urlscan.io logo urlscan.io
SecurityTrails logo

test.digitalpost.dk Open in urlscan Pro
80.198.95.45  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://post.demo.borger.dk/
Effective URL: https://test.digitalpost.dk/auth/test-identity-provider/login
Submission: On April 05 via automatic, source certstream-suspicious — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 27 HTTP transactions. The main IP is 80.198.95.45, located in Vanlose, Denmark and belongs to TDC TDC AS, DK. The main domain is test.digitalpost.dk.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 6th 2021. Valid for: a year.
This is the only time test.digitalpost.dk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 24 52.142.216.216 8075 (MICROSOFT...)
1 2 80.198.95.45 3292 (TDC TDC AS)
27 3
Domain Requested by
11 auth.post.demo.borger.dk 1 redirects
8 api.post.demo.borger.dk
5 post.demo.borger.dk post.demo.borger.dk
2 test.digitalpost.dk
0 fonts.googleapis.com Failed test.digitalpost.dk
0 stackpath.bootstrapcdn.com Failed test.digitalpost.dk
27 6

This site contains no links.

Subject Issuer Validity Valid
*.post.demo.borger.dk
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
*.test.digitalpost.dk
Sectigo RSA Domain Validation Secure Server CA		 2021-12-06 -
2022-12-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://test.digitalpost.dk/auth/test-identity-provider/login
Frame ID: 7CAAC048B592504ACBBD8AB624BE0B19
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Idp Login

Page URL History Show full URLs

  1. https://post.demo.borger.dk/ Page URL
  2. https://auth.post.demo.borger.dk/web/auth/login?returnurl=https://post.demo.borger.dk/ HTTP 302
    https://test.digitalpost.dk/auth/test-identity-provider/authorize?client_id=borger-dk-web-post-visningsk... HTTP 302
    https://test.digitalpost.dk/auth/test-identity-provider/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

27
Requests

89 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

3
IPs

2
Countries

4593 kB
Transfer

13102 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://post.demo.borger.dk/ Page URL
  2. https://auth.post.demo.borger.dk/web/auth/login?returnurl=https://post.demo.borger.dk/ HTTP 302
    https://test.digitalpost.dk/auth/test-identity-provider/authorize?client_id=borger-dk-web-post-visningsklient-oidc-demo-id&redirect_uri=https%3A%2F%2Fauth.post.demo.borger.dk%2Fsignin-oidc&response_type=code&scope=openid&code_challenge=OsHGN9xhkJBNmj6apx2ATGT5ny-Ffs9C_3xiPMjD9wY&code_challenge_method=S256&response_mode=form_post&nonce=637847388577256824.ZjMxN2NjMGUtODQ3Mi00MGY0LTk1M2ItYjI5ODZjNTc2MGNhZTMyMDFhMGEtNDhmZS00MjY3LWE3ZGItNDFiMzI1OGMyZjEx&state=CfDJ8BpyPmNS-RRAiRN5eAXxm3Ki65nvOmQQmPdGh9bMWCZvDetnlEw-OpMp0Dp2z5rrTROZvRT0T_E_Wqe1qwNozuHYcyk1iX8m0CLDIsUqL1s9mQ9b7fpjTkHxvcMl3TimW-rxWm-qeok9Zn0w2_ZHxpEuaU5AleLQSIXSSEdUmyzJfKJrsTt_NmXkYy4FdBF49-mN36ok_mWfiAGni4poQrwZEognMLl3VG1n5CzGQTuvT1L3yKQmiTx5M7Kemk33GTwUlffh1S_l7fKkLq9vs3QZefxKfompXiFWAb34P4Mj9odq17IivY2T9X3YJngEvoMwgJVP9Om7xskj7XJiDpc-HXNgfU8YOs4dMPb7Uu-uiKN_BEKwjFCPx3f2Ts56OyRsDzQ83miIHhjXKy2gDi-FrPjrcq-hT_PjUEK_LifsMqLrrslh70HcjGjriHDZxZPtjYmCzV_MB8KVl1B3RtmBypaf_2q3kszLslwrtZ3b6Nb-4r5UddXq4II0tkLBB0yVsRzzGXHyrhYs0GuDql4 HTTP 302
    https://test.digitalpost.dk/auth/test-identity-provider/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21
  • https://auth.post.demo.borger.dk/web/auth/login?returnurl=https://post.demo.borger.dk/ HTTP 302
  • https://test.digitalpost.dk/auth/test-identity-provider/authorize?client_id=borger-dk-web-post-visningsklient-oidc-demo-id&redirect_uri=https%3A%2F%2Fauth.post.demo.borger.dk%2Fsignin-oidc&response_type=code&scope=openid&code_challenge=I7Mo0gidUxvV3ATc4YxrredRdLXgv_KrNYnDMvac0j8&code_challenge_method=S256&response_mode=form_post&nonce=637847388576563737.ZGY0Y2Y2ODgtYTBlZi00ZjU4LWE2OWEtODVmODAwYjA5NjU4NTc4MmMwZTYtNTUxMi00NGM0LTllMmMtODJhODBlOWJlNzUx&state=CfDJ8BpyPmNS-RRAiRN5eAXxm3LH8sZguQIB5Y0-ww1SEJpfF5gXETGhpXFyKNLkF1mkmthtufzVBR1qsNIdNdniTN0Nu473dD4V5i_4vi_Ljs-leNLr6fDFM2CN7m_iYLS0CPqKTP5cBtleD3FEnr3oq21IHolU5OXJtQbZa0FM87hTdUJ3NZ4wgx3pobsclggjbfWsbseDd2aFoOyh7QlpfDc7fOb9gyl07Wz2xsbDoZrgpF6UkxkoIoJLrYcj-Yfg-XGOBhmvCtQqpyEhVhJAxDYvfHXASczWkd5vAbxiHwnH9BVHRfKAU-Ds5Sppi2EZwRw7Zi3-ouBD8UzcfUUw8UdKbvkewGziQF9PJAMnn2twB0dfkFX-YfEcuYkshDdfMm6zbK6wBqzzpq5Ez6Mi41CMqh8ei_hVgvspuIT6G_iwKHaeG-PjRAVzEpKvTsXrCsp5CgzMGi-Dpz2ShWvlL1jlzGpkIBmapeXdJbdoaLWtKR6hkvV49KthegAkqPlp_4Qq4JmHmSSKPhVo3F5NuL0

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
post.demo.borger.dk/ 		909 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://post.demo.borger.dk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9bcb44eabdcd291207cf2b1d501e98acc84bba214545132715aa543ebeba2cec
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval' https: 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data: blob:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1

Request headers

Accept-Language
nl-NL,nl;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control
private
content-encoding
gzip
content-length
666
content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval' https: 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data: blob:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
content-type
text/html; charset=utf-8
date
Tue, 05 Apr 2022 07:00:55 GMT
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SameOrigin
x-xss-protection
1
jquery.min.js
post.demo.borger.dk/Scripts/app/jQuery/ 		105 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://post.demo.borger.dk/Scripts/app/jQuery/jquery.min.js
Requested by
Host: post.demo.borger.dk
URL: https://post.demo.borger.dk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
754ef53efd9fd7dea6c9668f4a572ecf1cb7f5caadd3a192926763017c9e0bd1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://post.demo.borger.dk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Tue, 05 Apr 2022 07:00:55 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 01 Mar 2021 15:09:46 GMT
etag
"0595feaaced71:0"
x-frame-options
SameOrigin
content-type
application/javascript
accept-ranges
bytes
vary
Accept-Encoding
content-length
43514
x-content-type-options
nosniff
bundle.js
post.demo.borger.dk/dist/ 		5 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://post.demo.borger.dk/dist/bundle.js?v1.0.1.2
Requested by
Host: post.demo.borger.dk
URL: https://post.demo.borger.dk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3c6039f54265dfa8cdc3394aa621a59a7457c4a03437863fc58a0e87ce17537a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://post.demo.borger.dk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Tue, 05 Apr 2022 07:00:55 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 31 Mar 2022 14:47:22 GMT
etag
"079743ae45d81:0"
x-frame-options
SameOrigin
content-type
application/javascript
accept-ranges
bytes
vary
Accept-Encoding
x-content-type-options
nosniff
vendor.js
post.demo.borger.dk/dist/ 		7 MB
3 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://post.demo.borger.dk/dist/vendor.js?v1.0.1.2
Requested by
Host: post.demo.borger.dk
URL: https://post.demo.borger.dk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2af54b76c54da7bc03aee96c98b9cd1820cf5655fed76c1cf52bb92974b7f194
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://post.demo.borger.dk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Tue, 05 Apr 2022 07:00:55 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 31 Mar 2022 14:47:22 GMT
etag
"079743ae45d81:0"
x-frame-options
SameOrigin
content-type
application/javascript
accept-ranges
bytes
vary
Accept-Encoding
x-content-type-options
nosniff
main.css
post.demo.borger.dk/dist/style/ 		812 KB
168 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://post.demo.borger.dk/dist/style/main.css?v1.0.1.2
Requested by
Host: post.demo.borger.dk
URL: https://post.demo.borger.dk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
01d36d99f20b09f50293d3050251a6f22834761719a52eacfebaced35afa1907
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://post.demo.borger.dk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Tue, 05 Apr 2022 07:00:55 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 31 Mar 2022 14:47:22 GMT
etag
"079743ae45d81:0"
x-frame-options
SameOrigin
content-type
text/css
accept-ranges
bytes
vary
Accept-Encoding
x-content-type-options
nosniff
streamaddresses
api.post.demo.borger.dk/api/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.post.demo.borger.dk/api/streamaddresses
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,correlationid,requestidkey,x-xsrf-token
Access-Control-Request-Method
GET
Origin
https://post.demo.borger.dk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,correlationid,requestidkey,x-xsrf-token
access-control-allow-methods
GET
access-control-allow-origin
https://post.demo.borger.dk
content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
date
Tue, 05 Apr 2022 07:00:57 GMT
referrer-policy
no-referrer-when-downgradre
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
streamaddresses
api.post.demo.borger.dk/api/ 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.post.demo.borger.dk/api/streamaddresses
Requested by
Host:
URL: webpack-internal:///EVdn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b519748e509a2f2c0192d498d1f1f98426239fde512c8d190d5f0d882bbe5cec
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

CorrelationId
X-XSRF-TOKEN
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type
application/json; charset=UTF-8
Accept
application/json
Referer
https://post.demo.borger.dk/
RequestIdKey

Response headers

content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
access-control-allow-origin
https://post.demo.borger.dk
x-consul-lastcontact
0
vary
Accept-Encoding
content-length
846
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgradre
x-frame-options
SAMEORIGIN
date
Tue, 05 Apr 2022 07:00:57 GMT
strict-transport-security
max-age=2592000
content-type
application/json; charset=utf-8
x-consul-index
1541993
x-consul-knownleader
true
access-control-allow-credentials
true
combinedtexts
api.post.demo.borger.dk/api/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.post.demo.borger.dk/api/combinedtexts?lang=da
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,correlationid,requestidkey,x-xsrf-token
Access-Control-Request-Method
GET
Origin
https://post.demo.borger.dk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,correlationid,requestidkey,x-xsrf-token
access-control-allow-methods
GET
access-control-allow-origin
https://post.demo.borger.dk
content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
date
Tue, 05 Apr 2022 07:00:57 GMT
referrer-policy
no-referrer-when-downgradre
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
clientconfiguration
api.post.demo.borger.dk/api/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.post.demo.borger.dk/api/clientconfiguration
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,correlationid,requestidkey,x-xsrf-token
Access-Control-Request-Method
GET
Origin
https://post.demo.borger.dk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,correlationid,requestidkey,x-xsrf-token
access-control-allow-methods
GET
access-control-allow-origin
https://post.demo.borger.dk
content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
date
Tue, 05 Apr 2022 07:00:57 GMT
referrer-policy
no-referrer-when-downgradre
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
mailboxes
api.post.demo.borger.dk/api/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.post.demo.borger.dk/api/mailboxes?size=1000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,correlationid,requestidkey,x-xsrf-token
Access-Control-Request-Method
GET
Origin
https://post.demo.borger.dk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,correlationid,requestidkey,x-xsrf-token
access-control-allow-methods
GET
access-control-allow-origin
https://post.demo.borger.dk
content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
date
Tue, 05 Apr 2022 07:00:57 GMT
referrer-policy
no-referrer-when-downgradre
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
combinedtexts
api.post.demo.borger.dk/api/ 		94 KB
94 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.post.demo.borger.dk/api/combinedtexts?lang=da
Requested by
Host:
URL: webpack-internal:///EVdn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

CorrelationId
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b
X-XSRF-TOKEN
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type
application/json; charset=UTF-8
Accept
application/json
Referer
https://post.demo.borger.dk/
RequestIdKey
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b

Response headers

content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
referrer-policy
no-referrer-when-downgradre
x-permitted-cross-domain-policies
none
date
Tue, 05 Apr 2022 07:00:57 GMT
x-frame-options
SAMEORIGIN
content-type
application/json
access-control-allow-origin
https://post.demo.borger.dk
access-control-allow-credentials
true
x-content-type-options
nosniff
strict-transport-security
max-age=2592000
content-length
96234
x-xss-protection
1; mode=block
clientconfiguration
api.post.demo.borger.dk/api/ 		600 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.post.demo.borger.dk/api/clientconfiguration
Requested by
Host:
URL: webpack-internal:///EVdn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

CorrelationId
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b
X-XSRF-TOKEN
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type
application/json; charset=UTF-8
Accept
application/json
Referer
https://post.demo.borger.dk/
RequestIdKey
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b

Response headers

content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
access-control-allow-origin
https://post.demo.borger.dk
x-consul-lastcontact
0
strict-transport-security
max-age=2592000
content-length
322
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgradre
x-frame-options
SAMEORIGIN
date
Tue, 05 Apr 2022 07:00:57 GMT
vary
Accept-Encoding
content-type
application/json; charset=utf-8
x-consul-index
1816080
x-consul-knownleader
true
access-control-allow-credentials
true
mailboxes
api.post.demo.borger.dk/api/ 		0
32 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.post.demo.borger.dk/api/mailboxes?size=1000
Requested by
Host:
URL: webpack-internal:///EVdn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

CorrelationId
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b
X-XSRF-TOKEN
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type
application/json; charset=UTF-8
Accept
application/json
Referer
https://post.demo.borger.dk/
RequestIdKey
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b

Response headers

content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
referrer-policy
no-referrer-when-downgradre
x-permitted-cross-domain-policies
none
date
Tue, 05 Apr 2022 07:00:57 GMT
x-frame-options
SAMEORIGIN
access-control-allow-origin
https://post.demo.borger.dk
access-control-allow-credentials
true
x-content-type-options
nosniff
strict-transport-security
max-age=2592000
x-xss-protection
1; mode=block
refresh
auth.post.demo.borger.dk/web/auth/ 		0
29 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://auth.post.demo.borger.dk/web/auth/refresh
Requested by
Host:
URL: webpack-internal:///EVdn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

CorrelationId
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b
X-XSRF-TOKEN
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type
application/json; charset=UTF-8
Accept
application/json
Referer
https://post.demo.borger.dk/
RequestIdKey
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b

Response headers

content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
referrer-policy
no-referrer-when-downgradre
x-permitted-cross-domain-policies
none
date
Tue, 05 Apr 2022 07:00:57 GMT
x-frame-options
SAMEORIGIN
access-control-allow-origin
https://post.demo.borger.dk
access-control-allow-credentials
true
x-content-type-options
nosniff
strict-transport-security
max-age=2592000
x-xss-protection
1; mode=block
refresh
auth.post.demo.borger.dk/web/auth/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://auth.post.demo.borger.dk/web/auth/refresh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,correlationid,requestidkey,x-xsrf-token
Access-Control-Request-Method
GET
Origin
https://post.demo.borger.dk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,correlationid,requestidkey,x-xsrf-token
access-control-allow-methods
GET
access-control-allow-origin
https://post.demo.borger.dk
content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
date
Tue, 05 Apr 2022 07:00:57 GMT
referrer-policy
no-referrer-when-downgradre
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
logout
auth.post.demo.borger.dk/web/auth/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://auth.post.demo.borger.dk/web/auth/logout
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,correlationid,requestidkey,x-xsrf-token
Access-Control-Request-Method
GET
Origin
https://post.demo.borger.dk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,correlationid,requestidkey,x-xsrf-token
access-control-allow-methods
GET
access-control-allow-origin
https://post.demo.borger.dk
content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
date
Tue, 05 Apr 2022 07:00:57 GMT
referrer-policy
no-referrer-when-downgradre
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
poll
auth.post.demo.borger.dk/web/auth/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://auth.post.demo.borger.dk/web/auth/poll
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,correlationid,requestidkey,x-xsrf-token
Access-Control-Request-Method
GET
Origin
https://post.demo.borger.dk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,correlationid,requestidkey,x-xsrf-token
access-control-allow-methods
GET
access-control-allow-origin
https://post.demo.borger.dk
content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
date
Tue, 05 Apr 2022 07:00:57 GMT
referrer-policy
no-referrer-when-downgradre
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
logout
auth.post.demo.borger.dk/web/auth/ 		13 B
278 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://auth.post.demo.borger.dk/web/auth/logout
Requested by
Host:
URL: webpack-internal:///EVdn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

CorrelationId
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b
X-XSRF-TOKEN
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type
application/json; charset=UTF-8
Accept
application/json
Referer
https://post.demo.borger.dk/
RequestIdKey
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b

Response headers

pragma
no-cache
content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
date
Tue, 05 Apr 2022 07:00:57 GMT
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://post.demo.borger.dk
cache-control
no-cache
access-control-allow-credentials
true
strict-transport-security
max-age=2592000
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgradre
expires
Thu, 01 Jan 1970 00:00:00 GMT
poll
auth.post.demo.borger.dk/web/auth/ 		0
29 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://auth.post.demo.borger.dk/web/auth/poll
Requested by
Host:
URL: webpack-internal:///EVdn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

CorrelationId
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b
X-XSRF-TOKEN
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type
application/json; charset=UTF-8
Accept
application/json
Referer
https://post.demo.borger.dk/
RequestIdKey
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b

Response headers

content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
referrer-policy
no-referrer-when-downgradre
x-permitted-cross-domain-policies
none
date
Tue, 05 Apr 2022 07:00:57 GMT
x-frame-options
SAMEORIGIN
access-control-allow-origin
https://post.demo.borger.dk
access-control-allow-credentials
true
x-content-type-options
nosniff
strict-transport-security
max-age=2592000
x-xss-protection
1; mode=block
refresh
auth.post.demo.borger.dk/web/auth/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://auth.post.demo.borger.dk/web/auth/refresh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,correlationid,requestidkey,x-xsrf-token
Access-Control-Request-Method
GET
Origin
https://post.demo.borger.dk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,correlationid,requestidkey,x-xsrf-token
access-control-allow-methods
GET
access-control-allow-origin
https://post.demo.borger.dk
content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
date
Tue, 05 Apr 2022 07:00:57 GMT
referrer-policy
no-referrer-when-downgradre
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
refresh
auth.post.demo.borger.dk/web/auth/ 		0
29 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://auth.post.demo.borger.dk/web/auth/refresh
Requested by
Host:
URL: webpack-internal:///EVdn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

CorrelationId
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b
X-XSRF-TOKEN
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type
application/json; charset=UTF-8
Accept
application/json
Referer
https://post.demo.borger.dk/
RequestIdKey
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b

Response headers

content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
referrer-policy
no-referrer-when-downgradre
x-permitted-cross-domain-policies
none
date
Tue, 05 Apr 2022 07:00:57 GMT
x-frame-options
SAMEORIGIN
access-control-allow-origin
https://post.demo.borger.dk
access-control-allow-credentials
true
x-content-type-options
nosniff
strict-transport-security
max-age=2592000
x-xss-protection
1; mode=block
authorize
test.digitalpost.dk/auth/test-identity-provider/
Redirect Chain
  • https://auth.post.demo.borger.dk/web/auth/login?returnurl=https://post.demo.borger.dk/
  • https://test.digitalpost.dk/auth/test-identity-provider/authorize?client_id=borger-dk-web-post-visningsklient-oidc-demo-id&redirect_uri=https%3A%2F%2Fauth.post.demo.borger.dk%2Fsignin-oidc&response...
0
0
logout
auth.post.demo.borger.dk/web/auth/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://auth.post.demo.borger.dk/web/auth/logout
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,correlationid,requestidkey,x-xsrf-token
Access-Control-Request-Method
GET
Origin
https://post.demo.borger.dk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,correlationid,requestidkey,x-xsrf-token
access-control-allow-methods
GET
access-control-allow-origin
https://post.demo.borger.dk
content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
date
Tue, 05 Apr 2022 07:00:57 GMT
referrer-policy
no-referrer-when-downgradre
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
logout
auth.post.demo.borger.dk/web/auth/ 		13 B
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://auth.post.demo.borger.dk/web/auth/logout
Requested by
Host:
URL: webpack-internal:///EVdn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.142.216.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

CorrelationId
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b
X-XSRF-TOKEN
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type
application/json; charset=UTF-8
Accept
application/json
Referer
https://post.demo.borger.dk/
RequestIdKey
6e9e6a0b-8c50-4df8-a245-ca10e02fd64b

Response headers

pragma
no-cache
content-security-policy
default-src 'self' data:;script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
date
Tue, 05 Apr 2022 07:00:57 GMT
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://post.demo.borger.dk
cache-control
no-cache
access-control-allow-credentials
true
strict-transport-security
max-age=2592000
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgradre
expires
Thu, 01 Jan 1970 00:00:00 GMT
Primary Request login
test.digitalpost.dk/auth/test-identity-provider/
Redirect Chain
  • https://auth.post.demo.borger.dk/web/auth/login?returnurl=https://post.demo.borger.dk/
  • https://test.digitalpost.dk/auth/test-identity-provider/authorize?client_id=borger-dk-web-post-visningsklient-oidc-demo-id&redirect_uri=https%3A%2F%2Fauth.post.demo.borger.dk%2Fsignin-oidc&response...
  • https://test.digitalpost.dk/auth/test-identity-provider/login
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://test.digitalpost.dk/auth/test-identity-provider/login
Requested by
Host:
URL: webpack-internal:///NU+R
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
80.198.95.45 Vanlose, Denmark, ASN3292 (TDC TDC AS, DK),
Reverse DNS
test.digitalpost.dk
Software
/
Resource Hash
645d807753378c7dbbc39b5cc09fc10318dea58fbbd4e380c23704cf759fa979
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: *.nchosting.dk mit.dk *.mit.dk; frame-src 'self' data: blob: *.nchosting.dk mit.dk *.mit.dk; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';img-src 'self' https: blob: data:;
Strict-Transport-Security max-age=31536000 ; includeSubDomains max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://post.demo.borger.dk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-language
nl-NL
content-security-policy
default-src 'self' blob: *.nchosting.dk mit.dk *.mit.dk; frame-src 'self' data: blob: *.nchosting.dk mit.dk *.mit.dk; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';img-src 'self' https: blob: data:;
content-type
text/html;charset=UTF-8
expect-ct
max-age=31536000, report-uri='https://digitalpost.dk/r/d/ct/report'
expires
0
permissions-policy
accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, window-placement=*, vertical-scroll=*
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000 ; includeSubDomains max-age=63072000; includeSubDomains; preload
traceparent
00-779e5e86bf639ca1fd1e36ce8f7bb48d-30e36c8922bed957-01
vary
accept-encoding
x-content-type-options
nosniff nosniff
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-ratelimit-burst-capacity
60
x-ratelimit-remaining
58
x-ratelimit-replenish-rate
30
x-ratelimit-requested-tokens
1
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
content-security-policy
default-src 'self' blob: *.nchosting.dk mit.dk *.mit.dk; frame-src 'self' data: blob: *.nchosting.dk mit.dk *.mit.dk; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';img-src 'self' https: blob: data:;
expect-ct
max-age=31536000, report-uri='https://digitalpost.dk/r/d/ct/report'
expires
0
location
https://test.digitalpost.dk/auth/test-identity-provider/login
permissions-policy
accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, window-placement=*, vertical-scroll=*
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000 ; includeSubDomains max-age=63072000; includeSubDomains; preload
traceparent
00-29d04cc65fcf7677da1f83b654697b5a-45632495a1cd6630-01
x-content-type-options
nosniff nosniff
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-ratelimit-burst-capacity
60
x-ratelimit-remaining
59
x-ratelimit-replenish-rate
30
x-ratelimit-requested-tokens
1
x-xss-protection
1; mode=block
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ 		0
0
css
fonts.googleapis.com/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
test.digitalpost.dk
URL
https://test.digitalpost.dk/auth/test-identity-provider/authorize?client_id=borger-dk-web-post-visningsklient-oidc-demo-id&redirect_uri=https%3A%2F%2Fauth.post.demo.borger.dk%2Fsignin-oidc&response_type=code&scope=openid&code_challenge=I7Mo0gidUxvV3ATc4YxrredRdLXgv_KrNYnDMvac0j8&code_challenge_method=S256&response_mode=form_post&nonce=637847388576563737.ZGY0Y2Y2ODgtYTBlZi00ZjU4LWE2OWEtODVmODAwYjA5NjU4NTc4MmMwZTYtNTUxMi00NGM0LTllMmMtODJhODBlOWJlNzUx&state=CfDJ8BpyPmNS-RRAiRN5eAXxm3LH8sZguQIB5Y0-ww1SEJpfF5gXETGhpXFyKNLkF1mkmthtufzVBR1qsNIdNdniTN0Nu473dD4V5i_4vi_Ljs-leNLr6fDFM2CN7m_iYLS0CPqKTP5cBtleD3FEnr3oq21IHolU5OXJtQbZa0FM87hTdUJ3NZ4wgx3pobsclggjbfWsbseDd2aFoOyh7QlpfDc7fOb9gyl07Wz2xsbDoZrgpF6UkxkoIoJLrYcj-Yfg-XGOBhmvCtQqpyEhVhJAxDYvfHXASczWkd5vAbxiHwnH9BVHRfKAU-Ds5Sppi2EZwRw7Zi3-ouBD8UzcfUUw8UdKbvkewGziQF9PJAMnn2twB0dfkFX-YfEcuYkshDdfMm6zbK6wBqzzpq5Ez6Mi41CMqh8ei_hVgvspuIT6G_iwKHaeG-PjRAVzEpKvTsXrCsp5CgzMGi-Dpz2ShWvlL1jlzGpkIBmapeXdJbdoaLWtKR6hkvV49KthegAkqPlp_4Qq4JmHmSSKPhVo3F5NuL0
Domain
stackpath.bootstrapcdn.com
URL
https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css
Domain
fonts.googleapis.com
URL
https://fonts.googleapis.com/css?family=IBM%20Plex%20Sans

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails

7 Cookies

Domain/Path Name / Value
auth.post.demo.borger.dk/signin-oidc Name: .AspNetCore.OpenIdConnect.Nonce.CfDJ8BpyPmNS-RRAiRN5eAXxm3L-Za8rO9SU4JoETFxItwYk_fLErdubTDTMIi6Ns0egBYKRTgU0dsknHx52M_4ehiv9AIm3U82ENeQZV10_9qYeG8_MlKFCB3y0uBPqt0Mares9wUbo9W75-fdSih9Z7Wl5qzHowHEDammKqCq1BBUWM8waf1uBjl5aucHSZWKaCXK8IY65Sfdq_EZ4c0ZhG2BwybrCrkdcJxqk9nupGniJueSWumY-76Rl9cuqzSdnsMl7smKqpVEJl4nH7ImPW1w
Value: N
auth.post.demo.borger.dk/signin-oidc Name: .AspNetCore.Correlation.CodeOpenIdConnect.4VLFxHcDI9L_RkZ9BopvDl5lzB7j2MaN7Pp1Bua1rR4
Value: N
auth.post.demo.borger.dk/signin-oidc Name: .AspNetCore.OpenIdConnect.Nonce.CfDJ8BpyPmNS-RRAiRN5eAXxm3Ig3XJ1vnX-YhMgHo9M7P8tQ1mPXAxFw-TrMA9m1HxrkVVdNZS1vISH1TNg1U9cCNKKc9VZJ3SJK0TQyluwDoE0OMt1XHo_V6qfwtzvU285w9pmzituoPuhvDs7QPRkhHVNWGq22AdE5vWflHUzX5GL_IMsIcB-um7iqudL-IynCWdcH4G5k5COJr7DT_rKV1azRkIagsTm02t3Nja_WPMF4zb3m0GoZOnYMiptGcLbKNT_teyXjhLI-IDlTfN9gCQ
Value: N
auth.post.demo.borger.dk/signin-oidc Name: .AspNetCore.Correlation.CodeOpenIdConnect.xOwld74Ofr6a4AlsMdzZ26GlEWxT07NRNOWa33SeqXQ
Value: N
post.demo.borger.dk/ Name: CorrelationId
Value: 6e9e6a0b-8c50-4df8-a245-ca10e02fd64b
test.digitalpost.dk/ Name: JSESSIONID
Value: 17C761ABECBECBDC4B07B79E8A809677
test.digitalpost.dk/ Name: NSC_mc_wt_eq_benjo_uftu
Value: ffffffff0909543345525d5f4f58455e445a4a423660

20 Console Messages

Source Level URL
Text
network error URL: https://api.post.demo.borger.dk/api/mailboxes?size=1000
Message:
Failed to load resource: the server responded with a status of 401 ()
network error URL: https://auth.post.demo.borger.dk/web/auth/refresh
Message:
Failed to load resource: the server responded with a status of 401 ()
network error URL: https://auth.post.demo.borger.dk/web/auth/poll
Message:
Failed to load resource: the server responded with a status of 401 ()
network error URL: https://auth.post.demo.borger.dk/web/auth/refresh
Message:
Failed to load resource: the server responded with a status of 401 ()
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'gamepad'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'speaker-selection'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'conversion-measurement'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'focus-without-user-activation'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'sync-script'.
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'trust-token-redemption'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'vertical-scroll'.
security error URL: https://test.digitalpost.dk/auth/test-identity-provider/login(Line 6)
Message:
Refused to load the stylesheet 'https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security error URL: https://test.digitalpost.dk/auth/test-identity-provider/login(Line 7)
Message:
Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=IBM%20Plex%20Sans' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data:;script-src 'self' 'unsafe-eval' https: 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data: blob:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1