security.investipal.co Open in urlscan Pro
2606:4700::6812:1baf Public Scan

Go To Rescan
Add Verdict Report

URL:
https://security.investipal.co/
Submission: On July 26 via automatic, source certstream-suspicious (July 26th 2024, 8:42:14 pm UTC) — Scanned from DE

Summary HTTP 28 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 28 HTTP transactions. The main IP is 2606:4700::6812:1baf, located in United States and belongs to CLOUDFLARENET, US. The main domain is security.investipal.co.
TLS certificate: Issued by E5 on July 26th 2024. Valid for: 3 months.

This is the only time security.investipal.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	2606:4700::68... 2606:4700::6812:1baf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2606:4700::68... 2606:4700::6812:aeb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
28	5

11 2606:4700::6812:1baf (United States)

ASN13335 (CLOUDFLARENET, US)

security.investipal.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6812:aeb (United States)

ASN13335 (CLOUDFLARENET, US)

static.vanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	vanta.com static.vanta.com — Cisco Umbrella Rank: 940764	4 MB
11	investipal.co security.investipal.co	43 KB
3	gstatic.com fonts.gstatic.com	119 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	1 KB
0	cloudflareinsights.com Failed static.cloudflareinsights.com Failed
0	browser-intake-datadoghq.com Failed csp-report.browser-intake-datadoghq.com Failed
28	6

	Domain	Requested by
11	static.vanta.com	security.investipal.co static.vanta.com
11	security.investipal.co	static.vanta.com
3	fonts.gstatic.com	security.investipal.co fonts.googleapis.com
1	fonts.googleapis.com	security.investipal.co
0	static.cloudflareinsights.com Failed	security.investipal.co
0	csp-report.browser-intake-datadoghq.com Failed	security.investipal.co
28	6

This site contains links to these domains. Also see Links.

Domain
www.investipal.co
www.vanta.com

Subject Issuer	Validity	Valid
security.investipal.co E5	`2024-07-26` - `2024-10-24`	3 months	crt.sh
static.vanta.com E5	`2024-07-06` - `2024-10-04`	3 months	crt.sh
*.gstatic.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://security.investipal.co/
Frame ID: BAA64219D0C94CC0B10751C5C1B59D6F
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Trust Center - Investipal

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

28
Requests

93 %
HTTPS

100 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

4379 kB
Transfer

13407 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.investipal.co/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.vanta.com/products/trust-center?utm_campaign=&utm_source=trust-center&utm_medium=product

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
security.investipal.co/ 2 KB
3 KB 402ms
262ms Document
text/html 2606:4700::6812:1baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.investipal.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b8e632c88019ddc98dd6e37180f91902fc5c510fa4707b4a42c2db19ab21fa3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8a9736f16b402c3f-FRA
content-encoding: gzip
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
content-type: text/html; charset=utf-8
date: Fri, 26 Jul 2024 20:42:09 GMT
link: <https://fonts.googleapis.com>; rel="preconnect"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EQrswVXdiEXZGy86pRjdaXVP%2FcEEGpiFWnc8eEZJhTBFNq4ohTJHeL3OGRNqh3yLZGeWSPSbEHo2xK73CfTHlUqDQetN1%2BxIRXyIScNNBYqufwaiMECEDDnpFxo8m4sbZhkzDdlUAZPm451igHTr"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 index.e288f31a.css
static.vanta.com/static/ 330 KB
42 KB 239ms
116ms Stylesheet
text/css 2606:4700::6812:aeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index.e288f31a.css

Requested by

Host: security.investipal.co
URL: https://security.investipal.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aeb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f288887024be66934f9f2d2889da1778d0e2736580c2feaa818ce106fff315fa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://security.investipal.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Jul 2024 20:42:09 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"99cc9fcacb1b745115858f252c412a06"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mI0FYKIjmcrrbnHpCDqkbzpBOsitTuwObzlYcRKXKeRP8syuYmc090NqEHfVzfty1EOZGxBIgDO4HO0a6A6MnnlcIxJSNj6BuMfVFeSRy2TW2HZfk9ChLaldQumVqVwZhiWJB4lN9TIV%2BSm5KZbH"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cf-ray: 8a9736f3dee21e4e-FRA

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2
fonts.gstatic.com/s/inter/v13/ 45 KB
46 KB 180ms
88ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2

Requested by

Host: security.investipal.co
URL: https://security.investipal.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3bcf04ca301e44f13f404c8a04aa4ae707f67a950e12ef30c238f96e784266a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://security.investipal.co/
Origin: https://security.investipal.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 23 Jul 2024 15:01:50 GMT
x-content-type-options: nosniff
age: 279619
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46552
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:46:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Jul 2025 15:01:50 GMT

GET
H2 200 L0x8DFMnlVwD4h3hu_qnZypEiw.woff2
fonts.gstatic.com/s/domine/v20/ 27 KB
28 KB 136ms
44ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/domine/v20/L0x8DFMnlVwD4h3hu_qnZypEiw.woff2

Requested by

Host: security.investipal.co
URL: https://security.investipal.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f5e0b9e325758a96240d38bcd1eee56916eada73cb6aa63b6d4f21ad93dc55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://security.investipal.co/
Origin: https://security.investipal.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 23 Jul 2024 14:49:01 GMT
x-content-type-options: nosniff
age: 280388
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28108
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:06:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Jul 2025 14:49:01 GMT

GET
H2 200 css2
fonts.googleapis.com/ 13 KB
1 KB 143ms
51ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Domine:wght@400;600&family=Inter:wght@300;400;500;600;700&display=swap

Requested by

Host: security.investipal.co
URL: https://security.investipal.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

210276eebb083399ebc3333e6cddff185da4bd1612034dc0da9a122bce8c8217

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://security.investipal.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 26 Jul 2024 20:42:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 26 Jul 2024 20:42:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 26 Jul 2024 20:42:09 GMT

GET
H2 200 index.da1cff87.css
static.vanta.com/static/ 156 KB
36 KB 240ms
118ms Stylesheet
text/css 2606:4700::6812:aeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index.da1cff87.css

Requested by

Host: security.investipal.co
URL: https://security.investipal.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aeb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1632feb4f44c3db227e170823e0e0820a4a8bc1fcc4294b0d6cde1bbcf276a6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://security.investipal.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Jul 2024 20:42:09 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"b7607aa9e61cc8fe8eb5800c4572886c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h1f6L7ty6Njsrivclg43mxi%2FNBA8prj4rtdyiuEkE%2F2VwnzyziLmqLn9TLbPSYHolt%2FHHIaeWvvkK2QZnBF5dRTGUJsMd%2F2pEpojzG8sI6rd45YWxFSdzou4qTnc37mcLlU9WEC95rOGCwl2Ezex"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cf-ray: 8a9736f3def31e4e-FRA

GET
H2 200 index.35ccda93.css
static.vanta.com/static/ 573 B
664 B 233ms
111ms Stylesheet
text/css 2606:4700::6812:aeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index.35ccda93.css

Requested by

Host: security.investipal.co
URL: https://security.investipal.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aeb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

985b6eb75df5bc1ff881a298e757545b990cea861fa8322ed83cf5de48890e9f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://security.investipal.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Jul 2024 20:42:09 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"7c68e0a85ed912a483a9a879dc76ac3d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aKQwpdCCmQ3MoENhsmeTYP2gWqm8IlyassufTN7wpWaFiI1mkbqFOeVpEGvICSd4VUDCiNw%2BmQuBBtNbTehymYGkCtfBDCkkenn37kZnyQhZR5NPPMekJYbkVy7gJeJmn5BSFlorb%2BAR23HOkW%2FV"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cf-ray: 8a9736f3def01e4e-FRA

GET
H2 200 index.f38440db.css
static.vanta.com/static/ 581 B
2 KB 230ms
109ms Stylesheet
text/css 2606:4700::6812:aeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index.f38440db.css

Requested by

Host: security.investipal.co
URL: https://security.investipal.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aeb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a30a1fd9a0a63b31c289e931a2c67a59b1b04de5a9b271733db7e1e8a341a0be

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://security.investipal.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Jul 2024 20:42:09 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"bdf1032f4c4f0e7f547acb316574492e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JYXfxsZgBRrsYOq%2FT00f0u7ebTkmRl2C8tELY1qwVSUKXutp%2FOcuZoHUyJSADhR6oKroS6AzSNWe3hssa2YwDKvBEUIIwFOArA75MSewQJtshKOIrBut%2FcpRAZ5vCuJiXWskxOKGh1uoqEYs1Y2H"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cf-ray: 8a9736f3dee81e4e-FRA

GET
H2 200 index-trust-report.d5af94f0.css
static.vanta.com/static/ 263 B
526 B 245ms
123ms Stylesheet
text/css 2606:4700::6812:aeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index-trust-report.d5af94f0.css

Requested by

Host: security.investipal.co
URL: https://security.investipal.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aeb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2a7ebcdcb7bb18151c6f4348fea4c089d57b79a24ef9f0353a49d49d4803e9a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://security.investipal.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Jul 2024 20:42:09 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"c2fdb9b23430bd05b923837760605e58"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K7s00idcw9j5NeAswo%2FfRsBfWLnKCNUFZhMgMZV91f7yvy%2BBcWz5IS9KTOlfxctvEd4NP8Jd4EfUOIXCzBjmMeh9ebISFvwpRhTwuNyOs%2BjaNjUuWrxr%2FECChDqyk8dXABG5Kv2ZmybY%2Bt0pxW8c"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cf-ray: 8a9736f3deed1e4e-FRA

GET
H2 200 entry-trust-report.js Show response
static.vanta.com/static/ 548 B
2 KB 94ms
94ms Script
application/javascript 2606:4700::6812:aeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/entry-trust-report.js

Requested by

Host: security.investipal.co
URL: https://security.investipal.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aeb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6045f743888f910f292496bc98a7914fa3c1027f954e8ce064e67b223275296

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://security.investipal.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Jul 2024 20:42:10 GMT
strict-transport-security: max-age=15552000
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
server: cloudflare
etag: W/"92218398b775ad45c879dccc7fbb4c2f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AkwG%2FgK%2FnJe5m53Hnq7BLWbKNB7l4kI4ln6w2v3aSrY5UKM6YkoAyV5dRq0xxTqiHOzTJDV01I0rH0VSWgQzQoleUc026BsBBCxlj83VCXhibW5AdQC%2FYYULgNWouL6DSEJxdLeixlFytIdFyfRS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cf-ray: 8a9736f4d83e1e4e-FRA

POST logs
csp-report.browser-intake-datadoghq.com/api/v2/ 0
0

GET beacon.min.js
static.cloudflareinsights.com/ 0
0

GET
H2 200 index.b54d2149.js
static.vanta.com/static/ 12 MB
3 MB 173ms
173ms Script
application/javascript 2606:4700::6812:aeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index.b54d2149.js

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/entry-trust-report.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aeb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://security.investipal.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Jul 2024 20:42:10 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"1291a9f39750010d3590e572fdf37491"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aW8Uey3jyWbby%2BeAD1YTh6q5U%2F9rhjZEKE03qSsO2g6bm0W9i2tIe758rwPwtwCGNg9x9SkYR%2FqXxKAOcmMJaaTpoKI3eA6N6FMPcuUeogMBX%2FzsAq9tLbwnxwrBdEK63cvBERfZa2muSSVhKC6t"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cf-ray: 8a9736f579231e4e-FRA

GET
H2 200 index.runtime.c5279e06.js Show response
static.vanta.com/static/ 5 KB
3 KB 95ms
95ms Script
application/javascript 2606:4700::6812:aeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index.runtime.c5279e06.js

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/entry-trust-report.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aeb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcd75826588c50d7862c4fcb8b07d810dd954cd0eaa1ca30df0de7339e454974

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://security.investipal.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Jul 2024 20:42:10 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"af28a7cff353d5ed6b341d71a7fe154e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VLlMZVr%2Blg1HNV30FqnvgXPZF5XWulPKw0GP649TOmihoSoZNCHI7xjbyThR2kH73Ps5hR7c6sMwzOK5GMGYZCHSL3HVTMfMGkN4l%2BHOhYvl0RD3FCr%2F4oOtS0%2B7RuMnVAft0j4S%2BkkUNzCSz%2FpL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cf-ray: 8a9736f579251e4e-FRA

GET
H2 200 index-trust-report.82b90091.js Show response
static.vanta.com/static/ 4 KB
2 KB 87ms
87ms Script
application/javascript 2606:4700::6812:aeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/index-trust-report.82b90091.js

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/entry-trust-report.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aeb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70b383eb6b2eae974d557f381c6adb35411c6e25a21f2a3e78b3d6c337e93a02

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://security.investipal.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Jul 2024 20:42:10 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"f01bb26aaeaf1e89848348a6d3e0af14"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uydwrrLDOHYmuYPqOTS88VeUUFLvEcEzXjt1X3lMj7m6%2FqbSLmFlHOnHQgqlFR60qw71n%2Bgv7rJHoceCv84poAaZ41Bpw303ej5h7oRictk4610dcVo1KY1QfSj3QZyv5jt%2FZKZHKUcIZBd7Kv4G"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cf-ray: 8a9736f579281e4e-FRA

POST
H2 200 graphql Show response
security.investipal.co/ 164 B
282 B 561ms
559ms Fetch
application/json 2606:4700::6812:1baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.investipal.co/graphql?operation=linkedTrustCenters

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.b54d2149.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51ff7dfae56fb59fb4c4a30dd3faf167da05acaa006130125c92a06185da3759

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

apollographql-client-name: web-client
x-csrf-token: this_csrf_header_is_constant
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
accept: */*
Referer: https://security.investipal.co/
apollographql-client-version: 987e16
graphql-schema-version: 987e16

Response headers

date: Fri, 26 Jul 2024 20:42:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-dns-prefetch-control: off
uuid: 88c1e630-4b8f-11ef-b0a8-b35c1f85c416
x-xss-protection: 0
referrer-policy: same-origin
server: cloudflare
etag: W/"a4-SsH30UPYf7bw4ZWB0Rkih4nRuTo"
expect-ct: max-age=0
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://security.investipal.co
x-download-options: noopen
cache-control: no-store
access-control-allow-credentials: true
cf-ray: 8a9736fdca3b2c3f-FRA
x-robots-tag: noindex

POST
H2 200 graphql Show response
security.investipal.co/ 400 B
636 B 494ms
492ms Fetch
application/json 2606:4700::6812:1baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.investipal.co/graphql?operation=fetchReportContext

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.b54d2149.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b81ae98c4a97929493e024efac7f0ccaa36cf2f0324fcc0ff41344812e3ccc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

apollographql-client-name: web-client
x-csrf-token: this_csrf_header_is_constant
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
accept: */*
Referer: https://security.investipal.co/
apollographql-client-version: 987e16
graphql-schema-version: 987e16

Response headers

date: Fri, 26 Jul 2024 20:42:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-dns-prefetch-control: off
uuid: 88c2a980-4b8f-11ef-aa92-a14b689e6222
x-xss-protection: 0
referrer-policy: same-origin
server: cloudflare
etag: W/"190-PUSgjJpq5fBY01JI3QLSIDeM8sg"
expect-ct: max-age=0
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://security.investipal.co
x-download-options: noopen
cache-control: no-store
access-control-allow-credentials: true
cf-ray: 8a9736fdca3d2c3f-FRA
x-robots-tag: noindex

GET
H2 200 favicon.ico
security.investipal.co/ 539 B
626 B 126ms
126ms Other
image/png 2606:4700::6812:1baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.investipal.co/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1383394421c35c3a7f0facaa36fc06daee11ec9ed6ee82f56226c720e6b20fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://security.investipal.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Jul 2024 20:42:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: cloudflare
cf-ray: 8a9736fe6af42c3f-FRA
content-length: 539
vary: Accept-Encoding
content-type: image/png

POST
H2 200 graphql Show response
security.investipal.co/ 2 KB
924 B 853ms
852ms Fetch
application/json 2606:4700::6812:1baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.investipal.co/graphql?operation=fetchDataForTrustReport

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.b54d2149.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8268489091850252081befe64f7d6dab72f1e7345af29c9bf5ce4affff4406e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

apollographql-client-name: web-client
x-csrf-token: this_csrf_header_is_constant
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
accept: */*
Referer: https://security.investipal.co/
apollographql-client-version: 987e16
graphql-schema-version: 987e16

Response headers

date: Fri, 26 Jul 2024 20:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
uuid: 890e0a60-4b8f-11ef-a198-8f8d2d20cf7b
x-xss-protection: 0
referrer-policy: same-origin
server: cloudflare
etag: W/"8df-ZyxTmNwskyh7macFXvYnOm/GlpI"
expect-ct: max-age=0
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://security.investipal.co
x-download-options: noopen
cache-control: no-store
access-control-allow-credentials: true
cf-ray: 8a973700fddb2c3f-FRA
x-robots-tag: noindex

POST
H2 200 graphql Show response
security.investipal.co/ 100 B
218 B 476ms
474ms Fetch
application/json 2606:4700::6812:1baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.investipal.co/graphql?operation=fetchCustomizableControlsDataForExternalTrustCenter

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.b54d2149.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f248ce1206daaf68b21082d50c064ad83f4eac68a22e5b4d331449ca35f4e392

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

apollographql-client-name: web-client
x-csrf-token: this_csrf_header_is_constant
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
accept: */*
Referer: https://security.investipal.co/
apollographql-client-version: 987e16
graphql-schema-version: 987e16

Response headers

date: Fri, 26 Jul 2024 20:42:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-dns-prefetch-control: off
uuid: 890fb810-4b8f-11ef-949a-077054d43c0a
x-xss-protection: 0
referrer-policy: same-origin
server: cloudflare
etag: W/"64-pCNUOD6DZiPor9gRPcTPDcQA2zU"
expect-ct: max-age=0
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://security.investipal.co
x-download-options: noopen
cache-control: private, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 8a973700fde12c3f-FRA
x-robots-tag: noindex

POST
H2 200 graphql Show response
security.investipal.co/ 100 B
301 B 465ms
463ms Fetch
application/json 2606:4700::6812:1baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.investipal.co/graphql?operation=recordTrustCenterVisit

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.b54d2149.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f248ce1206daaf68b21082d50c064ad83f4eac68a22e5b4d331449ca35f4e392

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

apollographql-client-name: web-client
x-csrf-token: this_csrf_header_is_constant
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
accept: */*
Referer: https://security.investipal.co/
apollographql-client-version: 987e16
graphql-schema-version: 987e16

Response headers

date: Fri, 26 Jul 2024 20:42:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-dns-prefetch-control: off
uuid: 890e3170-4b8f-11ef-98bc-cbaf032effb0
x-xss-protection: 0
referrer-policy: same-origin
server: cloudflare
etag: W/"64-pCNUOD6DZiPor9gRPcTPDcQA2zU"
expect-ct: max-age=0
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://security.investipal.co
x-download-options: noopen
cache-control: private, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 8a973700fde22c3f-FRA
x-robots-tag: noindex

POST
H2 200 graphql Show response
security.investipal.co/ 113 B
268 B 472ms
471ms Fetch
application/json 2606:4700::6812:1baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.investipal.co/graphql?operation=recordTrustCenterPageView

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.b54d2149.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

541a4e56b111003d0772cdcb52ac0c3b979aa567c3737dd7c8b93d9648706f04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

apollographql-client-name: web-client
x-csrf-token: this_csrf_header_is_constant
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
accept: */*
Referer: https://security.investipal.co/
apollographql-client-version: 987e16
graphql-schema-version: 987e16

Response headers

date: Fri, 26 Jul 2024 20:42:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-dns-prefetch-control: off
uuid: 890de350-4b8f-11ef-8769-8702170a77cc
x-xss-protection: 0
referrer-policy: same-origin
server: cloudflare
etag: W/"71-JO8Vd1gesA23+DL+ysFVl1uOrww"
expect-ct: max-age=0
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://security.investipal.co
x-download-options: noopen
cache-control: no-store
access-control-allow-credentials: true
cf-ray: 8a973700fde42c3f-FRA
x-robots-tag: noindex

POST
H2 200 graphql Show response
security.investipal.co/ 107 B
225 B 470ms
469ms Fetch
application/json 2606:4700::6812:1baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.investipal.co/graphql?operation=recordTrustCenterVisit

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.b54d2149.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3859596ce2f7015d24c0775ddc01140eb6fd83a36f6e7b16ea26ee7b78144991

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

apollographql-client-name: web-client
x-csrf-token: this_csrf_header_is_constant
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
accept: */*
Referer: https://security.investipal.co/
apollographql-client-version: 987e16
graphql-schema-version: 987e16

Response headers

date: Fri, 26 Jul 2024 20:42:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-dns-prefetch-control: off
uuid: 8954d760-4b8f-11ef-942b-cd6d77743d4b
x-xss-protection: 0
referrer-policy: same-origin
server: cloudflare
etag: W/"6b-tJCMb+yjHcVOi/+AlzKgUx7w2n0"
expect-ct: max-age=0
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://security.investipal.co
x-download-options: noopen
cache-control: no-store
access-control-allow-credentials: true
cf-ray: 8a973703d9e22c3f-FRA
x-robots-tag: noindex

POST
H2 200 graphql Show response
security.investipal.co/ 23 KB
5 KB 874ms
873ms Fetch
application/json 2606:4700::6812:1baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.investipal.co/graphql?operation=fetchCustomizableControlsDataForExternalTrustCenter

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.b54d2149.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba4dac50ad95d6f20a82867c619ae20029b43ddc81ddee90c6b37e591b545923

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

apollographql-client-name: web-client
x-csrf-token: this_csrf_header_is_constant
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
accept: */*
Referer: https://security.investipal.co/
apollographql-client-version: 987e16
graphql-schema-version: 987e16

Response headers

date: Fri, 26 Jul 2024 20:42:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
uuid: 892bcb90-4b8f-11ef-949a-077054d43c0a
x-xss-protection: 0
referrer-policy: same-origin
server: cloudflare
etag: W/"5a81-uRvj7SQ9faVafkEFszYN+cqpWns"
expect-ct: max-age=0
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://security.investipal.co
x-download-options: noopen
cache-control: no-store
access-control-allow-credentials: true
cf-ray: 8a973703fa092c3f-FRA
x-robots-tag: noindex

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 46 KB
46 KB 45ms
43ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Domine:wght@400;600&family=Inter:wght@300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://security.investipal.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 23 Jul 2024 09:37:43 GMT
x-content-type-options: nosniff
age: 299069
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46704
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Jul 2025 09:37:43 GMT

GET
H2 200 fa-regular-400.402a2c8b.woff2
static.vanta.com/static/ 411 KB
413 KB 202ms
112ms Font
font/woff2 2606:4700::6812:aeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/fa-regular-400.402a2c8b.woff2

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.f38440db.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aeb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

288604e041d1497968d0f448ae8ad6019d3ee15ab8201fb4c585479490f39692

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.vanta.com/static/index.f38440db.css
Origin: https://security.investipal.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Jul 2024 20:42:13 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
content-length: 421248
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "192113225ec232ccf0d7e6311be6a7c6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I2fMA26aRcxJuchZ%2Fg6ZPDuLX%2Bm3GwDt8Ku5r9pCpc%2Fa4sVdwRTwqrU4sYFOMzTLQSV6nY59LlFQlTmvlTyIxea8LTDGOEQDf4eLRT2NhoDNEMLmfiiEumfFPfoaW9rHYcETGwo0bIhoUwwaeTnc"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cf-ray: 8a9737073d515d3d-FRA

GET
H2 200 fa-solid-900.a6efde67.woff2
static.vanta.com/static/ 342 KB
343 KB 248ms
158ms Font
font/woff2 2606:4700::6812:aeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.vanta.com/static/fa-solid-900.a6efde67.woff2

Requested by

Host: static.vanta.com
URL: https://static.vanta.com/static/index.35ccda93.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aeb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c1249ac344ac2ba5266d08460e9a083aecca1b96b592eafc4a7b4c754e2e928

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.vanta.com/static/index.35ccda93.css
Origin: https://security.investipal.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Jul 2024 20:42:13 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
content-security-policy: default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
content-length: 350540
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "857a838d44ac6405de29aa829f40ad57"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NyNrBVdS%2FvkTRIxH3klD6gKfKrVP6t00NV9MO48%2BLWjbdNulBXYGjqJpQBtUOoVDCIlZcrtpnanCv%2F1ausVVJzGg3sma7HjLR6Kdq8wDUFvfX2PBWQoRNG1yBW8gHb9h6JfcHnbRTq8%2BfmJ5PB7z"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cf-ray: 8a9737074d545d3d-FRA

GET
H2 200 doc
security.investipal.co/ 30 KB
31 KB 675ms
673ms Image
image/png 2606:4700::6812:1baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://security.investipal.co/doc?s=9zxd4rka853caladx8jw80

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b240736d1d4897b06816b4f5c6e4a0c3445beeb75f017851db5a70b166245f63

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://security.investipal.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Jul 2024 20:42:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self'
x-dns-prefetch-control: off
content-disposition: filename=27-1024x400.png
uuid: 899effc0-4b8f-11ef-82bc-35eed1b88742
x-xss-protection: 0
referrer-policy: same-origin
server: cloudflare
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: https://security.investipal.co
x-download-options: noopen
cf-ray: 8a973706adc82c3f-FRA
x-robots-tag: noindex

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: csp-report.browser-intake-datadoghq.com
URL: https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined

Domain: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://security.investipal.co/ Message: Refused to load the script 'https://static.cloudflareinsights.com/beacon.min.js' because it violates the following Content Security Policy directive: "script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:". Note that 'strict-dynamic' is present, so host-based allowlisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' vanta.com .vanta.com;font-src 'self' data: fast.fonts.net vanta.com .vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net https://d1rgrqddsml65q.cloudfront.net;media-src 'self' vanta.com .vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data:;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com .vanta.com 'self' .oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com www.youtube-nocookie.com www.youtube.com player.vimeo.com www.loom.com https://js.stripe.com https://decagon.ai https://apply.vouch.us https://uat-apply.vouch-stg.us https://auth.vouch-stg.us/ https://auth.vouch.us/ https://uat-quote.vouch-stg.us/ https://quote.vouch.us/;img-src 'self' blob: data: ;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

csp-report.browser-intake-datadoghq.com
fonts.googleapis.com
fonts.gstatic.com
security.investipal.co
static.cloudflareinsights.com
static.vanta.com
csp-report.browser-intake-datadoghq.com
static.cloudflareinsights.com
2606:4700::6812:1baf
2606:4700::6812:aeb
2a00:1450:4001:806::200a
2a00:1450:4001:81c::2003
210276eebb083399ebc3333e6cddff185da4bd1612034dc0da9a122bce8c8217
288604e041d1497968d0f448ae8ad6019d3ee15ab8201fb4c585479490f39692
3859596ce2f7015d24c0775ddc01140eb6fd83a36f6e7b16ea26ee7b78144991
3bcf04ca301e44f13f404c8a04aa4ae707f67a950e12ef30c238f96e784266a1
4b81ae98c4a97929493e024efac7f0ccaa36cf2f0324fcc0ff41344812e3ccc9
51ff7dfae56fb59fb4c4a30dd3faf167da05acaa006130125c92a06185da3759
541a4e56b111003d0772cdcb52ac0c3b979aa567c3737dd7c8b93d9648706f04
6b8e632c88019ddc98dd6e37180f91902fc5c510fa4707b4a42c2db19ab21fa3
70b383eb6b2eae974d557f381c6adb35411c6e25a21f2a3e78b3d6c337e93a02
8268489091850252081befe64f7d6dab72f1e7345af29c9bf5ce4affff4406e8
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
985b6eb75df5bc1ff881a298e757545b990cea861fa8322ed83cf5de48890e9f
9c1249ac344ac2ba5266d08460e9a083aecca1b96b592eafc4a7b4c754e2e928
a1383394421c35c3a7f0facaa36fc06daee11ec9ed6ee82f56226c720e6b20fa
a30a1fd9a0a63b31c289e931a2c67a59b1b04de5a9b271733db7e1e8a341a0be
a6045f743888f910f292496bc98a7914fa3c1027f954e8ce064e67b223275296
b240736d1d4897b06816b4f5c6e4a0c3445beeb75f017851db5a70b166245f63
ba4dac50ad95d6f20a82867c619ae20029b43ddc81ddee90c6b37e591b545923
bcd75826588c50d7862c4fcb8b07d810dd954cd0eaa1ca30df0de7339e454974
d1632feb4f44c3db227e170823e0e0820a4a8bc1fcc4294b0d6cde1bbcf276a6
e2a7ebcdcb7bb18151c6f4348fea4c089d57b79a24ef9f0353a49d49d4803e9a
e2f5e0b9e325758a96240d38bcd1eee56916eada73cb6aa63b6d4f21ad93dc55
f248ce1206daaf68b21082d50c064ad83f4eac68a22e5b4d331449ca35f4e392
f288887024be66934f9f2d2889da1778d0e2736580c2feaa818ce106fff315fa

security.investipal.co Open in urlscan Pro 2606:4700::6812:1baf Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

28 Requests

93 %HTTPS

100 %IPv6

6 Domains

6 Subdomains

5 IPs

2 Countries

4379 kBTransfer

13407 kBSize

0 Cookies

2 Outgoing links

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

security.investipal.co Open in urlscan Pro
2606:4700::6812:1baf Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

93 %
HTTPS

100 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

4379 kB
Transfer

13407 kB
Size

0
Cookies

28 HTTP transactions
0 data transactions