URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Submission: On October 17 via api from RU — Scanned from DE

Summary

This website contacted 8 IPs in 3 countries across 6 domains to perform 35 HTTP transactions. The main IP is 40.127.96.11, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is app.donorfy.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on May 22nd 2024. Valid for: a year.
This is the only time app.donorfy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
9 40.127.96.11 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
12 151.101.128.176 54113 (FASTLY)
2 142.250.74.196 15169 (GOOGLE)
1 142.250.185.131 15169 (GOOGLE)
7 2606:4700:440... 13335 (CLOUDFLAR...)
35 8
Apex Domain
Subdomains
Transfer
12 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1102
196 KB
9 donorfy.com
app.donorfy.com
2 MB
7 fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1955
ka-p.fontawesome.com — Cisco Umbrella Rank: 3223
93 KB
4 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
ajax.googleapis.com — Cisco Umbrella Rank: 412
108 KB
2 google.com
www.google.com — Cisco Umbrella Rank: 3
993 B
1 gstatic.com
www.gstatic.com
218 KB
35 6
Domain Requested by
12 js.stripe.com app.donorfy.com
js.stripe.com
9 app.donorfy.com app.donorfy.com
5 ka-p.fontawesome.com kit.fontawesome.com
app.donorfy.com
3 ajax.googleapis.com app.donorfy.com
2 kit.fontawesome.com app.donorfy.com
kit.fontawesome.com
2 www.google.com app.donorfy.com
www.gstatic.com
1 www.gstatic.com www.google.com
1 fonts.googleapis.com app.donorfy.com
35 8

This site contains links to these domains. Also see Links.

Domain
blackcountrywomensaid.co.uk
policies.google.com
Subject Issuer Validity Valid
*.donorfy.com
Go Daddy Secure Certificate Authority - G2
2024-05-22 -
2025-06-22
a year crt.sh
upload.video.google.com
WR2
2024-09-30 -
2024-12-23
3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA
2024-08-29 -
2024-12-05
3 months crt.sh
*.google.com
WR2
2024-09-30 -
2024-12-23
3 months crt.sh
*.gstatic.com
WR2
2024-09-30 -
2024-12-23
3 months crt.sh
*.fontawesome.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-07-30 -
2025-01-27
6 months crt.sh

This page contains 12 frames:

Primary Page: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Frame ID: 80FAF37821C0EA643BE4B99F67FFA5F4
Requests: 26 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqSewUAAAAACsWmSogwkcCXA7Yduy8-iNICQXt&co=aHR0cHM6Ly9hcHAuZG9ub3JmeS5jb206NDQz&hl=de&v=aR-zv8WjtWx4lAw-tRCA-zca&size=invisible&cb=h6zl91m236u4
Frame ID: 60A03AF7B11992C34B2C93A8758B864C
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-523fb235aea6e3a3fea3c43274c47c81.html
Frame ID: 212F1398F27B68D3DB6052D996B9AD61
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-card-301a14a8045fa8feaf19d7e2799a6ced.html
Frame ID: 9FE6AE5EAC9A3AFFD57B2F3D5ECAE987
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-card-301a14a8045fa8feaf19d7e2799a6ced.html
Frame ID: 9E97B55EE34EB2149AC181BE243AFC61
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-card-301a14a8045fa8feaf19d7e2799a6ced.html
Frame ID: 609F5EAD5A6D4DFAE6BBB0B9402948CD
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-google-pay-154132d81e3f9e48f07565a8812b5530.html
Frame ID: 3D845434C9F00F0EBACB58624CF8AF73
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-browser-9e5fa6329318c73cfc2be8470f751943.html
Frame ID: 096DD90E5D56DD2E1704CD3E01932AA0
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/hcaptcha-invisible-c017decd091335b988079766d243fa42.html
Frame ID: 7ABC9C9F6D9B4FFBF589DE70A3D42D0D
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-link-button-for-card-ad3682a153108d9a9470ffb3b589ba20.html
Frame ID: 87DC5D02CBD770441D8DCC1E52D861B4
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-link-button-for-card-ad3682a153108d9a9470ffb3b589ba20.html
Frame ID: 5B42D0E9520170DBA0A17A431A46322C
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-link-button-for-card-ad3682a153108d9a9470ffb3b589ba20.html
Frame ID: AE51B76F12DA6566834860D8984D44C7
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Xmas give a gift that lasts donation form 2023

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • kit\.fontawesome\.com/([0-9a-z]+).js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

35
Requests

100 %
HTTPS

43 %
IPv6

6
Domains

8
Subdomains

8
IPs

3
Countries

2771 kB
Transfer

8050 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

35 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Gift-that-lasts-23
app.donorfy.com/form/BRH6Q7RAO1/
1 MB
851 KB
Document
General
Full URL
https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.127.96.11 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d69c65e29a0884970b8903e2cf5e3c7723ed12b1754c1ccb8f51e95996de478c
Security Headers
Name Value
Content-Security-Policy report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Cache-Control
private, no-transform
Connection
keep-alive
Content-Encoding
gzip
Content-Length
870401
Content-Security-Policy
report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Content-Type
text/html; charset=utf-8
Date
Thu, 17 Oct 2024 11:14:05 GMT
Expect-CT
max-age=0, report-uri='https://donorfy.report-uri.com/r/d/ct/reportOnly'
Feature-Policy
geolocation 'none'
Permissions-Policy
geolocation=()
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
css-ui
app.donorfy.com/Content/
793 KB
180 KB
Stylesheet
General
Full URL
https://app.donorfy.com/Content/css-ui?v=I95Q700XQwbuEGGf4JH_cV0OJEge2V33qzhl-QSYlyc1
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.127.96.11 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e13c5cdce2a647d066ad7f0bd138a54647564ed9448f5e0d2b48aacf5e3d8ccf
Security Headers
Name Value
Content-Security-Policy report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

Content-Encoding
gzip
Expect-CT
max-age=0, report-uri='https://donorfy.report-uri.com/r/d/ct/reportOnly'
X-Content-Type-Options
nosniff
Expires
Fri, 17 Oct 2025 11:14:05 GMT
Date
Thu, 17 Oct 2024 11:14:05 GMT
Content-Type
text/css; charset=utf-8
Last-Modified
Thu, 17 Oct 2024 11:14:05 GMT
Vary
User-Agent,Accept-Encoding
Feature-Policy
geolocation 'none'
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Security-Policy
report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Cache-Control
public
Connection
keep-alive
Referrer-Policy
strict-origin
Permissions-Policy
geolocation=()
X-XSS-Protection
1; mode=block
css
fonts.googleapis.com/
28 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,300,400,700
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
fffdc576b06191be86de1a2e47f9c746ad4eba516fa121d8734bb896df541988
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Thu, 17 Oct 2024 11:14:05 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 17 Oct 2024 11:14:05 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Thu, 17 Oct 2024 10:03:57 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.7.1/
85 KB
30 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

content-encoding
gzip
age
113036
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Thu, 16 Oct 2025 03:50:09 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 03:50:09 GMT
last-modified
Tue, 12 Sep 2023 02:38:22 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
30462
x-xss-protection
0
server
sffe
/
js.stripe.com/v3/
666 KB
161 KB
Script
General
Full URL
https://js.stripe.com/v3/
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
0cb138cea783767fcdd7edd3801f21cd0cdf5e907f5ba67df5515e6974c00ee1
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

x-request-id
cf171d3e-05d2-404c-b6cb-e3cd1ece6c1a
content-encoding
br
etag
"914d53134e3f1eed28e2450470343cc0"
age
26
x-content-type-options
nosniff
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Thu, 17 Oct 2024 11:14:05 GMT
last-modified
Wed, 16 Oct 2024 22:14:52 GMT
content-type
text/javascript; charset=utf-8
x-served-by
cache-fra-etou8220139-FRA
x-cache-hits
18
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=60
timing-allow-origin
*
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
164623
server
Fastly
giftaidtransparent.png
app.donorfy.com/images/
5 KB
6 KB
Image
General
Full URL
https://app.donorfy.com/images/giftaidtransparent.png
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.127.96.11 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
07ff4efbb9285674e4469ef5d1c9519947b7d6b13e27dd7a4506f19009cd6843
Security Headers
Name Value
Content-Security-Policy report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

ETag
"049dbb2deeda1:0"
Expect-CT
max-age=0, report-uri='https://donorfy.report-uri.com/r/d/ct/reportOnly'
X-Content-Type-Options
nosniff
Date
Thu, 17 Oct 2024 11:14:05 GMT
Content-Type
image/png
Last-Modified
Wed, 14 Aug 2024 09:38:34 GMT
Feature-Policy
geolocation 'none'
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Security-Policy
report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Cache-Control
public,max-age=648000
Connection
keep-alive
Referrer-Policy
strict-origin
Permissions-Policy
geolocation=()
Accept-Ranges
bytes
Content-Length
5041
X-XSS-Protection
1; mode=block
Spinner1.gif
app.donorfy.com/images/
4 KB
6 KB
Image
General
Full URL
https://app.donorfy.com/images/Spinner1.gif
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.127.96.11 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
47787b0cda14b4911d5bfc8c23989a86f8832511f11015d9b95749a08f5a84b1
Security Headers
Name Value
Content-Security-Policy report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

ETag
"049dbb2deeda1:0"
Expect-CT
max-age=0, report-uri='https://donorfy.report-uri.com/r/d/ct/reportOnly'
X-Content-Type-Options
nosniff
Date
Thu, 17 Oct 2024 11:14:05 GMT
Content-Type
image/gif
Last-Modified
Wed, 14 Aug 2024 09:38:34 GMT
Feature-Policy
geolocation 'none'
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Security-Policy
report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Cache-Control
public,max-age=648000
Connection
keep-alive
Referrer-Policy
strict-origin
Permissions-Policy
geolocation=()
Accept-Ranges
bytes
Content-Length
4183
X-XSS-Protection
1; mode=block
jquery-ui.css
ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/themes/smoothness/
36 KB
8 KB
Stylesheet
General
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/themes/smoothness/jquery-ui.css
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8473ed670b978405cb4ef7a6822385043b30107e0dae82a008326c6ed237ce51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

content-encoding
gzip
age
113918
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Thu, 16 Oct 2025 03:35:27 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 03:35:27 GMT
last-modified
Wed, 20 Jul 2022 08:22:53 GMT
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
8444
x-xss-protection
0
server
sffe
jquery-ui.min.js
ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/
249 KB
66 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

content-encoding
gzip
age
113752
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Thu, 16 Oct 2025 03:38:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 03:38:13 GMT
last-modified
Wed, 20 Jul 2022 08:22:53 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
67865
x-xss-protection
0
server
sffe
api.js
www.google.com/recaptcha/
1 KB
993 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js?render=6LcqSewUAAAAACsWmSogwkcCXA7Yduy8-iNICQXt
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.196 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f4.1e100.net
Software
ESF /
Resource Hash
88c0ddab973bcba0238b3aa23e914d92df99eba6ff899e03d72b9e783c1456a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Thu, 17 Oct 2024 11:14:05 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date
Thu, 17 Oct 2024 11:14:05 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
recaptcha__de.js
www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/
547 KB
218 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LcqSewUAAAAACsWmSogwkcCXA7Yduy8-iNICQXt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f3.1e100.net
Software
sffe /
Resource Hash
c786995bf890f9ed1a8b1f75ac9db975905b2bad0c88421ebbbc56cf62ea2327
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://app.donorfy.com
Referer
https://app.donorfy.com/

Response headers

content-encoding
gzip
age
61020
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Thu, 16 Oct 2025 18:17:05 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 18:17:05 GMT
last-modified
Mon, 07 Oct 2024 04:02:51 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
222727
x-xss-protection
0
server
sffe
jscore
app.donorfy.com/
30 KB
13 KB
Script
General
Full URL
https://app.donorfy.com/jscore?v=HC5ELAyaa8wrRYyhKzYaRWQBcm9rWUYMuMOE8a15u-41
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.127.96.11 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e9e89202cdb3c50ebb1dd391bd298cf05901321be73a2359842fadc785ec7fcf
Security Headers
Name Value
Content-Security-Policy report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

Content-Encoding
gzip
Expect-CT
max-age=0, report-uri='https://donorfy.report-uri.com/r/d/ct/reportOnly'
X-Content-Type-Options
nosniff
Expires
Fri, 17 Oct 2025 11:14:05 GMT
Date
Thu, 17 Oct 2024 11:14:05 GMT
Content-Type
text/javascript; charset=utf-8
Last-Modified
Thu, 17 Oct 2024 11:14:05 GMT
Vary
User-Agent,Accept-Encoding
Feature-Policy
geolocation 'none'
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Security-Policy
report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Cache-Control
public
Connection
keep-alive
Referrer-Policy
strict-origin
Permissions-Policy
geolocation=()
Content-Length
12189
X-XSS-Protection
1; mode=block
jsother
app.donorfy.com/
422 KB
158 KB
Script
General
Full URL
https://app.donorfy.com/jsother?v=52cxbrW_Lzm5JV21UuHXIEq-UjfbybMD1VMoBnkr2PM1
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.127.96.11 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1a15af1e324d0a8f2a379affe08ee1d8d9ca53a86e4b8af7d260e7a05d257119
Security Headers
Name Value
Content-Security-Policy report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

Content-Encoding
gzip
Expect-CT
max-age=0, report-uri='https://donorfy.report-uri.com/r/d/ct/reportOnly'
X-Content-Type-Options
nosniff
Expires
Fri, 17 Oct 2025 11:14:05 GMT
Date
Thu, 17 Oct 2024 11:14:05 GMT
Content-Type
text/javascript; charset=utf-8
Last-Modified
Thu, 17 Oct 2024 11:14:05 GMT
Vary
User-Agent,Accept-Encoding
Feature-Policy
geolocation 'none'
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Security-Policy
report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Cache-Control
public
Connection
keep-alive
Referrer-Policy
strict-origin
Permissions-Policy
geolocation=()
X-XSS-Protection
1; mode=block
modernizr
app.donorfy.com/bundles/
22 KB
11 KB
Script
General
Full URL
https://app.donorfy.com/bundles/modernizr?v=w9fZKPSiHtN4N4FRqV7jn-3kGoQY5hHpkwFv5TfMrus1
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.127.96.11 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4a87e4d5a949776e0197b33dbb1806748cacda1aa2afb4c2bbd7da8e6aa71fe8
Security Headers
Name Value
Content-Security-Policy report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

Content-Encoding
gzip
Expect-CT
max-age=0, report-uri='https://donorfy.report-uri.com/r/d/ct/reportOnly'
X-Content-Type-Options
nosniff
Expires
Fri, 17 Oct 2025 11:14:05 GMT
Date
Thu, 17 Oct 2024 11:14:05 GMT
Content-Type
text/javascript; charset=utf-8
Last-Modified
Thu, 17 Oct 2024 11:14:05 GMT
Vary
User-Agent,Accept-Encoding
Feature-Policy
geolocation 'none'
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Security-Policy
report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Cache-Control
public
Connection
keep-alive
Referrer-Policy
strict-origin
Permissions-Policy
geolocation=()
Content-Length
10121
X-XSS-Protection
1; mode=block
Donorfy
app.donorfy.com/bundles/
3 MB
913 KB
Script
General
Full URL
https://app.donorfy.com/bundles/Donorfy?v=300XxfKfM8Af297w4YwJhs1e6M0gTMl7P6m16jdP0CM1
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.127.96.11 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b5b4b95a8456f0ee17ff4a54f057e186a954496b7616577d6b3bbeea902d4e6f
Security Headers
Name Value
Content-Security-Policy report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

Content-Encoding
gzip
Expect-CT
max-age=0, report-uri='https://donorfy.report-uri.com/r/d/ct/reportOnly'
X-Content-Type-Options
nosniff
Expires
Fri, 17 Oct 2025 11:14:05 GMT
Date
Thu, 17 Oct 2024 11:14:05 GMT
Content-Type
text/javascript; charset=utf-8
Last-Modified
Thu, 17 Oct 2024 11:14:05 GMT
Vary
User-Agent,Accept-Encoding
Feature-Policy
geolocation 'none'
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Security-Policy
report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Cache-Control
public
Connection
keep-alive
Referrer-Policy
strict-origin
Permissions-Policy
geolocation=()
X-XSS-Protection
1; mode=block
7df5ee473e.js
kit.fontawesome.com/
13 KB
5 KB
Script
General
Full URL
https://kit.fontawesome.com/7df5ee473e.js
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9bb2755a11c06eab6d0672046c8107d91a8ab49d335d43e54aa32c6318b47e97

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

access-control-max-age
3000
x-request-id
F_84Y970FZ_ZHsJBov5i
cache-control
max-age=60, public, stale-while-revalidate=30
content-encoding
gzip
cf-cache-status
HIT
age
5
access-control-allow-methods
GET, OPTIONS
cf-ray
8d3fdcf2bcf8695d-FRA
access-control-allow-origin
*
date
Thu, 17 Oct 2024 11:14:05 GMT
content-type
text/javascript
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
server
cloudflare
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
pro.min.css
ka-p.fontawesome.com/releases/v5.15.4/css/
315 KB
53 KB
Fetch
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=7df5ee473e
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/7df5ee473e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

cache-control
max-age=31556926
content-encoding
gzip
cf-cache-status
HIT
etag
"610ae215-d3b2"
age
3874286
cf-ray
8d3fdcf31c58dbb9-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
54194
date
Thu, 17 Oct 2024 11:14:05 GMT
content-type
text/css
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
server
cloudflare
pro-v4-shims.min.css
ka-p.fontawesome.com/releases/v5.15.4/css/
26 KB
4 KB
Fetch
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=7df5ee473e
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/7df5ee473e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

cache-control
max-age=31556926
content-encoding
gzip
cf-cache-status
HIT
etag
"610ae215-1062"
age
3874850
cf-ray
8d3fdcf31c6ddbb9-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
4194
date
Thu, 17 Oct 2024 11:14:05 GMT
content-type
text/css
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
server
cloudflare
pro-v4-font-face.min.css
ka-p.fontawesome.com/releases/v5.15.4/css/
27 KB
3 KB
Fetch
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=7df5ee473e
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/7df5ee473e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

cache-control
max-age=31556926
content-encoding
gzip
cf-cache-status
HIT
etag
"610ae215-a2b"
age
3872914
cf-ray
8d3fdcf31c71dbb9-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
2603
date
Thu, 17 Oct 2024 11:14:05 GMT
content-type
text/css
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
server
cloudflare
kit-upload.css
kit.fontawesome.com/7df5ee473e/55711594/
0
386 B
Fetch
General
Full URL
https://kit.fontawesome.com/7df5ee473e/55711594/kit-upload.css
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/7df5ee473e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

access-control-max-age
3000
x-request-id
F_pHQ70nkj6cKoNho0bj
cf-cache-status
HIT
etag
54af53b207eef226d6511e0a88e3038e
age
1391882
access-control-allow-methods
GET, OPTIONS
date
Thu, 17 Oct 2024 11:14:05 GMT
content-type
text/css
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
cache-control
max-age=31556926, public, must-revalidate
cf-ray
8d3fdcf30e673a68-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
server
cloudflare
truncated
/
261 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
900d34223c05e1d4ceb99ddf83fd22d47851c4e04f83b872a4e4897f36f25068

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
571 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f202c2b28b04b3847ccf0bdbf87b0ae93ca5c6c282b83873912eb598589b98dd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
anchor
www.google.com/recaptcha/api2/ Frame 60A0
0
0
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqSewUAAAAACsWmSogwkcCXA7Yduy8-iNICQXt&co=aHR0cHM6Ly9hcHAuZG9ub3JmeS5jb206NDQz&hl=de&v=aR-zv8WjtWx4lAw-tRCA-zca&size=invisible&cb=h6zl91m236u4
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.196 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-HhwPY7fzi496m0emJJhf_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://app.donorfy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-HhwPY7fzi496m0emJJhf_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Thu, 17 Oct 2024 11:14:06 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
pro-fa-solid-900-5.11.1.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/
8 KB
8 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-solid-900-5.11.1.woff2
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12f1a71885bf9077aca3c849b84b51fe92f36154e21a16659ceb1fbba35cae8b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://app.donorfy.com
Referer
https://app.donorfy.com/

Response headers

cache-control
max-age=31556926
cf-cache-status
HIT
etag
"610ae362-2144"
age
3820047
cf-ray
8d3fdcf3ff20dbb9-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
8516
date
Thu, 17 Oct 2024 11:14:06 GMT
content-type
font/woff2
last-modified
Wed, 04 Aug 2021 18:58:42 GMT
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
server
cloudflare
pro-fa-solid-900-5.0.0.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/
19 KB
19 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-solid-900-5.0.0.woff2
Requested by
Host: app.donorfy.com
URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b50aa1d36ea249991fb44f8f6ad2aa74fe360df9cc04c564b5edf3b053b739c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://app.donorfy.com
Referer
https://app.donorfy.com/

Response headers

cache-control
max-age=31556926
cf-cache-status
HIT
etag
"610ae35f-4d48"
age
1369317
cf-ray
8d3fdcf3ff25dbb9-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
19784
date
Thu, 17 Oct 2024 11:14:06 GMT
content-type
font/woff2
last-modified
Wed, 04 Aug 2021 18:58:39 GMT
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
server
cloudflare
controller-with-preconnect-523fb235aea6e3a3fea3c43274c47c81.html
js.stripe.com/v3/ Frame 212F
0
0
Document
General
Full URL
https://js.stripe.com/v3/controller-with-preconnect-523fb235aea6e3a3fea3c43274c47c81.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.donorfy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
59
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=60, stale-while-revalidate=900
content-encoding
br
content-length
403
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 17 Oct 2024 11:14:06 GMT
etag
"523fb235aea6e3a3fea3c43274c47c81"
last-modified
Wed, 16 Oct 2024 21:34:26 GMT
origin-agent-cluster
?1
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
10
x-content-type-options
nosniff
x-request-id
3d18246d-8670-4867-83c9-afbfd44e919a
x-served-by
cache-fra-etou8220094-FRA
elements-inner-card-301a14a8045fa8feaf19d7e2799a6ced.html
js.stripe.com/v3/ Frame 9FE6
0
0
Document
General
Full URL
https://js.stripe.com/v3/elements-inner-card-301a14a8045fa8feaf19d7e2799a6ced.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.donorfy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
48683
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=31536000
content-encoding
br
content-length
516
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 17 Oct 2024 11:14:06 GMT
etag
"301a14a8045fa8feaf19d7e2799a6ced"
last-modified
Wed, 16 Oct 2024 21:34:27 GMT
origin-agent-cluster
?1
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
775
x-content-type-options
nosniff
x-request-id
191b2a50-f482-4dad-a846-ce25b6b11dab
x-served-by
cache-fra-etou8220094-FRA
elements-inner-card-301a14a8045fa8feaf19d7e2799a6ced.html
js.stripe.com/v3/ Frame 9E97
0
0
Document
General
Full URL
https://js.stripe.com/v3/elements-inner-card-301a14a8045fa8feaf19d7e2799a6ced.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
X-Content-Type-Options nosniff

Request headers

Referer
https://app.donorfy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
48683
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=31536000
content-encoding
br
content-length
516
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 17 Oct 2024 11:14:06 GMT
etag
"301a14a8045fa8feaf19d7e2799a6ced"
last-modified
Wed, 16 Oct 2024 21:34:27 GMT
origin-agent-cluster
?1
server
Fastly
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
775
x-content-type-options
nosniff
x-request-id
191b2a50-f482-4dad-a846-ce25b6b11dab
x-served-by
cache-fra-etou8220094-FRA
elements-inner-card-301a14a8045fa8feaf19d7e2799a6ced.html
js.stripe.com/v3/ Frame 609F
0
0
Document
General
Full URL
https://js.stripe.com/v3/elements-inner-card-301a14a8045fa8feaf19d7e2799a6ced.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
X-Content-Type-Options nosniff

Request headers

Referer
https://app.donorfy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
48683
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=31536000
content-encoding
br
content-length
516
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 17 Oct 2024 11:14:06 GMT
etag
"301a14a8045fa8feaf19d7e2799a6ced"
last-modified
Wed, 16 Oct 2024 21:34:27 GMT
origin-agent-cluster
?1
server
Fastly
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
775
x-content-type-options
nosniff
x-request-id
191b2a50-f482-4dad-a846-ce25b6b11dab
x-served-by
cache-fra-etou8220094-FRA
payment-request-inner-google-pay-154132d81e3f9e48f07565a8812b5530.html
js.stripe.com/v3/ Frame 3D84
0
0
Document
General
Full URL
https://js.stripe.com/v3/payment-request-inner-google-pay-154132d81e3f9e48f07565a8812b5530.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.donorfy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
48770
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=31536000
content-encoding
br
content-length
182
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 17 Oct 2024 11:14:06 GMT
etag
"154132d81e3f9e48f07565a8812b5530"
last-modified
Wed, 16 Oct 2024 21:34:42 GMT
origin-agent-cluster
?1
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
320
x-content-type-options
nosniff
x-request-id
f1d8e19b-9af7-4f9b-8ce0-e46e4d6b9cf0
x-served-by
cache-fra-etou8220094-FRA
payment-request-inner-browser-9e5fa6329318c73cfc2be8470f751943.html
js.stripe.com/v3/ Frame 096D
0
0
Document
General
Full URL
https://js.stripe.com/v3/payment-request-inner-browser-9e5fa6329318c73cfc2be8470f751943.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.donorfy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
30
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=60, stale-while-revalidate=900
content-encoding
br
content-length
160
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 17 Oct 2024 11:14:06 GMT
etag
"9e5fa6329318c73cfc2be8470f751943"
last-modified
Wed, 16 Oct 2024 21:34:42 GMT
origin-agent-cluster
?1
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
1
x-content-type-options
nosniff
x-request-id
cf374cd6-3505-4d6e-a9d0-d63e06d88372
x-served-by
cache-fra-etou8220094-FRA
donorfy.ico
app.donorfy.com/
15 KB
16 KB
Other
General
Full URL
https://app.donorfy.com/donorfy.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.127.96.11 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9d895b8c92d5e264bf3ebf9c2e93ac1c703deaf6eebb4761460ecde707bd5992
Security Headers
Name Value
Content-Security-Policy report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

ETag
"049dbb2deeda1:0"
Expect-CT
max-age=0, report-uri='https://donorfy.report-uri.com/r/d/ct/reportOnly'
X-Content-Type-Options
nosniff
Date
Thu, 17 Oct 2024 11:14:06 GMT
Content-Type
image/x-icon
Last-Modified
Wed, 14 Aug 2024 09:38:34 GMT
Feature-Policy
geolocation 'none'
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Security-Policy
report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Cache-Control
public,max-age=648000
Connection
keep-alive
Referrer-Policy
strict-origin
Permissions-Policy
geolocation=()
Accept-Ranges
bytes
Content-Length
15086
X-XSS-Protection
1; mode=block
hcaptcha-invisible-c017decd091335b988079766d243fa42.html
js.stripe.com/v3/ Frame 7ABC
0
0
Document
General
Full URL
https://js.stripe.com/v3/hcaptcha-invisible-c017decd091335b988079766d243fa42.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://errors.stripe.com https://r.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com; img-src 'self' https://q.stripe.com; object-src 'none'; script-src 'self' 'sha256-v75UZFouBpox+zsxBqwhsgxq3Ur63s6ICdmms7PBQLg='; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
48770
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=31536000
content-encoding
br
content-length
23853
content-security-policy
base-uri 'none'; connect-src 'self' https://errors.stripe.com https://r.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com; img-src 'self' https://q.stripe.com; object-src 'none'; script-src 'self' 'sha256-v75UZFouBpox+zsxBqwhsgxq3Ur63s6ICdmms7PBQLg='; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 17 Oct 2024 11:14:06 GMT
etag
"88487b9c3f5e0c7b40bb01666ee710f6"
last-modified
Wed, 16 Oct 2024 21:34:42 GMT
origin-agent-cluster
?1
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
1124
x-content-type-options
nosniff
x-request-id
a6f8bb2e-51d0-4e30-a318-a211d0c3db5c
x-served-by
cache-fra-etou8220157-FRA
phone-numbers-lib-83d27e42ca1e315a3645d261b1fa8bae.js
js.stripe.com/v3/fingerprinted/js/
148 KB
35 KB
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/phone-numbers-lib-83d27e42ca1e315a3645d261b1fa8bae.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
7c871ac22da030c8700eeb06ea407294892b75299cf07fb29a1f5b900e45401a
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app.donorfy.com/

Response headers

x-request-id
f354cc5d-ee54-4e01-8aff-80d811dbd1b2
content-encoding
br
etag
"cb56b5378e094a41f5f71dbea0291836"
age
1447414
x-content-type-options
nosniff
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Thu, 17 Oct 2024 11:14:06 GMT
last-modified
Mon, 30 Sep 2024 17:05:51 GMT
content-type
text/javascript; charset=utf-8
x-served-by
cache-fra-etou8220139-FRA
x-cache-hits
1567
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
35177
server
Fastly
elements-inner-link-button-for-card-ad3682a153108d9a9470ffb3b589ba20.html
js.stripe.com/v3/ Frame 87DC
0
0
Document
General
Full URL
https://js.stripe.com/v3/elements-inner-link-button-for-card-ad3682a153108d9a9470ffb3b589ba20.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.donorfy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
48648
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=31536000
content-encoding
br
content-length
17526
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 17 Oct 2024 11:14:06 GMT
etag
"ad3682a153108d9a9470ffb3b589ba20"
last-modified
Wed, 16 Oct 2024 21:34:27 GMT
origin-agent-cluster
?1
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
386
x-content-type-options
nosniff
x-request-id
fc0828c7-b088-4059-be40-e1f7a3c81a5e
x-served-by
cache-fra-etou8220157-FRA
elements-inner-link-button-for-card-ad3682a153108d9a9470ffb3b589ba20.html
js.stripe.com/v3/ Frame 5B42
0
0
Document
General
Full URL
https://js.stripe.com/v3/elements-inner-link-button-for-card-ad3682a153108d9a9470ffb3b589ba20.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
X-Content-Type-Options nosniff

Request headers

Referer
https://app.donorfy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
48648
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=31536000
content-encoding
br
content-length
17526
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 17 Oct 2024 11:14:06 GMT
etag
"ad3682a153108d9a9470ffb3b589ba20"
last-modified
Wed, 16 Oct 2024 21:34:27 GMT
origin-agent-cluster
?1
server
Fastly
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
386
x-content-type-options
nosniff
x-request-id
fc0828c7-b088-4059-be40-e1f7a3c81a5e
x-served-by
cache-fra-etou8220157-FRA
elements-inner-link-button-for-card-ad3682a153108d9a9470ffb3b589ba20.html
js.stripe.com/v3/ Frame AE51
0
0
Document
General
Full URL
https://js.stripe.com/v3/elements-inner-link-button-for-card-ad3682a153108d9a9470ffb3b589ba20.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
X-Content-Type-Options nosniff

Request headers

Referer
https://app.donorfy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
48648
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=31536000
content-encoding
br
content-length
17526
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 17 Oct 2024 11:14:06 GMT
etag
"ad3682a153108d9a9470ffb3b589ba20"
last-modified
Wed, 16 Oct 2024 21:34:27 GMT
origin-agent-cluster
?1
server
Fastly
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
386
x-content-type-options
nosniff
x-request-id
fc0828c7-b088-4059-be40-e1f7a3c81a5e
x-served-by
cache-fra-etou8220157-FRA

Verdicts & Comments Add Verdict or Comment

102 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 function| $ function| jQuery object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha function| SmartUnLoading function| getInternetExplorerVersion function| checkVersion function| isIE8orlower function| allocCString function| emCharArray function| emDoubleArray function| emExtractArray function| postArgMessage number| PROGRESS_AFTER_RANK number| PROGRESS_BEFORE_MX number| PROGRESS_WHILE_MX number| PROGRESS_AFTER_MX number| PROGRESS_AFTER_POSITION number| PROGRESS_LAYOUT_FINISH function| ColReorder object| jsBezier object| jsPlumbGeom object| jsPlumbUtil object| jsPlumbAdapter function| jsPlumbUIComponent function| OverlayCapableJsPlumbUIComponent function| jsPlumbInstance object| jsPlumb function| CanvasMouseAdapter function| CanvasComponent function| SvgEndpoint function| VmlEndpoint object| JSViz object| WorkerStopGo function| w_launch object| html5 object| Modernizr object| jvm object| Donorfy object| DonorfyForms function| nav_page_height function| check_if_mobile_width function| launchFullscreen function| runAllForms function| runAllCharts function| setup_widgets_desktop function| setup_widgets_mobile object| jsArray function| loadScript function| checkURL function| loadURL function| drawBreadCrumb function| pageSetUp function| IsNullOrEmpty function| _typeof object| respond function| introJs object| Select2 function| Dropzone object| pca string| eCancel function| moment object| echarts object| FontAwesomeKitConfig object| webpackChunkStripeJSouter function| noop function| Stripe function| ConnectedConstituentLoaded function| UI_UpdateDonationSummary function| UI_ResetPaymentMethodButtons function| UI_UpdateDonationFrequencyOnDetailsPanel function| UI_UpdateRecurringOrOneOff function| UI_UpdateDonationAmount function| UpdateEmailStatus function| UpdateMailStatus function| UpdatePhoneStatus45c7033aade649d89bd56bead6530cb4 object| disabledFieldValues function| ensureRequiredSuffix function| ensureNoRequiredSuffix function| enableImplicitInputRequirements function| enableWorkRelatedFields function| disableImplicitInputRequirements function| disableWorkRelatedFields object| closure_lm_325141 object| cardNumber object| cardExpiry object| cardCvc

0 Cookies

5 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: geolocation. Values defined in Permissions-Policy header will be used.
other warning URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other warning URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".
other warning URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other warning URL: https://app.donorfy.com/form/BRH6Q7RAO1/Gift-that-lasts-23
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy report-uri https://donorfy.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorfylivecdn.blob.core.windows.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://donorfy.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://donorfy.zendesk.com wss://*.zopim.com https://assets.zendesk.com https://donorfyprofessional.zendesk.com *.smooch.io https://pod-29.zendesk.com wss://pod-29.zendesk.com cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.donorfy.com *.apple.com *.paypal.com *.ckeditor.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.list-manage.com *.mailchimp.com *.microsoft.com *.msecnd.net *.postcodeanywhere.co.uk *.stripe.com *.visualstudio.com blob:; font-src * blob: data:; frame-src * blob: data:; img-src * blob: data:;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
app.donorfy.com
fonts.googleapis.com
js.stripe.com
ka-p.fontawesome.com
kit.fontawesome.com
www.google.com
www.gstatic.com
142.250.185.131
142.250.74.196
151.101.128.176
2606:4700:4400::6812:2844
2a00:1450:4001:811::200a
2a00:1450:4001:82a::200a
40.127.96.11
07ff4efbb9285674e4469ef5d1c9519947b7d6b13e27dd7a4506f19009cd6843
0cb138cea783767fcdd7edd3801f21cd0cdf5e907f5ba67df5515e6974c00ee1
12f1a71885bf9077aca3c849b84b51fe92f36154e21a16659ceb1fbba35cae8b
1a15af1e324d0a8f2a379affe08ee1d8d9ca53a86e4b8af7d260e7a05d257119
1b50aa1d36ea249991fb44f8f6ad2aa74fe360df9cc04c564b5edf3b053b739c
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6
47787b0cda14b4911d5bfc8c23989a86f8832511f11015d9b95749a08f5a84b1
4a87e4d5a949776e0197b33dbb1806748cacda1aa2afb4c2bbd7da8e6aa71fe8
7c871ac22da030c8700eeb06ea407294892b75299cf07fb29a1f5b900e45401a
8473ed670b978405cb4ef7a6822385043b30107e0dae82a008326c6ed237ce51
88c0ddab973bcba0238b3aa23e914d92df99eba6ff899e03d72b9e783c1456a6
900d34223c05e1d4ceb99ddf83fd22d47851c4e04f83b872a4e4897f36f25068
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
9bb2755a11c06eab6d0672046c8107d91a8ab49d335d43e54aa32c6318b47e97
9d895b8c92d5e264bf3ebf9c2e93ac1c703deaf6eebb4761460ecde707bd5992
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60
b5b4b95a8456f0ee17ff4a54f057e186a954496b7616577d6b3bbeea902d4e6f
c786995bf890f9ed1a8b1f75ac9db975905b2bad0c88421ebbbc56cf62ea2327
d69c65e29a0884970b8903e2cf5e3c7723ed12b1754c1ccb8f51e95996de478c
e13c5cdce2a647d066ad7f0bd138a54647564ed9448f5e0d2b48aacf5e3d8ccf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9e89202cdb3c50ebb1dd391bd298cf05901321be73a2359842fadc785ec7fcf
f202c2b28b04b3847ccf0bdbf87b0ae93ca5c6c282b83873912eb598589b98dd
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
fffdc576b06191be86de1a2e47f9c746ad4eba516fa121d8734bb896df541988