urlscan.io logo urlscan.io
SecurityTrails logo

www.dekra.de Open in urlscan Pro
20.79.250.220  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.dekra-classic-services.de/
Effective URL: https://www.dekra.de/de/oldtimer/
Submission: On November 17 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 16 HTTP transactions. The main IP is 20.79.250.220, located in Frankfurt am Main, Germany and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.dekra.de.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on September 30th 2021. Valid for: a year.
This is the only time www.dekra.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 91.205.36.73 50824 (DEKRA-AG)
10 20.79.250.220 8075 (MICROSOFT...)
2 20.113.32.175 8075 (MICROSOFT...)
1 151.101.128.217 54113 (FASTLY)
2 62.50.120.125 12374 (LFNET-AS01)
16 5
1    91.205.36.73 (Stuttgart, Germany)

ASN50824 (DEKRA-AG, DE)
www.dekra-classic-services.de
10    20.79.250.220 (Frankfurt am Main, Germany)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.dekra.de
2    20.113.32.175 (Frankfurt am Main, Germany)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
media.dekra.com
1    151.101.128.217 (United States)

ASN54113 (FASTLY, US)
player.vimeo.com
2    62.50.120.125 (Eppingen, Germany)

ASN12374 (LFNET-AS01, DE)
PTR: revproxy01.dekra.bawue.com
matomo.dekra.bawue.com
Domain Requested by
10 www.dekra.de www.dekra.de
2 matomo.dekra.bawue.com www.dekra.de
matomo.dekra.bawue.com
2 media.dekra.com www.dekra.de
1 player.vimeo.com www.dekra.de
1 www.dekra-classic-services.de 1 redirects
16 5
Subject Issuer Validity Valid
www.dekra.de
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-09-30 -
2022-09-30		 a year crt.sh
media.dekra.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-09-30 -
2022-09-30		 a year crt.sh
*.vimeo.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-09-15 -
2022-10-17		 a year crt.sh
matomo.dekra.bawue.com
R3		 2021-10-27 -
2022-01-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.dekra.de/de/oldtimer/
Frame ID: 5378CA2F8D81F28AE0CFD583B4FBD10E
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

DEKRA Classic Services

Page URL History Show full URLs

  1. https://www.dekra-classic-services.de/ HTTP 301
    https://www.dekra.de/de/oldtimer/ Page URL

Page Statistics

16
Requests

94 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

935 kB
Transfer

2032 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.dekra-classic-services.de/ HTTP 301
    https://www.dekra.de/de/oldtimer/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.dekra.de/de/oldtimer/
Redirect Chain
  • https://www.dekra-classic-services.de/
  • https://www.dekra.de/de/oldtimer/
117 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dekra.de/de/oldtimer/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.79.250.220 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d29fd141563ef35f6fc69547264ac4e1226100017ca4e77e4d0a3fa7a9aee700
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=600, private, must-revalidate
Transfer-Encoding
chunked
Content-Type
text/html;charset=UTF-8
Content-Encoding
gzip
Vary
Referer,Accept-Encoding,User-Agent,Accept-Encoding
Content-Security-Policy
default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
X-Frame-Options
sameorigin
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Date
Wed, 17 Nov 2021 13:42:25 GMT

Redirect headers

Date
Wed, 17 Nov 2021 13:42:26 GMT
Server
Apache
Content-Length
0
Location
https://www.dekra.de/de/oldtimer/
X-Frame-Options
SAMEORIGIN
Content-Security-Policy
default-src 'self'; img-src *
X-Content-Security-Policy
default-src 'self'; allow 'self'; img-src *
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=0
Connection
close
Content-Type
text/plain
fa-light-2.woff2
www.dekra.de/media/system-files/fonts/ 		180 KB
182 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.dekra.de/media/system-files/fonts/fa-light-2.woff2
Requested by
Host: www.dekra.de
URL: https://www.dekra.de/de/oldtimer/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.79.250.220 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1ddc6ae069ea7aedb68a92d53a12933a5a326f28c714869b99f335377dcce217
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.dekra.de/de/oldtimer/
Origin
https://www.dekra.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 14:13:50 MET
Date
Wed, 17 Nov 2021 13:42:25 GMT
X-Frame-Options
sameorigin
Content-Type
font/woff2
X-XSS-Protection
1; mode=block
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Vary
Access-Control-Request-Headers
Content-Length
184204
X-Content-Type-Options
nosniff
style.css
www.dekra.de/media/system-files/css/ 		659 KB
126 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dekra.de/media/system-files/css/style.css?3694778
Requested by
Host: www.dekra.de
URL: https://www.dekra.de/de/oldtimer/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.79.250.220 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a923ba1103ed3ac882fad0deece08564bf10cdb92e689b0491fcd954473aebd3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dekra.de/de/oldtimer/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 14:13:50 MET
Date
Wed, 17 Nov 2021 13:42:25 GMT
X-Frame-Options
sameorigin
Content-Type
text/css
X-XSS-Protection
1; mode=block
Cache-Control
max-age=604800, public
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Vary
Access-Control-Request-Headers,Accept-Encoding
X-Content-Type-Options
nosniff
logo-de-small.jpg
media.dekra.com/media/ 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.dekra.com/media/logo-de-small.jpg
Requested by
Host: www.dekra.de
URL: https://www.dekra.de/de/oldtimer/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.113.32.175 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e7293c4ed1a32be2b6e6e80d7999c638751b380533fdf26b2c7d0f9f7e9f383b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dekra.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 13:27:39 GMT
Date
Wed, 17 Nov 2021 13:42:26 GMT
X-Frame-Options
sameorigin
Content-Type
image/jpeg
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000, public
Connection
close
Accept-Ranges
bytes
Vary
Access-Control-Request-Headers
Content-Length
23910
X-Content-Type-Options
nosniff
1x1.png
www.dekra.de/media/system-files/img/ 		70 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dekra.de/media/system-files/img/1x1.png
Requested by
Host: www.dekra.de
URL: https://www.dekra.de/de/oldtimer/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.79.250.220 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44d5041f007d30a9b7079bd3a42ef6da96c4cda10a25b1bcc5a0a6f92b0aadcc
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dekra.de/de/oldtimer/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 14:13:50 MET
Date
Wed, 17 Nov 2021 13:42:25 GMT
X-Frame-Options
sameorigin
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Vary
Access-Control-Request-Headers
Content-Length
70
X-Content-Type-Options
nosniff
jquery-3-5-0-min.js
www.dekra.de/media/system-files/js/ 		87 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dekra.de/media/system-files/js/jquery-3-5-0-min.js
Requested by
Host: www.dekra.de
URL: https://www.dekra.de/de/oldtimer/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.79.250.220 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dekra.de/de/oldtimer/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 14:13:50 MET
X-Frame-Options
sameorigin
Date
Wed, 17 Nov 2021 13:42:25 GMT
Vary
Access-Control-Request-Headers,Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=604800, public
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
39727
X-XSS-Protection
1; mode=block
modernizr-custom5557ac.js
www.dekra.de/media/system-files/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dekra.de/media/system-files/js/modernizr-custom5557ac.js
Requested by
Host: www.dekra.de
URL: https://www.dekra.de/de/oldtimer/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.79.250.220 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9f02c3634b59fbbb77b28f4af3055a8b9982b923fb82c055cc7e8a807e45e6a9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dekra.de/de/oldtimer/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 14:13:50 MET
X-Frame-Options
sameorigin
Date
Wed, 17 Nov 2021 13:42:25 GMT
Vary
Access-Control-Request-Headers,Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=604800, public
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
2481
X-XSS-Protection
1; mode=block
require-2120min.js
www.dekra.de/media/system-files/js/ 		15 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dekra.de/media/system-files/js/require-2120min.js
Requested by
Host: www.dekra.de
URL: https://www.dekra.de/de/oldtimer/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.79.250.220 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a1bd9fcc0c344e088f4c4d340fb4ab6e8a1154a1c5fd83ac5f4de8fd70e8c9b4
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dekra.de/de/oldtimer/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 14:13:50 MET
X-Frame-Options
sameorigin
Date
Wed, 17 Nov 2021 13:42:25 GMT
Vary
Access-Control-Request-Headers,Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=604800, public
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
7756
X-XSS-Protection
1; mode=block
sprite.png
www.dekra.de/media/system-files/img/ 		5 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dekra.de/media/system-files/img/sprite.png
Requested by
Host: www.dekra.de
URL: https://www.dekra.de/media/system-files/css/style.css?3694778
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.79.250.220 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
38a382c30430fa17093ebbeef5cd8cb3acda2914d0373a8ff6f129e99507ee44
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dekra.de/media/system-files/css/style.css?3694778
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 14:13:50 MET
Date
Wed, 17 Nov 2021 13:42:25 GMT
X-Frame-Options
sameorigin
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Vary
Access-Control-Request-Headers
Content-Length
5078
X-Content-Type-Options
nosniff
script-nod3-min.js
www.dekra.de/media/system-files/js/ 		652 KB
227 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dekra.de/media/system-files/js/script-nod3-min.js?3694778
Requested by
Host: www.dekra.de
URL: https://www.dekra.de/media/system-files/js/require-2120min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.79.250.220 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f287870540157b025bf07f628f01c894a328df3127c84f4bb289036c71a52ca6
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dekra.de/de/oldtimer/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 14:13:50 MET
Date
Wed, 17 Nov 2021 13:42:25 GMT
X-Frame-Options
sameorigin
Content-Type
application/javascript
X-XSS-Protection
1; mode=block
Cache-Control
max-age=604800, public
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Vary
Access-Control-Request-Headers,Accept-Encoding
X-Content-Type-Options
nosniff
1x1.png
www.dekra.de/media/system-files/img/ 		0
0
dekra-classic-services-oldtimerdienstleistungen_402x226.jpg
www.dekra.de/media/ 		52 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dekra.de/media/dekra-classic-services-oldtimerdienstleistungen_402x226.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.79.250.220 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
95aadb852f5dcdf886ce419fe413727740376e314f1ce8b64b6be3d265565bb5
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dekra.de/de/oldtimer/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 13:42:03 MET
Date
Wed, 17 Nov 2021 13:42:25 GMT
X-Frame-Options
sameorigin
Content-Type
image/jpeg
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Vary
Access-Control-Request-Headers
Content-Length
53417
X-Content-Type-Options
nosniff
player.js
player.vimeo.com/api/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/api/player.js
Requested by
Host: www.dekra.de
URL: https://www.dekra.de/media/system-files/js/require-2120min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
81d1eeb980b09409744568d2ed3ca7ff1ee763d6aeb9dc6c66bc845dd3d3bb96
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dekra.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

X-Varnish-Cache
1
Content-Security-Policy
default-src 'none'; style-src 'unsafe-inline'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
776
X-Cache
HIT
P3p
CP="This is not a P3P policy! See https://vimeo.com/privacy"
Connection
keep-alive
X-VServer
infra-playproxy-b-3
Content-Length
5996
X-Xss-Protection
1; mode=block
X-Served-By
cache-hhn4031-HHN
X-Player-Backend
p
Expires
Wed, 17 Nov 2021 13:59:26 GMT
Server
nginx
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Timer
S1637156546.487448,VS0,VE0
Date
Wed, 17 Nov 2021 13:42:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/javascript;charset=utf-8
Via
1.1 varnish, 1.1 varnish
Vary
Accept-Encoding
X-Vimeo-DC
ge
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
X-Cache-Hits
2238
matomo.js
matomo.dekra.bawue.com/ 		62 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://matomo.dekra.bawue.com/matomo.js
Requested by
Host: www.dekra.de
URL: https://www.dekra.de/de/oldtimer/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.50.120.125 Eppingen, Germany, ASN12374 (LFNET-AS01, DE),
Reverse DNS
revproxy01.dekra.bawue.com
Software
openresty /
Resource Hash
0ce713b6cef25179719f242dcfa4ed9e985f1443257722299df2768deeb5ab6e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dekra.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 13:02:38 GMT
x-server-revproxy
s='' t='http://vserv38.di.dekra.com' f='185.213.155.162' sp='HTTP/2.0' sport='' host='' limit_req_key='185.213.155.162'
last-modified
Fri, 08 Oct 2021 06:26:29 GMT
server
openresty
etag
"615fe495-f8bb"
content-type
application/javascript
accept-ranges
bytes
content-length
63675
matomo.php
matomo.dekra.bawue.com/ 		0
231 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://matomo.dekra.bawue.com/matomo.php?action_name=DEKRA%20Classic%20Services&idsite=1&rec=1&r=895211&h=13&m=42&s=26&url=https%3A%2F%2Fwww.dekra.de%2Fde%2Foldtimer%2F&_id=bee876b0ae333a19&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=w0EUWw&pf_net=32&pf_srv=11&pf_tfr=8&pf_dm1=156&pf_dm2=90&pf_onl=0
Requested by
Host: matomo.dekra.bawue.com
URL: https://matomo.dekra.bawue.com/matomo.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.50.120.125 Eppingen, Germany, ASN12374 (LFNET-AS01, DE),
Reverse DNS
revproxy01.dekra.bawue.com
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.dekra.de/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin
https://www.dekra.de
date
Wed, 17 Nov 2021 13:02:38 GMT
x-server-revproxy
s='' t='http://vserv38.di.dekra.com' f='185.213.155.162' sp='HTTP/2.0' sport='' host='' limit_req_key='185.213.155.162'
access-control-allow-credentials
true
server
openresty
vary
Origin
location-search-default_1120x400.jpg
media.dekra.com/media/ 		155 KB
156 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.dekra.com/media/location-search-default_1120x400.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.113.32.175 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3f715e8b5e3fcb69d69be4f48f027e34db6dbbf3d8645767a9b705e2d7d7cbcb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dekra.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 13:27:33 GMT
Date
Wed, 17 Nov 2021 13:42:26 GMT
X-Frame-Options
sameorigin
Content-Type
image/jpeg
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000, public
Accept-Ranges
bytes
Vary
Access-Control-Request-Headers
Content-Length
159004
X-Content-Type-Options
nosniff

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.dekra.de
URL
https://www.dekra.de/media/system-files/img/1x1.png

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| TRACKING string| PRIVACY_SETTINGS boolean| thirdPartyEnabled undefined| privacySettings object| onloadQueue object| lang object| datepickerInt object| chartData object| cmsTrigger object| FontAwesomeConfig function| $ function| jQuery object| Modernizr function| require function| requirejs function| define object| EasyAutocomplete undefined| _ boolean| tapHandling boolean| tappy object| OpenShare object| lazySizes object| picturefillCFG function| picturefill undefined| Backbone function| getPrivacySettings function| getPrivacySettingsSession function| addParameter function| matomoOptout function| getUserLocation function| hasUserLocation function| saveUserLocation function| search function| removeLocationIdParameterFromLocalStorage function| getLocationIdParameterFromLocalStorage function| storeLocationIdParameterIntoLocalStorage function| removeLocationIdParameterFromUrl function| getLocationIdFromUrlParameter function| getUrlParameterValue boolean| VimeoPlayerResizeEmbeds_ object| app object| _paq string| LOCATION_ID string| USER_LOCATION object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log

3 Cookies

Domain/Path Name / Value
www.dekra.de/ Name: JSESSIONID
Value: 935684C65FF1D6362F3D8CE178BDBE81
www.dekra.de/ Name: _pk_id.1.2437
Value: bee876b0ae333a19.1637156547.
www.dekra.de/ Name: _pk_ses.1.2437
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block