urlscan.io logo urlscan.io
SecurityTrails logo

identity.andor.app Open in urlscan Pro
2606:4700:10::ac43:27b7  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://andor.app/
Effective URL: https://identity.andor.app/login/welcome?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%2...
Submission: On October 17 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 2 domains to perform 15 HTTP transactions. The main IP is 2606:4700:10::ac43:27b7, located in United States and belongs to CLOUDFLARENET, US. The main domain is identity.andor.app.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 11th 2023. Valid for: a year.
This is the only time identity.andor.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 8 2606:4700:10:... 13335 (CLOUDFLAR...)
15 4
Apex Domain
Subdomains		 Transfer
13 andor.app
andor.app — Cisco Umbrella Rank: 753594
apim.andor.app — Cisco Umbrella Rank: 785172
identity.andor.app
4 MB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 49
1 KB
15 2
Domain Requested by
6 identity.andor.app 1 redirects andor.app
identity.andor.app
5 andor.app andor.app
2 apim.andor.app andor.app
2 fonts.googleapis.com andor.app
identity.andor.app
15 4

This site contains no links.

Subject Issuer Validity Valid
andor.app
Cloudflare Inc ECC CA-3		 2023-10-17 -
2024-10-16		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-11 -
2024-04-10		 a year crt.sh

This page contains 1 frames:

Primary Page: https://identity.andor.app/login/welcome?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%2520code%26client_id%3Dthink.andor%26scope%3Dpublic%2520openid%2520uirestapi%2520offline_access%26nonce%3DN0.96379263134264811697565033866%26state%3D16975650338660.7779682552533962%26redirect_uri%3Dhttps%253A%252F%252Fandor.app%252Fdashboard
Frame ID: 2CA7E60040DE07EBCF5AAB2A0E79302C
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Andor HealthAndor Health

Page URL History Show full URLs

  1. https://andor.app/ Page URL
  2. https://identity.andor.app/connect/authorize?response_type=id_token%20token%20code&client_id=think.ando... HTTP 302
    https://identity.andor.app/login/welcome?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3D... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

15
Requests

93 %
HTTPS

100 %
IPv6

2
Domains

4
Subdomains

4
IPs

2
Countries

3731 kB
Transfer

17903 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://andor.app/ Page URL
  2. https://identity.andor.app/connect/authorize?response_type=id_token%20token%20code&client_id=think.andor&scope=public%20openid%20uirestapi%20offline_access&nonce=N0.96379263134264811697565033866&state=16975650338660.7779682552533962&redirect_uri=https://andor.app/dashboard HTTP 302
    https://identity.andor.app/login/welcome?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%2520code%26client_id%3Dthink.andor%26scope%3Dpublic%2520openid%2520uirestapi%2520offline_access%26nonce%3DN0.96379263134264811697565033866%26state%3D16975650338660.7779682552533962%26redirect_uri%3Dhttps%253A%252F%252Fandor.app%252Fdashboard Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
andor.app/ 		852 B
872 B 		Document
General
Check archive.org
Download Go to
Full URL
https://andor.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:36b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbd9ebb7b06e1e34c4876d8b052b82876f65002d0b56cb937cf28098a5d1f524
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, must-revalidate, max-age=15, proxy-revalidate, s-maxage=30
cf-cache-status
DYNAMIC
cf-ray
817a62658c51085b-FRA
content-encoding
gzip
content-type
text/html
date
Tue, 17 Oct 2023 17:50:31 GMT
last-modified
Mon, 16 Oct 2023 00:46:37 GMT
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-azure-ref
20231017T175031Z-snsttmvffp4up3gmzyxc4c2vfc00000008ag00000002t1wy
x-cache
TCP_MISS
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
css2
fonts.googleapis.com/ 		4 KB
950 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;700&display=swap
Requested by
Host: andor.app
URL: https://andor.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
46f8cce0826f2b934c7ef9af81e9667f64a36dca24ff6782e09b298e79480cbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 17 Oct 2023 17:50:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 17 Oct 2023 17:24:22 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 17 Oct 2023 17:50:31 GMT
icon
fonts.googleapis.com/ 		569 B
439 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: andor.app
URL: https://andor.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 17 Oct 2023 17:50:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 17 Oct 2023 17:50:31 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 17 Oct 2023 17:50:31 GMT
main.2d4d2b91.js
andor.app/static/js/ 		14 MB
3 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://andor.app/static/js/main.2d4d2b91.js
Requested by
Host: andor.app
URL: https://andor.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:36b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15e762625154d1cf8c9103b8a415336e6e039f663970214119628ac7d8fc8e6e
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://andor.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 17:50:31 GMT
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
content-encoding
gzip
x-dns-prefetch-control
off
x-cache
TCP_REVALIDATED_HIT
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 16 Oct 2023 00:46:37 GMT
server
cloudflare
etag
W/"63825277"
x-azure-ref
20231017T121620Z-q0tm09dy3d4q7cfe18zc7ud3u8000000081g000000010ap2
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=300, must-revalidate, proxy-revalidate, s-maxage=30
cf-ray
817a62666d8d085b-FRA
main.082c7061.css
andor.app/static/css/ 		3 MB
298 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://andor.app/static/css/main.082c7061.css
Requested by
Host: andor.app
URL: https://andor.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:36b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6b0503f75b2725d8749a8d648680f5205dd97efcf872445b5e3d85076936911
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://andor.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 17:50:31 GMT
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
content-encoding
gzip
x-dns-prefetch-control
off
x-cache
TCP_REVALIDATED_HIT
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 16 Oct 2023 00:46:37 GMT
server
cloudflare
etag
W/"63825277"
x-azure-ref
20231017T121620Z-q0tm09dy3d4q7cfe18zc7ud3u8000000082000000000x17c
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=300, must-revalidate, proxy-revalidate, s-maxage=30
cf-ray
817a62664d6d085b-FRA
translation.json
andor.app/locales/en/ 		9 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://andor.app/locales/en/translation.json?cb=1697565032210
Requested by
Host: andor.app
URL: https://andor.app/static/js/main.2d4d2b91.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:36b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://andor.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 17:50:33 GMT
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-dns-prefetch-control
off
x-cache
TCP_MISS
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 16 Oct 2023 00:46:37 GMT
server
cloudflare
etag
W/"63825277"
x-azure-ref
20231017T175032Z-snsttmvffp4up3gmzyxc4c2vfc00000008ag00000002t29w
content-type
application/json
cache-control
public, must-revalidate, max-age=15, proxy-revalidate, s-maxage=30
cf-ray
817a626ffb59085b-FRA
config.json
andor.app/ 		895 B
490 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://andor.app/config.json
Requested by
Host: andor.app
URL: https://andor.app/static/js/main.2d4d2b91.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:36b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://andor.app/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 17:50:33 GMT
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-dns-prefetch-control
off
x-cache
TCP_REVALIDATED_HIT
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 16 Oct 2023 00:46:37 GMT
server
cloudflare
etag
W/"63825277"
x-azure-ref
20231017T175033Z-snsttmvffp4up3gmzyxc4c2vfc00000008ag00000002t2a8
content-type
application/json
cache-control
public, must-revalidate, max-age=15, proxy-revalidate, s-maxage=30
cf-ray
817a6270aca9085b-FRA
profile
apim.andor.app/api/user/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://apim.andor.app/api/user/profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:27b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,lang,pragma
Access-Control-Request-Method
GET
Origin
https://andor.app
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,lang,pragma
access-control-allow-origin
https://andor.app
cf-cache-status
DYNAMIC
cf-ray
817a62720d822c26-FRA
content-length
0
date
Tue, 17 Oct 2023 17:50:33 GMT
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
profile
apim.andor.app/api/user/ 		0
474 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apim.andor.app/api/user/profile
Requested by
Host: andor.app
URL: https://andor.app/static/js/main.2d4d2b91.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:27b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Pragma
no-cache
Referer
lang
accept-language
de-DE,de;q=0.9
authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 17:50:33 GMT
strict-transport-security
max-age=2592000; includeSubDomains; preload
www-authenticate
Bearer
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-allow-origin
https://andor.app
access-control-allow-credentials
true
cf-ray
817a6274b95e2c26-FRA
content-length
0
Primary Request welcome
identity.andor.app/login/
Redirect Chain
  • https://identity.andor.app/connect/authorize?response_type=id_token%20token%20code&client_id=think.andor&scope=public%20openid%20uirestapi%20offline_access&nonce=N0.96379263134264811697565033866&st...
  • https://identity.andor.app/login/welcome?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%2520code%26client_id%3Dthink.andor%26scope%3Dpublic%2520openid%2520uirestap...
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://identity.andor.app/login/welcome?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%2520code%26client_id%3Dthink.andor%26scope%3Dpublic%2520openid%2520uirestapi%2520offline_access%26nonce%3DN0.96379263134264811697565033866%26state%3D16975650338660.7779682552533962%26redirect_uri%3Dhttps%253A%252F%252Fandor.app%252Fdashboard
Requested by
Host: andor.app
URL: https://andor.app/static/js/main.2d4d2b91.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:27b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a840a8b1e3ac5168c5d09acacb3357be1ac21f1853ff2ba83a44826ad4a187a2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
817a62793c759bc4-FRA
content-encoding
gzip
content-security-policy
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
content-type
text/html; charset=utf-8
date
Tue, 17 Oct 2023 17:50:34 GMT
referrer-policy
no-referrer
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-security-policy
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
817a627669269bc4-FRA
content-length
0
date
Tue, 17 Oct 2023 17:50:34 GMT
location
https://identity.andor.app/login/welcome?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%2520code%26client_id%3Dthink.andor%26scope%3Dpublic%2520openid%2520uirestapi%2520offline_access%26nonce%3DN0.96379263134264811697565033866%26state%3D16975650338660.7779682552533962%26redirect_uri%3Dhttps%253A%252F%252Fandor.app%252Fdashboard
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
andor-style-new.css
identity.andor.app/login/assets/css/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://identity.andor.app/login/assets/css/andor-style-new.css
Requested by
Host: identity.andor.app
URL: https://identity.andor.app/login/welcome?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%2520code%26client_id%3Dthink.andor%26scope%3Dpublic%2520openid%2520uirestapi%2520offline_access%26nonce%3DN0.96379263134264811697565033866%26state%3D16975650338660.7779682552533962%26redirect_uri%3Dhttps%253A%252F%252Fandor.app%252Fdashboard
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:27b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6c5178123fcdecc16a08dd133f4f582e9c2ee0e0d5420210503c0f31e3aaba1
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 17:50:35 GMT
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
EXPIRED
last-modified
Wed, 11 Oct 2023 20:20:08 GMT
server
cloudflare
content-encoding
gzip
etag
W/"1d9fc8054089686"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=300
cf-ray
817a627a1d7a9bc4-FRA
welcome.js
identity.andor.app/login/assets/js/ 		5 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://identity.andor.app/login/assets/js/welcome.js
Requested by
Host: identity.andor.app
URL: https://identity.andor.app/login/welcome?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%2520code%26client_id%3Dthink.andor%26scope%3Dpublic%2520openid%2520uirestapi%2520offline_access%26nonce%3DN0.96379263134264811697565033866%26state%3D16975650338660.7779682552533962%26redirect_uri%3Dhttps%253A%252F%252Fandor.app%252Fdashboard
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:27b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8a59c791d68adc6a5b9404dd6716bed45ff445ef076a12f1d1208e3acc9361c
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 17:50:35 GMT
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Wed, 11 Oct 2023 20:20:08 GMT
server
cloudflare
content-encoding
gzip
etag
W/"1d9fc8054089e13"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=300
cf-ray
817a627a1d7f9bc4-FRA
logo-light.svg
identity.andor.app/login/assets/images/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identity.andor.app/login/assets/images/logo-light.svg
Requested by
Host: identity.andor.app
URL: https://identity.andor.app/login/welcome?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%2520code%26client_id%3Dthink.andor%26scope%3Dpublic%2520openid%2520uirestapi%2520offline_access%26nonce%3DN0.96379263134264811697565033866%26state%3D16975650338660.7779682552533962%26redirect_uri%3Dhttps%253A%252F%252Fandor.app%252Fdashboard
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:27b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0203521bf7d4e8d1620fe412626e2766c1764c971ca17f203bb0cfedaa5f5920
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 17:50:35 GMT
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
EXPIRED
last-modified
Wed, 11 Oct 2023 20:20:08 GMT
server
cloudflare
content-encoding
gzip
etag
W/"1d9fc805408987b"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=300
cf-ray
817a627a1d819bc4-FRA
css2
fonts.googleapis.com/ 		0
0
background-pattern.svg
identity.andor.app/login/assets/images/ 		48 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identity.andor.app/login/assets/images/background-pattern.svg
Requested by
Host: identity.andor.app
URL: https://identity.andor.app/login/assets/css/andor-style-new.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:27b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
138c6409847b3de3eb30ebf6b27b0be9875cf62f0c78327844f94f2a0093709b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://identity.andor.app/login/assets/css/andor-style-new.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 17:50:35 GMT
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Wed, 11 Oct 2023 20:20:08 GMT
server
cloudflare
content-encoding
gzip
etag
W/"1d9fc8054084c21"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=300
cf-ray
817a627d09cd9bc4-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.googleapis.com
URL
https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500&display=swap

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| isNativeDarkMode function| handleSubmit function| handleTheme function| handleToggleTenant function| handleTenantSelection function| constructHTMLTenantList function| removeStorages

2 Cookies

Domain/Path Name / Value
.identity.andor.app/ Name: ARRAffinity
Value: 9b393eaab67d130e9be466812ec37fe027ce44a996ed3af862f67fa2c3258cb5
.identity.andor.app/ Name: ARRAffinitySameSite
Value: 9b393eaab67d130e9be466812ec37fe027ce44a996ed3af862f67fa2c3258cb5

3 Console Messages

Source Level URL
Text
network error URL: https://apim.andor.app/api/user/profile
Message:
Failed to load resource: the server responded with a status of 401 ()
security warning URL: https://identity.andor.app/login/welcome?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%2520code%26client_id%3Dthink.andor%26scope%3Dpublic%2520openid%2520uirestapi%2520offline_access%26nonce%3DN0.96379263134264811697565033866%26state%3D16975650338660.7779682552533962%26redirect_uri%3Dhttps%253A%252F%252Fandor.app%252Fdashboard
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security error URL: https://identity.andor.app/login/welcome?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%2520code%26client_id%3Dthink.andor%26scope%3Dpublic%2520openid%2520uirestapi%2520offline_access%26nonce%3DN0.96379263134264811697565033866%26state%3D16975650338660.7779682552533962%26redirect_uri%3Dhttps%253A%252F%252Fandor.app%252Fdashboard(Line 40)
Message:
Refused to load the stylesheet 'https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500&display=swap' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block