2FIdentity%2FAccount%2FManage
Submission: On August 27 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 2620:1ec:48::44, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is identity.app.anova.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on August 20th 2021. Valid for: a year.
This is the only time identity.app.anova.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 9 2620:1ec:48::44 8068 (MICROSOFT...)
7 1
Apex Domain
Subdomains		 Transfer
9 anova.com
identity.unify.anova.com
identity.app.anova.com
839 KB
7 1
Domain Requested by
7 identity.app.anova.com identity.app.anova.com
2 identity.unify.anova.com 2 redirects
7 2

This site contains no links.

Subject Issuer Validity Valid
identity.app.anova.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-08-20 -
2022-08-20		 a year crt.sh

This page contains 1 frames:

Primary Page: https://identity.app.anova.com/Account/Login?ReturnUrl=%2FIdentity%2FAccount%2FManage
Frame ID: 3B459E738EE0666133CA5F8CD1EA25A5
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Anova Base - Log in to your account

Page URL History Show full URLs

  1. https://identity.unify.anova.com/ HTTP 302
    https://identity.unify.anova.com/Identity/Account/Manage HTTP 302
    https://identity.app.anova.com/Account/Login?ReturnUrl=%2FIdentity%2FAccount%2FManage Page URL

Page Statistics

7
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

838 kB
Transfer

1154 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://identity.unify.anova.com/ HTTP 302
    https://identity.unify.anova.com/Identity/Account/Manage HTTP 302
    https://identity.app.anova.com/Account/Login?ReturnUrl=%2FIdentity%2FAccount%2FManage Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login
identity.app.anova.com/Account/
Redirect Chain
  • https://identity.unify.anova.com/
  • https://identity.unify.anova.com/Identity/Account/Manage
  • https://identity.app.anova.com/Account/Login?ReturnUrl=%2FIdentity%2FAccount%2FManage
6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://identity.app.anova.com/Account/Login?ReturnUrl=%2FIdentity%2FAccount%2FManage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
32a55b065a859d921cd94ea01a304edfad13c8668c5ff8ab37f863819c51bdcc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Security-Policy default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
identity.app.anova.com
:scheme
https
:path
/Account/Login?ReturnUrl=%2FIdentity%2FAccount%2FManage
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

cache-control
no-cache, no-store
pragma
no-cache
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
set-cookie
.AspNetCore.Antiforgery.58Afi2HsCSg=CfDJ8HfyDLmkTL5IqKzdOIEMWvhARJG0bkRZV3c6HeedDmNRfnseDSCLUWnlUevWUXO5NEqH5D_flmMUk3zT-jfXzZ8R9g7ZnBlg30SqzmKbhYKhPqkKsGzvy7Gzu1FV38qYguAgYdOV8D4Wp3yNeox4ed0; path=/; samesite=strict; httponly .AspNetCore.Mvc.CookieTempDataProvider=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax; httponly
content-security-policy
default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-content-security-policy
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
referrer-policy
no-referrer
x-envoy-upstream-service-time
3
x-cluster-id
ue
x-xss-protection
1; mode=block
x-download-options
noopen
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
feature-policy
camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
x-cache
CONFIG_NOCACHE
x-azure-ref
0mNAoYQAAAABq97M+Nq56QaAAq6aSWwr3TE9OMjFFREdFMDEwOABlMTUxNDEzYy1jMmI3LTRmNjAtODRkMS03YmNkMmRmMGE1OTE=
date
Fri, 27 Aug 2021 11:46:32 GMT

Redirect headers

location
https://identity.app.anova.com/Account/Login?ReturnUrl=%2FIdentity%2FAccount%2FManage
content-security-policy
default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
x-envoy-upstream-service-time
1
x-cluster-id
ue
x-frame-options
deny
x-xss-protection
1; mode=block
x-content-type-options
nosniff
referrer-policy
no-referrer
x-download-options
noopen
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
feature-policy
camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
x-cache
CONFIG_NOCACHE
x-azure-ref
0mNAoYQAAAAD50puU1srzR76CjgJwsSvKTE9OMjFFREdFMDEyMQBlMTUxNDEzYy1jMmI3LTRmNjAtODRkMS03YmNkMmRmMGE1OTE=
date
Fri, 27 Aug 2021 11:46:31 GMT
content-length
0
anova.css
identity.app.anova.com/dist/css/ 		173 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://identity.app.anova.com/dist/css/anova.css
Requested by
Host: identity.app.anova.com
URL: https://identity.app.anova.com/Account/Login?ReturnUrl=%2FIdentity%2FAccount%2FManage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f3a241e275996d78132f4d4d80e2359f72f66c351a23bfc4a81969e03dec7713
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

:path
/dist/css/anova.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
identity.app.anova.com
cookie
.AspNetCore.Antiforgery.58Afi2HsCSg=CfDJ8HfyDLmkTL5IqKzdOIEMWvhARJG0bkRZV3c6HeedDmNRfnseDSCLUWnlUevWUXO5NEqH5D_flmMUk3zT-jfXzZ8R9g7ZnBlg30SqzmKbhYKhPqkKsGzvy7Gzu1FV38qYguAgYdOV8D4Wp3yNeox4ed0
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-cluster-id
ue
content-security-policy
default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
content-encoding
gzip
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
1
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 25 Aug 2021 09:37:54 GMT
x-frame-options
deny
etag
"1d79994e101b672"
x-download-options
noopen
x-azure-ref
0mNAoYQAAAAD0+RCJwYekTrzbVZAExHiaTE9OMjFFREdFMDEwOABlMTUxNDEzYy1jMmI3LTRmNjAtODRkMS03YmNkMmRmMGE1OTE=
content-type
text/css
feature-policy
camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
accept-ranges
bytes
date
Fri, 27 Aug 2021 11:46:32 GMT
logo-anova.svg
identity.app.anova.com/dist/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identity.app.anova.com/dist/images/logo-anova.svg
Requested by
Host: identity.app.anova.com
URL: https://identity.app.anova.com/Account/Login?ReturnUrl=%2FIdentity%2FAccount%2FManage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1a53f5655d3584486505406d9f786def64b65d5e1bcdc0aa5e15de2300deea66
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

:path
/dist/images/logo-anova.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
identity.app.anova.com
cookie
.AspNetCore.Antiforgery.58Afi2HsCSg=CfDJ8HfyDLmkTL5IqKzdOIEMWvhARJG0bkRZV3c6HeedDmNRfnseDSCLUWnlUevWUXO5NEqH5D_flmMUk3zT-jfXzZ8R9g7ZnBlg30SqzmKbhYKhPqkKsGzvy7Gzu1FV38qYguAgYdOV8D4Wp3yNeox4ed0
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-cluster-id
ue
content-security-policy
default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
2
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1750
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 25 Aug 2021 09:37:54 GMT
x-frame-options
deny
etag
"1d79994e10303d6"
x-download-options
noopen
x-azure-ref
0mNAoYQAAAACOtpSDT5HTS6GqP/Gq0qSGTE9OMjFFREdFMDEwOABlMTUxNDEzYy1jMmI3LTRmNjAtODRkMS03YmNkMmRmMGE1OTE=
content-type
image/svg+xml
feature-policy
camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
accept-ranges
bytes
date
Fri, 27 Aug 2021 11:46:32 GMT
anova.js
identity.app.anova.com/dist/js/ 		285 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://identity.app.anova.com/dist/js/anova.js
Requested by
Host: identity.app.anova.com
URL: https://identity.app.anova.com/Account/Login?ReturnUrl=%2FIdentity%2FAccount%2FManage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
75ae9949abaab92547a758a83c85577cbb371f62ca7c5c505b54785e689312cc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

:path
/dist/js/anova.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
identity.app.anova.com
cookie
.AspNetCore.Antiforgery.58Afi2HsCSg=CfDJ8HfyDLmkTL5IqKzdOIEMWvhARJG0bkRZV3c6HeedDmNRfnseDSCLUWnlUevWUXO5NEqH5D_flmMUk3zT-jfXzZ8R9g7ZnBlg30SqzmKbhYKhPqkKsGzvy7Gzu1FV38qYguAgYdOV8D4Wp3yNeox4ed0
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-cluster-id
ue
content-security-policy
default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
content-encoding
gzip
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
1
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 25 Aug 2021 09:37:54 GMT
x-frame-options
deny
etag
"1d79994e1077783"
x-download-options
noopen
x-azure-ref
0mNAoYQAAAAB9KjFYd7jPQZet3yLKM3AlTE9OMjFFREdFMDEwOABlMTUxNDEzYy1jMmI3LTRmNjAtODRkMS03YmNkMmRmMGE1OTE=
content-type
application/javascript
feature-policy
camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
accept-ranges
bytes
date
Fri, 27 Aug 2021 11:46:32 GMT
WorkSans-SemiBold.ttf
identity.app.anova.com/dist/fonts/ 		230 KB
230 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://identity.app.anova.com/dist/fonts/WorkSans-SemiBold.ttf
Requested by
Host: identity.app.anova.com
URL: https://identity.app.anova.com/dist/css/anova.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d0c1d6532cdc10deb011b3461c748aa3c440becf6181eb442bfadadea9ca313d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

:path
/dist/fonts/WorkSans-SemiBold.ttf
pragma
no-cache
origin
https://identity.app.anova.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
identity.app.anova.com
cookie
.AspNetCore.Antiforgery.58Afi2HsCSg=CfDJ8HfyDLmkTL5IqKzdOIEMWvhARJG0bkRZV3c6HeedDmNRfnseDSCLUWnlUevWUXO5NEqH5D_flmMUk3zT-jfXzZ8R9g7ZnBlg30SqzmKbhYKhPqkKsGzvy7Gzu1FV38qYguAgYdOV8D4Wp3yNeox4ed0
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://identity.app.anova.com
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-cluster-id
ue
content-security-policy
default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
2
strict-transport-security
max-age=31536000; includeSubDomains
content-length
235120
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 25 Aug 2021 09:37:54 GMT
x-frame-options
deny
etag
"1d79994e1009370"
x-download-options
noopen
x-azure-ref
0mdAoYQAAAAC57ltZVAcmQJ4D55qAFy9TTE9OMjFFREdFMDEwOABlMTUxNDEzYy1jMmI3LTRmNjAtODRkMS03YmNkMmRmMGE1OTE=
content-type
application/x-font-ttf
feature-policy
camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
accept-ranges
bytes
date
Fri, 27 Aug 2021 11:46:32 GMT
WorkSans-Medium.ttf
identity.app.anova.com/dist/fonts/ 		230 KB
230 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://identity.app.anova.com/dist/fonts/WorkSans-Medium.ttf
Requested by
Host: identity.app.anova.com
URL: https://identity.app.anova.com/dist/css/anova.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
82d95df022e9f283deb50820d1ab66a8856f12c8e6b470e36dee585f607f83ad
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

:path
/dist/fonts/WorkSans-Medium.ttf
pragma
no-cache
origin
https://identity.app.anova.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
identity.app.anova.com
cookie
.AspNetCore.Antiforgery.58Afi2HsCSg=CfDJ8HfyDLmkTL5IqKzdOIEMWvhARJG0bkRZV3c6HeedDmNRfnseDSCLUWnlUevWUXO5NEqH5D_flmMUk3zT-jfXzZ8R9g7ZnBlg30SqzmKbhYKhPqkKsGzvy7Gzu1FV38qYguAgYdOV8D4Wp3yNeox4ed0
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://identity.app.anova.com
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-cluster-id
ue
content-security-policy
default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
235168
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 25 Aug 2021 09:37:54 GMT
x-frame-options
deny
etag
"1d79994e10093a0"
x-download-options
noopen
x-azure-ref
0mdAoYQAAAAALWTKgstPQTrcFol54lUr/TE9OMjFFREdFMDEwOABlMTUxNDEzYy1jMmI3LTRmNjAtODRkMS03YmNkMmRmMGE1OTE=
content-type
application/x-font-ttf
feature-policy
camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
accept-ranges
bytes
date
Fri, 27 Aug 2021 11:46:32 GMT
WorkSans-Regular.ttf
identity.app.anova.com/dist/fonts/ 		229 KB
230 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://identity.app.anova.com/dist/fonts/WorkSans-Regular.ttf
Requested by
Host: identity.app.anova.com
URL: https://identity.app.anova.com/dist/css/anova.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
402d5a357b1775e1c389c78fbe3f640c1a66de6ec6da7c49ffda3fc8602774c1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

:path
/dist/fonts/WorkSans-Regular.ttf
pragma
no-cache
origin
https://identity.app.anova.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
identity.app.anova.com
cookie
.AspNetCore.Antiforgery.58Afi2HsCSg=CfDJ8HfyDLmkTL5IqKzdOIEMWvhARJG0bkRZV3c6HeedDmNRfnseDSCLUWnlUevWUXO5NEqH5D_flmMUk3zT-jfXzZ8R9g7ZnBlg30SqzmKbhYKhPqkKsGzvy7Gzu1FV38qYguAgYdOV8D4Wp3yNeox4ed0
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://identity.app.anova.com
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-cluster-id
ue
content-security-policy
default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
2
strict-transport-security
max-age=31536000; includeSubDomains
content-length
234664
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 25 Aug 2021 09:37:54 GMT
x-frame-options
deny
etag
"1d79994e10091a8"
x-download-options
noopen
x-azure-ref
0mdAoYQAAAADyctQh970vQaOM800OPZzsTE9OMjFFREdFMDEwOABlMTUxNDEzYy1jMmI3LTRmNjAtODRkMS03YmNkMmRmMGE1OTE=
content-type
application/x-font-ttf
feature-policy
camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
accept-ranges
bytes
date
Fri, 27 Aug 2021 11:46:32 GMT

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| regeneratorRuntime

1 Cookies

Domain/Path Name / Value
identity.app.anova.com/ Name: .AspNetCore.Antiforgery.58Afi2HsCSg
Value: CfDJ8HfyDLmkTL5IqKzdOIEMWvhARJG0bkRZV3c6HeedDmNRfnseDSCLUWnlUevWUXO5NEqH5D_flmMUk3zT-jfXzZ8R9g7ZnBlg30SqzmKbhYKhPqkKsGzvy7Gzu1FV38qYguAgYdOV8D4Wp3yNeox4ed0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' www.google-analytics.com 'sha256-HdK1dA16hCC0jFxEh4MYNpiKNOuF0JP7097oMoqCKxc=' 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo=' 'sha256-o9YqryvYsqgDW0dwRml5lTp2xj7JFP318EeoJJNQS94=' 'sha256-k2NrKNrO/UbHsZ8hcsY1H55gs3PKWST2KIiWNr931v8='; style-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; font-src 'self' fonts.googleapis.com 'sha256-pyVPiLlnqL9OWVoJPs/E6VVF5hBecRzM2gBiarnaqAo='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self' https://identity.app.anova.com https://unify.anova.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Security-Policy default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block