gas-one-bd.t.customer-care.staging.paygoenergy.io Open in urlscan Pro
2a00:1450:4001:831::2013  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response gas-one-bd.t.customer-care.staging.paygoenergy.io/	769 B 1 KB	80ms 30ms	Document text/html	2a00:1450:4001:831::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gas-one-bd.t.customer-care.staging.paygoenergy.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash b85634fb6e0c68611540e327235d7c0ff1e988870651e28b0cc539b481ab0cc9 Security Headers Name Value Content-Security-Policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers :method GET :authority gas-one-bd.t.customer-care.staging.paygoenergy.io :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers content-security-policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests expect-ct max-age=0 referrer-policy no-referrer strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-dns-prefetch-control false x-download-options noopen x-frame-options SAMEORIGIN x-permitted-cross-domain-policies none x-xss-protection 0 date Thu, 02 Sep 2021 02:08:44 GMT expires Thu, 02 Sep 2021 02:18:44 GMT cache-control public, max-age=600 etag "dHZ1ug" x-cloud-trace-context 43e46d970c14c8fe898245a649a115df content-type text/html content-encoding gzip server Google Frontend
GET H2	200	2.83769179.chunk.css gas-one-bd.t.customer-care.staging.paygoenergy.io/static/css/	1 KB 418 B	46ms 45ms	Stylesheet text/css	2a00:1450:4001:831::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/css/2.83769179.chunk.css Requested by Host: gas-one-bd.t.customer-care.staging.paygoenergy.io URL: https://gas-one-bd.t.customer-care.staging.paygoenergy.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash 8d4b6d6439419f572adcfc062b890d4501f223cc42612499e19f756f67394b8a Security Headers Name Value Content-Security-Policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers :path /static/css/2.83769179.chunk.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority gas-one-bd.t.customer-care.staging.paygoenergy.io :scheme https sec-fetch-site same-origin :method GET Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers content-security-policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests content-encoding gzip x-content-type-options nosniff x-permitted-cross-domain-policies none x-dns-prefetch-control false date Thu, 02 Sep 2021 02:08:44 GMT x-xss-protection 0 referrer-policy no-referrer server Google Frontend x-frame-options SAMEORIGIN etag "dHZ1ug" expect-ct max-age=0 strict-transport-security max-age=63072000; includeSubDomains; preload x-download-options noopen content-type text/css x-cloud-trace-context 1b6f96220dbb2857895156874fa03e5a cache-control public, max-age=600 expires Thu, 02 Sep 2021 02:18:44 GMT
GET H2	200	icon fonts.googleapis.com/	568 B 461 B	15ms 14ms	Stylesheet text/css	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/icon?family=Material+Icons Requested by Host: gas-one-bd.t.customer-care.staging.paygoenergy.io URL: https://gas-one-bd.t.customer-care.staging.paygoenergy.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 80b252c5e024e15162180f33565a89511dd7f94e7f3716d55fda1a0a751bd082 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Thu, 02 Sep 2021 02:08:44 GMT server ESF date Thu, 02 Sep 2021 02:08:44 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 02 Sep 2021 02:08:44 GMT
GET H2	200	runtime-main.1e1637f7.js Show response gas-one-bd.t.customer-care.staging.paygoenergy.io/static/js/	2 KB 867 B	76ms 75ms	Script application/javascript	2a00:1450:4001:831::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/js/runtime-main.1e1637f7.js Requested by Host: gas-one-bd.t.customer-care.staging.paygoenergy.io URL: https://gas-one-bd.t.customer-care.staging.paygoenergy.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash 252bdeb3dd1cce26e9e078606809435cf06577b1611e6495bab3eb6ac470c29c Security Headers Name Value Content-Security-Policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers :path /static/js/runtime-main.1e1637f7.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority gas-one-bd.t.customer-care.staging.paygoenergy.io :scheme https sec-fetch-site same-origin :method GET Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers content-security-policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests content-encoding gzip x-content-type-options nosniff x-permitted-cross-domain-policies none x-dns-prefetch-control false date Thu, 02 Sep 2021 02:08:44 GMT x-xss-protection 0 referrer-policy no-referrer server Google Frontend x-frame-options SAMEORIGIN etag "dHZ1ug" expect-ct max-age=0 strict-transport-security max-age=63072000; includeSubDomains; preload x-download-options noopen content-type application/javascript x-cloud-trace-context 3136f7400f942ac1b96f9aaed06a9293 cache-control public, max-age=600 expires Thu, 02 Sep 2021 02:18:44 GMT
GET H2	200	2.82c9a1be.chunk.js Show response gas-one-bd.t.customer-care.staging.paygoenergy.io/static/js/	741 KB 259 KB	68ms 67ms	Script application/javascript	2a00:1450:4001:831::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/js/2.82c9a1be.chunk.js Requested by Host: gas-one-bd.t.customer-care.staging.paygoenergy.io URL: https://gas-one-bd.t.customer-care.staging.paygoenergy.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash e2c6351b543009113dcef0dae0456aeceafbd7aabab10d1c7ebb5877f2eb2461 Security Headers Name Value Content-Security-Policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers :path /static/js/2.82c9a1be.chunk.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority gas-one-bd.t.customer-care.staging.paygoenergy.io :scheme https sec-fetch-site same-origin :method GET Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers content-security-policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests content-encoding gzip x-content-type-options nosniff x-permitted-cross-domain-policies none x-dns-prefetch-control false date Thu, 02 Sep 2021 02:08:44 GMT x-xss-protection 0 referrer-policy no-referrer server Google Frontend x-frame-options SAMEORIGIN etag "dHZ1ug" expect-ct max-age=0 strict-transport-security max-age=63072000; includeSubDomains; preload x-download-options noopen content-type application/javascript x-cloud-trace-context de4220dbf5365e57defa3a6eb6864838 cache-control public, max-age=600 expires Thu, 02 Sep 2021 02:18:44 GMT
GET H2	200	main.b5072437.chunk.js Show response gas-one-bd.t.customer-care.staging.paygoenergy.io/static/js/	39 KB 14 KB	104ms 104ms	Script application/javascript	2a00:1450:4001:831::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/js/main.b5072437.chunk.js Requested by Host: gas-one-bd.t.customer-care.staging.paygoenergy.io URL: https://gas-one-bd.t.customer-care.staging.paygoenergy.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash c20a53ceb029d9d38c99a17e39232823b9a864821a394e00974e9d9cbfce5685 Security Headers Name Value Content-Security-Policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers :path /static/js/main.b5072437.chunk.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority gas-one-bd.t.customer-care.staging.paygoenergy.io :scheme https sec-fetch-site same-origin :method GET Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers content-security-policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests content-encoding gzip x-content-type-options nosniff x-permitted-cross-domain-policies none x-dns-prefetch-control false date Thu, 02 Sep 2021 02:08:44 GMT x-xss-protection 0 referrer-policy no-referrer server Google Frontend x-frame-options SAMEORIGIN etag "dHZ1ug" expect-ct max-age=0 strict-transport-security max-age=63072000; includeSubDomains; preload x-download-options noopen content-type application/javascript x-cloud-trace-context 6e5f4da64d636faa22fadc77ff611dfb cache-control public, max-age=600 expires Thu, 02 Sep 2021 02:18:44 GMT
OPTIONS H2	204	runtime-env gas-one-bd.t.coresvc.staging.paygoenergy.io/customer-care/	0 0	76ms 34ms	Preflight text/html	2a00:1450:4001:831::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gas-one-bd.t.coresvc.staging.paygoenergy.io/customer-care/runtime-env Protocol H2 Server 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Method GET Access-Control-Request-Headers content-type Origin https://gas-one-bd.t.customer-care.staging.paygoenergy.io User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Sec-Fetch-Mode cors Response headers content-security-policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests x-dns-prefetch-control off expect-ct max-age=0 x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload x-download-options noopen x-content-type-options nosniff x-permitted-cross-domain-policies none referrer-policy no-referrer x-xss-protection 0 access-control-allow-origin https://gas-one-bd.t.customer-care.staging.paygoenergy.io vary Origin, Access-Control-Request-Headers access-control-allow-credentials true access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-headers content-type x-cloud-trace-context 85d0902bb0730b1195641747324a4311;o=1 date Thu, 02 Sep 2021 02:08:44 GMT content-type text/html server Google Frontend content-length 0
GET H2	403	platform.js apis.google.com/js/	0 0	458ms 458ms	Script text/html	2a00:1450:4001:808::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://apis.google.com/js/platform.js Requested by Host: gas-one-bd.t.customer-care.staging.paygoenergy.io URL: https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/js/main.b5072437.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers
GET H2	200	runtime-env Show response gas-one-bd.t.coresvc.staging.paygoenergy.io/customer-care/	1 KB 1 KB	95ms 73ms	Fetch application/json	2a00:1450:4001:831::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gas-one-bd.t.coresvc.staging.paygoenergy.io/customer-care/runtime-env Requested by Host: gas-one-bd.t.customer-care.staging.paygoenergy.io URL: https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/js/main.b5072437.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash 71d362437afba4163c81498158e28c15785bac6919c607a7afc7f807a1eaf83b Security Headers Name Value Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept application/json Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Content-Type application/json Response headers content-security-policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests content-encoding gzip x-content-type-options nosniff x-permitted-cross-domain-policies none x-dns-prefetch-control off vary Origin, Accept-Encoding content-length 568 x-xss-protection 0 referrer-policy no-referrer server Google Frontend x-frame-options SAMEORIGIN date Thu, 02 Sep 2021 02:08:45 GMT expect-ct max-age=0 strict-transport-security max-age=63072000; includeSubDomains; preload x-download-options noopen content-type application/json; charset=utf-8 access-control-allow-origin https://gas-one-bd.t.customer-care.staging.paygoenergy.io x-cloud-trace-context 09693ec73e40b0d14e93342c027bdd22 cache-control private access-control-allow-credentials true etag W/"443-rMWJbTdgB3dLrU2WWB9ch5fOUAA"
GET H2	200	roboto-latin-400-normal.4673b453.woff2 gas-one-bd.t.customer-care.staging.paygoenergy.io/static/media/	15 KB 15 KB	104ms 103ms	Font font/woff2	2a00:1450:4001:831::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/media/roboto-latin-400-normal.4673b453.woff2 Requested by Host: gas-one-bd.t.customer-care.staging.paygoenergy.io URL: https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/css/2.83769179.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca Security Headers Name Value Content-Security-Policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers :path /static/media/roboto-latin-400-normal.4673b453.woff2 pragma no-cache origin https://gas-one-bd.t.customer-care.staging.paygoenergy.io accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest font :authority gas-one-bd.t.customer-care.staging.paygoenergy.io :scheme https sec-fetch-site same-origin :method GET Origin https://gas-one-bd.t.customer-care.staging.paygoenergy.io Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers content-security-policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests x-content-type-options nosniff x-permitted-cross-domain-policies none x-dns-prefetch-control false date Thu, 02 Sep 2021 02:08:44 GMT x-xss-protection 0 referrer-policy no-referrer server Google Frontend x-frame-options SAMEORIGIN etag "dHZ1ug" expect-ct max-age=0 strict-transport-security max-age=63072000; includeSubDomains; preload x-download-options noopen content-type font/woff2 x-cloud-trace-context 17e46473f0d1ec3285ec7bd2cfe07231 cache-control public, max-age=600 expires Thu, 02 Sep 2021 02:18:44 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	48 KB 19 KB	6ms 5ms	Script text/javascript	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: gas-one-bd.t.customer-care.staging.paygoenergy.io URL: https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/js/2.82c9a1be.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 11 Aug 2021 00:32:57 GMT server Golfe2 age 2186 date Thu, 02 Sep 2021 01:32:19 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19747 expires Thu, 02 Sep 2021 03:32:19 GMT
GET H2	200	logo-menubar.66d6424d.svg gas-one-bd.t.customer-care.staging.paygoenergy.io/static/media/	4 KB 2 KB	71ms 71ms	Image image/svg+xml	2a00:1450:4001:831::2013 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/media/logo-menubar.66d6424d.svg Requested by Host: gas-one-bd.t.customer-care.staging.paygoenergy.io URL: https://gas-one-bd.t.customer-care.staging.paygoenergy.io/dashboard Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash 2559e117ed73f5a896869e68bc7ff35fa6174ab64e58d9c3a8f800c9ae245c8b Security Headers Name Value Content-Security-Policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers :path /static/media/logo-menubar.66d6424d.svg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority gas-one-bd.t.customer-care.staging.paygoenergy.io :scheme https sec-fetch-site same-origin :method GET Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers content-security-policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests content-encoding gzip x-content-type-options nosniff x-permitted-cross-domain-policies none x-dns-prefetch-control false date Thu, 02 Sep 2021 02:08:45 GMT x-xss-protection 0 referrer-policy no-referrer server Google Frontend x-frame-options SAMEORIGIN etag "dHZ1ug" expect-ct max-age=0 strict-transport-security max-age=63072000; includeSubDomains; preload x-download-options noopen content-type image/svg+xml x-cloud-trace-context 9f99d993a4722b33312763a59ebe78f5 cache-control public, max-age=600 expires Thu, 02 Sep 2021 02:18:45 GMT
OPTIONS H2	204	tenant-config gas-one-bd.t.coresvc.staging.paygoenergy.io/customer-care/	0 0	29ms 29ms	Preflight text/html	2a00:1450:4001:831::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gas-one-bd.t.coresvc.staging.paygoenergy.io/customer-care/tenant-config Protocol H2 Server 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Method GET Access-Control-Request-Headers content-type Origin https://gas-one-bd.t.customer-care.staging.paygoenergy.io User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Sec-Fetch-Mode cors Response headers content-security-policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests x-dns-prefetch-control off expect-ct max-age=0 x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload x-download-options noopen x-content-type-options nosniff x-permitted-cross-domain-policies none referrer-policy no-referrer x-xss-protection 0 access-control-allow-origin https://gas-one-bd.t.customer-care.staging.paygoenergy.io vary Origin, Access-Control-Request-Headers access-control-allow-credentials true access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-headers content-type x-cloud-trace-context 8f1cdeb12e18e72a6cc4313c02eed628 date Thu, 02 Sep 2021 02:08:45 GMT content-type text/html server Google Frontend content-length 0
GET H2	403	tenant-config Show response gas-one-bd.t.coresvc.staging.paygoenergy.io/customer-care/	9 B 158 B	33ms 33ms	Fetch text/plain	2a00:1450:4001:831::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gas-one-bd.t.coresvc.staging.paygoenergy.io/customer-care/tenant-config Requested by Host: gas-one-bd.t.customer-care.staging.paygoenergy.io URL: https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/js/main.b5072437.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash 78342a0905a72ce44da083dcb5d23b8ea0c16992ba2a82eece97e033d76ba3d3 Security Headers Name Value Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept application/json Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Content-Type application/json Response headers content-security-policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests x-content-type-options nosniff x-permitted-cross-domain-policies none x-dns-prefetch-control off vary Origin, Accept-Encoding content-length 9 x-xss-protection 0 referrer-policy no-referrer server Google Frontend x-frame-options SAMEORIGIN date Thu, 02 Sep 2021 02:08:45 GMT expect-ct max-age=0 strict-transport-security max-age=63072000; includeSubDomains; preload x-download-options noopen content-type text/plain; charset=utf-8 access-control-allow-origin https://gas-one-bd.t.customer-care.staging.paygoenergy.io x-cloud-trace-context a833bc0cdc1a7be17e53ea4ec28ad015 access-control-allow-credentials true etag W/"9-PatfYBLj4Um1qTm5zrukoLhNyPU"
GET H2	200	roboto-latin-500-normal.86988841.woff2 gas-one-bd.t.customer-care.staging.paygoenergy.io/static/media/	16 KB 16 KB	96ms 96ms	Font font/woff2	2a00:1450:4001:831::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/media/roboto-latin-500-normal.86988841.woff2 Requested by Host: gas-one-bd.t.customer-care.staging.paygoenergy.io URL: https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/css/2.83769179.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f Security Headers Name Value Content-Security-Policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers :path /static/media/roboto-latin-500-normal.86988841.woff2 pragma no-cache origin https://gas-one-bd.t.customer-care.staging.paygoenergy.io accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest font :authority gas-one-bd.t.customer-care.staging.paygoenergy.io :scheme https sec-fetch-site same-origin :method GET Origin https://gas-one-bd.t.customer-care.staging.paygoenergy.io Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers content-security-policy default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests x-content-type-options nosniff x-permitted-cross-domain-policies none x-dns-prefetch-control false date Thu, 02 Sep 2021 02:08:45 GMT x-xss-protection 0 referrer-policy no-referrer server Google Frontend x-frame-options SAMEORIGIN etag "dHZ1ug" expect-ct max-age=0 strict-transport-security max-age=63072000; includeSubDomains; preload x-download-options noopen content-type font/woff2 x-cloud-trace-context 9f99d993a4722b33312763a59ebe78f5 cache-control public, max-age=600 expires Thu, 02 Sep 2021 02:18:45 GMT

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| webpackJsonppaygo-customer-care undefined| regeneratorRuntime number| 2f1acc6c3a606b082e5eef5e54414ffb string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/js/2.82c9a1be.chunk.js(Line 2) Message: [react-ga] gaTrackingID is required in initialize()
console-api	error	URL: https://gas-one-bd.t.customer-care.staging.paygoenergy.io/static/js/2.82c9a1be.chunk.js(Line 2) Message: TypeError: [undefined] Failed to load config from server: Cannot read property 'clear' of null

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self';connect-src coresvc.staging.paygoenergy.io *.t.coresvc.staging.paygoenergy.io;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src accounts.google.com;img-src 'self' data: *.googleusercontent.com;object-src 'none';script-src 'self' www.google-analytics.com apis.google.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apis.google.com
fonts.googleapis.com
gas-one-bd.t.coresvc.staging.paygoenergy.io
gas-one-bd.t.customer-care.staging.paygoenergy.io
www.google-analytics.com
2a00:1450:4001:808::200e
2a00:1450:4001:80e::200e
2a00:1450:4001:828::200a
2a00:1450:4001:831::2013
252bdeb3dd1cce26e9e078606809435cf06577b1611e6495bab3eb6ac470c29c
2559e117ed73f5a896869e68bc7ff35fa6174ab64e58d9c3a8f800c9ae245c8b
71d362437afba4163c81498158e28c15785bac6919c607a7afc7f807a1eaf83b
78342a0905a72ce44da083dcb5d23b8ea0c16992ba2a82eece97e033d76ba3d3
80b252c5e024e15162180f33565a89511dd7f94e7f3716d55fda1a0a751bd082
8d4b6d6439419f572adcfc062b890d4501f223cc42612499e19f756f67394b8a
b85634fb6e0c68611540e327235d7c0ff1e988870651e28b0cc539b481ab0cc9
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
c20a53ceb029d9d38c99a17e39232823b9a864821a394e00974e9d9cbfce5685
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
e2c6351b543009113dcef0dae0456aeceafbd7aabab10d1c7ebb5877f2eb2461
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62