app.shine.fr Open in urlscan Pro
35.190.91.146 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://app.shine.fr/
Effective URL:
https://app.shine.fr/
Submission: On June 02 via api (June 2nd 2024, 12:42:46 am UTC) from NL — Scanned from FR

Summary HTTP 44 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 16 IPs in 2 countries across 7 domains to perform 44 HTTP transactions. The main IP is 35.190.91.146, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is app.shine.fr.
TLS certificate: Issued by GTS CA 1D4 on April 20th 2024. Valid for: 3 months.

This is the only time app.shine.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	35.190.91.146 35.190.91.146	15169 (GOOGLE) (GOOGLE)
1	34.120.195.249 34.120.195.249	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	34.117.112.165 34.117.112.165	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2600:9000:225... 2600:9000:225b:1800:5:b7cc:d3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	18.173.187.127 18.173.187.127	16509 (AMAZON-02) (AMAZON-02)
2	151.101.0.176 151.101.0.176	54113 (FASTLY) (FASTLY)
2	18.173.187.50 18.173.187.50	16509 (AMAZON-02) (AMAZON-02)
1	18.66.192.42 18.66.192.42	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:225... 2600:9000:225b:a200:d:2044:5c40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a05:d014:58f... 2a05:d014:58f:6200::64	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	54.230.228.89 54.230.228.89	16509 (AMAZON-02) (AMAZON-02)
3	18.173.187.121 18.173.187.121	16509 (AMAZON-02) (AMAZON-02)
1	54.225.73.111 54.225.73.111	14618 (AMAZON-AES) (AMAZON-AES)
44	16

19 35.190.91.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.91.190.35.bc.googleusercontent.com

app.shine.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o1089553.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.117.112.165 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 165.112.117.34.bc.googleusercontent.com

api.shine.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:225b:1800:5:b7cc:d3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

sdk.privacy-center.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

firebaseinstallations.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.187.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-127.muc50.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.0.176 (San Francisco, United States)

ASN54113 (FASTLY, US)

connect-js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.173.187.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-50.muc50.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.192.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-42.muc50.r.cloudfront.net

sdk.privacy-center.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:225b:a200:d:2044:5c40:93a1 (United States)

ASN16509 (AMAZON-02, US)

api.privacy-center.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d014:58f:6200::64 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

www.shine.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

firebaseremoteconfig.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.228.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-89.muc50.r.cloudfront.net

widget.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.173.187.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-121.muc50.r.cloudfront.net

js.intercomcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.225.73.111 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-225-73-111.compute-1.amazonaws.com

api-iam.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	shine.fr app.shine.fr api.shine.fr www.shine.fr	3 MB
7	privacy-center.org sdk.privacy-center.org — Cisco Umbrella Rank: 4501 api.privacy-center.org — Cisco Umbrella Rank: 10646	150 KB
5	stripe.com js.stripe.com — Cisco Umbrella Rank: 1088 connect-js.stripe.com — Cisco Umbrella Rank: 148886	1 MB
4	googleapis.com firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 566 firebaseremoteconfig.googleapis.com — Cisco Umbrella Rank: 492	2 KB
3	intercomcdn.com js.intercomcdn.com — Cisco Umbrella Rank: 2114	301 KB
2	intercom.io widget.intercom.io — Cisco Umbrella Rank: 1597 api-iam.intercom.io — Cisco Umbrella Rank: 2092	6 KB
1	sentry.io o1089553.ingest.sentry.io	308 B
44	7

	Domain	Requested by
19	app.shine.fr	app.shine.fr
4	api.privacy-center.org	app.shine.fr
3	js.intercomcdn.com	widget.intercom.io js.intercomcdn.com
3	js.stripe.com	app.shine.fr js.stripe.com
3	sdk.privacy-center.org	app.shine.fr sdk.privacy-center.org
2	firebaseremoteconfig.googleapis.com	app.shine.fr
2	connect-js.stripe.com	app.shine.fr connect-js.stripe.com
2	firebaseinstallations.googleapis.com	app.shine.fr
2	api.shine.fr	app.shine.fr
1	api-iam.intercom.io	js.intercomcdn.com
1	widget.intercom.io	app.shine.fr
1	www.shine.fr	app.shine.fr
1	o1089553.ingest.sentry.io	app.shine.fr
44	13

This site contains links to these domains. Also see Links.

Domain
www.shine.fr
shine.fr
help.shine.fr

Subject Issuer	Validity	Valid
app.shine.fr GTS CA 1D4	`2024-04-20` - `2024-07-19`	3 months	crt.sh
ingest.sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-02` - `2024-12-02`	a year	crt.sh
api.shine.fr WR3	`2024-05-19` - `2024-08-17`	3 months	crt.sh
*.privacy-center.org Amazon RSA 2048 M03	`2024-03-10` - `2025-04-07`	a year	crt.sh
upload.video.google.com WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-05-22` - `2024-08-22`	3 months	crt.sh
api.privacy-center.org Amazon RSA 2048 M02	`2024-05-28` - `2025-06-25`	a year	crt.sh
shine.fr R3	`2024-04-19` - `2024-07-18`	3 months	crt.sh
*.intercom.com Amazon RSA 2048 M03	`2024-01-15` - `2025-02-11`	a year	crt.sh
*.intercomcdn.com Amazon RSA 2048 M02	`2023-12-01` - `2024-12-29`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://app.shine.fr/
Frame ID: F17D59CD49001BBA46DEFD4472ACAFBF
Requests: 34 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-e9cc61a01edd16da406e3864612b9bfb.html
Frame ID: C371700BA4E910D9B8713F22E1B2EB74
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: CBD39C41DAA02B79E42B6927CEC7C10A
Requests: 1 HTTP requests in this frame

Frame: https://connect-js.stripe.com/accessory_layer_09c91f6147d78c61c87e.html
Frame ID: 79A0846F29B267209E1B62067AF5158B
Requests: 1 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.535d6e8b.js
Frame ID: F99675640C3A83ABF659064E9AA1CF54
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Shine

Page URL History Show full URLs

http://app.shine.fr/ HTTP 307
https://app.shine.fr/ Page URL

Detected technologies

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Didomi (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

sdk\.privacy-center\.org/.*/loader\.js

Page Statistics

44
Requests

100 %
HTTPS

33 %
IPv6

7
Domains

13
Subdomains

16
IPs

2
Countries

4532 kB
Transfer

15874 kB
Size

7
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.shine.fr/lp/cookies/
Title: privacy policy

Search URL Search Domain Scan URL

URL: https://shine.fr/

Search URL Search Domain Scan URL

URL: https://help.shine.fr/
Title: Aide

Search URL Search Domain Scan URL

URL: https://shine.fr/terms
Title: Conditions d’utilisation

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://app.shine.fr/ HTTP 307
https://app.shine.fr/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
app.shine.fr/
Redirect Chain

http://app.shine.fr/
https://app.shine.fr/

1 KB
2 KB

96ms
46ms

Document
text/html

35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

a5bbb51248ac45f7c0dc9be0dc78ea17dad6152511801dd466d8e050e308d8b1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Request headers

Accept-Language: fr-FR,fr;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

accept-ranges: none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-security-policy-report-only: connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com; frame-src https://js.stripe.com/ https://tr.snapchat.com/; media-src https://js.intercomcdn.com; report-uri /report-csp-violation; object-src 'none'; frame-ancestors 'none';
content-type: text/html
date: Sun, 02 Jun 2024 00:42:41 GMT
etag: W/"e0d0da01a397950a084a29a3ee70cb4d"
expires: Mon, 02 Jun 2025 00:42:41 GMT
last-modified: Fri, 31 May 2024 15:05:30 GMT
server: UploadServer
vary: Accept-Encoding
x-frame-options: DENY
x-goog-generation: 1717167930419788
x-goog-hash: crc32c=lqgJhQ== md5=4NDaAaOXlQoISimj7nDLTQ==
x-goog-meta-goog-reserved-file-mtime: 1717167868
x-goog-metageneration: 2
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1056
x-guploader-uploadid: ABPtcPocWUadgeF2BOLbsfayo6hISDhvjgegRNe-_9CxuzyLSmE4dmsyiG2PAdxOHfykbz8Z9qs

Redirect headers

Location: https://app.shine.fr/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 index-8FJGebOZ.js Show response
app.shine.fr/assets/ 666 KB
170 KB 82ms
81ms Script
application/javascript 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/assets/index-8FJGebOZ.js

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

8367d7ee47b49051fa77af4e6fc50279b048eb82298f9a5e87ec9cac77c1925c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Origin: https://app.shine.fr
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 23:56:49 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
x-goog-meta-goog-reserved-file-mtime: 1717167868
age: 2752
x-guploader-uploadid: ABPtcPqq2Y9GgqlHvbFi9yGAIDTc5-mLV6PJmA5Qzcl4b15KRha28RY_ztMP6AS4OUs4rNrsO_qLESybiw
content-security-policy-report-only: connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com; frame-src https://js.stripe.com/ https://tr.snapchat.com/; media-src https://js.intercomcdn.com; report-uri /report-csp-violation; object-src 'none'; frame-ancestors 'none';
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 174076
last-modified: Fri, 31 May 2024 15:05:27 GMT
server: UploadServer
etag: W/"a588ec4f6e8c67431c87904049581777"
vary: Accept-Encoding
x-goog-generation: 1717167927724036
x-goog-hash: crc32c=9QtwnA==, md5=pYjsT26MZ0Mch5BASVgXdw==
content-type: application/javascript
cache-control: public,max-age=3600
x-goog-stored-content-length: 681732
x-frame-options: DENY
accept-ranges: none

GET
H2 200 vendor-hZ73KDyC.js Show response
app.shine.fr/assets/ 4 MB
1017 KB 21ms
21ms Script
application/javascript 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/assets/vendor-hZ73KDyC.js

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

e29f66709ddc4d4a19c526ad09307df02033f2f2e64344facfd6290a17d4a21e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Origin: https://app.shine.fr
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 23:56:49 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
x-goog-meta-goog-reserved-file-mtime: 1717167868
age: 2752
x-guploader-uploadid: ABPtcPoKpMotjuyFwz8mfCWEreD0PqbFk1szdKSxLrXq05Y8atKK4KgEzEK31aHLz8gNHlDRRx-EMFbgYw
content-security-policy-report-only: connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com; frame-src https://js.stripe.com/ https://tr.snapchat.com/; media-src https://js.intercomcdn.com; report-uri /report-csp-violation; object-src 'none'; frame-ancestors 'none';
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified: Fri, 31 May 2024 15:05:28 GMT
server: UploadServer
etag: W/"7ee7d5b09584d71bcb44fb210b2891fb"
vary: Accept-Encoding
x-goog-generation: 1717167928031468
x-goog-hash: crc32c=NuSPWQ==, md5=fufVsJWE1xvLRPshCyiR+w==
content-type: application/javascript
cache-control: public,max-age=3600
x-goog-stored-content-length: 3715589
x-frame-options: DENY
accept-ranges: none

GET
H2 200 index-BoH15BY2.css
app.shine.fr/assets/ 21 KB
3 KB 19ms
19ms Stylesheet
text/css 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/assets/index-BoH15BY2.css

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

3fa77d143ff94e5843ae8691be10e9a058a2c190620c2f190810196342d433f9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Origin: https://app.shine.fr
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:08:00 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
x-goog-meta-goog-reserved-file-mtime: 1717167868
age: 2081
x-guploader-uploadid: ABPtcPq0y_BqfxX2XauXOeEE9xHoVUtWPItK1sq8-18eWsvAHP1D1bRKsUajiLbUvT-u9MPoTz4
content-security-policy-report-only: connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com; frame-src https://js.stripe.com/ https://tr.snapchat.com/; media-src https://js.intercomcdn.com; report-uri /report-csp-violation; object-src 'none'; frame-ancestors 'none';
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2907
last-modified: Fri, 31 May 2024 15:05:26 GMT
server: UploadServer
etag: W/"aa1307a7ad47159b17fc161029cc091d"
vary: Accept-Encoding
x-goog-generation: 1717167926902803
x-goog-hash: crc32c=kTZmGQ==, md5=qhMHp61HFZsX/BYQKcwJHQ==
content-type: text/css
cache-control: public,max-age=3600
x-goog-stored-content-length: 21000
x-frame-options: DENY
accept-ranges: none

POST
H2 200 / Show response
o1089553.ingest.sentry.io/api/6105000/envelope/ 2 B
308 B 82ms
30ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o1089553.ingest.sentry.io/api/6105000/envelope/?sentry_key=fd4649e3b86e4ec99a554468765bb721&sentry_version=7&sentry_client=sentry.javascript.react%2F7.92.0

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/vendor-hZ73KDyC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 02 Jun 2024 00:42:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H3 200 WithinAppLayoutRoutes-DhP5-5-5.js Show response
app.shine.fr/assets/ 3 MB
731 KB 21ms
20ms Script
application/javascript 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/assets/WithinAppLayoutRoutes-DhP5-5-5.js

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/index-8FJGebOZ.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

8743067cfaa990b92e9cc7b8b10185e1b3e71834af67f4dd1ea8684c84f6a87b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://app.shine.fr
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:08:01 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
x-goog-meta-goog-reserved-file-mtime: 1717167868
age: 2080
x-guploader-uploadid: ABPtcPpDLbEyw451pJpn4ocqcV1CI8gsn7j1EQFlHMfb7HyJXrL549-HQUNSNAYfEZAkbj9jV38
content-security-policy-report-only: connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com; frame-src https://js.stripe.com/ https://tr.snapchat.com/; media-src https://js.intercomcdn.com; report-uri /report-csp-violation; object-src 'none'; frame-ancestors 'none';
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified: Fri, 31 May 2024 15:05:27 GMT
server: UploadServer
etag: W/"2cf148b467ee9964f12179b00e07a718"
vary: Accept-Encoding
x-goog-generation: 1717167927440270
x-goog-hash: crc32c=m2LQ1Q==, md5=LPFItGfumWTxIXmwDgenGA==
content-type: application/javascript
cache-control: public,max-age=3600
x-goog-stored-content-length: 3029835
x-frame-options: DENY
accept-ranges: none

GET
H3 200 UploadContent-B0d3GlhG.js Show response
app.shine.fr/assets/ 261 KB
58 KB 32ms
31ms Script
application/javascript 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/assets/UploadContent-B0d3GlhG.js

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/index-8FJGebOZ.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

1c652baa385b4311f472a9c388a1cf42b3a36bd3f8d900d18a82c8c67a2d4454

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://app.shine.fr
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:01:43 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
x-goog-meta-goog-reserved-file-mtime: 1717167868
age: 2458
x-guploader-uploadid: ABPtcPqqpaBq4LooLp2Oaky-jgM6Q0m3gyKvjKwNdqvYOsRFOgOR_4T4ugCA6K8cI7J3W-AtGZDI2R6Epw
content-security-policy-report-only: connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com; frame-src https://js.stripe.com/ https://tr.snapchat.com/; media-src https://js.intercomcdn.com; report-uri /report-csp-violation; object-src 'none'; frame-ancestors 'none';
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 59196
last-modified: Fri, 31 May 2024 15:05:26 GMT
server: UploadServer
etag: W/"e797f6d3cbdf41fa77e7095783c64d23"
vary: Accept-Encoding
x-goog-generation: 1717167926879714
x-goog-hash: crc32c=qpFxAg==, md5=55f208vfQfp35wlXg8ZNIw==
content-type: application/javascript
cache-control: public,max-age=3600
x-goog-stored-content-length: 267471
x-frame-options: DENY
accept-ranges: none

GET
H3 200 _commonjs-dynamic-modules-DA79aZ09.js Show response
app.shine.fr/assets/ 613 B
643 B 70ms
70ms Script
application/javascript 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/assets/_commonjs-dynamic-modules-DA79aZ09.js

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/index-8FJGebOZ.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

e5760c6e45df947ed62c1cdaec98a1a7ff56eec1d84c9d517b20a48020993dc2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://app.shine.fr
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:42:41 GMT
content-security-policy: upgrade-insecure-requests
x-goog-meta-goog-reserved-file-mtime: 1714063809
age: 0
x-guploader-uploadid: ABPtcPo2gDvPC2HoEjjgHRgnh5fgaJ2zXAqCvsKpzj5dWZ_k1nu0P4AdEMnxXwKImAD7RYS5jBI
content-security-policy-report-only: connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com; frame-src https://js.stripe.com/ https://tr.snapchat.com/; media-src https://js.intercomcdn.com; report-uri /report-csp-violation; object-src 'none'; frame-ancestors 'none';
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 613
last-modified: Fri, 31 May 2024 15:05:26 GMT
server: UploadServer
etag: "9a62c2ed78a533273aa0625d940b06a5"
x-frame-options: DENY
x-goog-generation: 1714063850173861
x-goog-hash: crc32c=06KWfw==, md5=mmLC7XilMyc6oGJdlAsGpQ==
content-type: application/javascript
cache-control: public,max-age=3600
x-goog-stored-content-length: 613
accept-ranges: bytes

GET
H3 200 WithinAppLayoutRoutes-0I_XeNwn.css
app.shine.fr/assets/ 4 KB
1 KB 22ms
22ms Stylesheet
text/css 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/assets/WithinAppLayoutRoutes-0I_XeNwn.css

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/index-8FJGebOZ.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

95be5b5404f063739886fd6a5d3dc67a6a56866b5dfa132f538dd1ac4ec9bfb6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:01:43 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
x-goog-meta-goog-reserved-file-mtime: 1717167868
age: 2458
x-guploader-uploadid: ABPtcPoMQ6_HxaQsLV8tmURW0caCf0jqX0DpRNW_VRKynqvU2R3Kc7soaRm9ZcjI6LLetb60TQ
content-security-policy-report-only: connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com; frame-src https://js.stripe.com/ https://tr.snapchat.com/; media-src https://js.intercomcdn.com; report-uri /report-csp-violation; object-src 'none'; frame-ancestors 'none';
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1088
last-modified: Fri, 31 May 2024 15:05:26 GMT
server: UploadServer
etag: W/"245ad96aec8e8065e980f0b15f52f305"
vary: Accept-Encoding
x-goog-generation: 1717167926497583
x-goog-hash: crc32c=K3IdOw==, md5=JFrZauyOgGXpgPCxX1LzBQ==
content-type: text/css
cache-control: public,max-age=3600
x-goog-stored-content-length: 4501
x-frame-options: DENY
accept-ranges: none

GET
H3 200 Onboarding-cAbGkoui.js Show response
app.shine.fr/assets/ 1 MB
254 KB 24ms
24ms Script
application/javascript 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/assets/Onboarding-cAbGkoui.js

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/index-8FJGebOZ.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

208a80a2df89cea0ea49c679974c328130427539d183cec84b555e76a8c39a15

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://app.shine.fr
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 23:56:59 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
x-goog-meta-goog-reserved-file-mtime: 1717167868
age: 2742
x-guploader-uploadid: ABPtcPpDd-JzWtCYQwfrZAnYq-tIm7aA_W9bOOsGUXuE3vhOvFg86lbWLmVe2-PBeAsZhm62t4o
content-security-policy-report-only: connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com; frame-src https://js.stripe.com/ https://tr.snapchat.com/; media-src https://js.intercomcdn.com; report-uri /report-csp-violation; object-src 'none'; frame-ancestors 'none';
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260224
last-modified: Fri, 31 May 2024 15:05:27 GMT
server: UploadServer
etag: W/"7001f3d858b21fbe397f9154feeeb426"
vary: Accept-Encoding
x-goog-generation: 1717167927123808
x-goog-hash: crc32c=Mw1bAg==, md5=cAHz2FiyH745f5FU/u60Jg==
content-type: application/javascript
cache-control: public,max-age=3600
x-goog-stored-content-length: 1294329
x-frame-options: DENY
accept-ranges: none

OPTIONS
H2 204 allowed_countries
api.shine.fr/v2/authentication/phone/ Frame 0
0 92ms
31ms Preflight 34.117.112.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.shine.fr/v2/authentication/phone/allowed_countries?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.117.112.165 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.112.117.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: app-version,content-type,platform
Access-Control-Request-Method: GET
Origin: https://app.shine.fr
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: app-version,content-type,platform
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Sun, 02 Jun 2024 00:42:41 GMT
vary: Access-Control-Request-Headers
via: 1.1 google
x-cloud-trace-context: 17d8963564edac9e3747c4056cfc71db/15882061186943117828;o=1
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 loader.js Show response
sdk.privacy-center.org/5b58c4e5-abc4-40d7-bf7d-fb1387527333/ 21 KB
7 KB 475ms
45ms Script
application/javascript 2600:9000:225b:1800:5:b7cc:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.privacy-center.org/5b58c4e5-abc4-40d7-bf7d-fb1387527333/loader.js?target=app.shine.fr
Requested by: Host: app.shine.fr
URL: https://app.shine.fr/assets/vendor-hZ73KDyC.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:1800:5:b7cc:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 096fa1a7935e03a375c686a18fafa2a380f5dee72b2d77d2702812642a9ace1d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 23:48:29 GMT
content-encoding: br
x-didomi-remote-config-metadata: multiReg:true;legacyGlobalGdpr:true
via: 1.1 c3f546c2f6132a41e608317139aa8faa.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
age: 3253
x-amzn-requestid: 4c07c249-b314-4c1d-b825-69a998c86393
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-didomi-configs-version: 107
x-amzn-trace-id: root=1-665a7a34-2b472d931d6ca4954158efe0;parent=59b48f4189dce534;sampled=0;lineage=eaae1266:0
etag: W/"1dd8ed27fe6e2dedd9eb974754147732"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=7200, public
x-amz-cf-id: Gh9qKTbOVBK_ZC4F9_7qJIPm9-O9jHHFJDsLIGceuNT4l5c8D5Fs8g==

GET
H3 200 ValueSerifPro-Medium-DfZyG21D.woff2
app.shine.fr/assets/ 44 KB
44 KB 44ms
43ms Font
font/woff2 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/assets/ValueSerifPro-Medium-DfZyG21D.woff2

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

3ee9bad98b3ff943c379284c97e046910b4866e8531a5ea06c6cbff2bf57c64e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Origin: https://app.shine.fr
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:42:41 GMT
content-security-policy: upgrade-insecure-requests
x-goog-meta-goog-reserved-file-mtime: 1714063809
age: 0
x-guploader-uploadid: ABPtcPp9YYcPuNaacm5f_2OtVcD0lZ8guEcwKKgjrh7_TJWA1IhcUCnDj68avnGtiZSvEj4v_MM
content-security-policy-report-only: connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com; frame-src https://js.stripe.com/ https://tr.snapchat.com/; media-src https://js.intercomcdn.com; report-uri /report-csp-violation; object-src 'none'; frame-ancestors 'none';
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45452
last-modified: Fri, 31 May 2024 15:05:26 GMT
server: UploadServer
etag: "951503ff013c69c70d8f7817f85dc29f"
x-frame-options: DENY
x-goog-generation: 1714063850147871
x-goog-hash: crc32c=mnRzrw==, md5=lRUD/wE8accNj3gX+F3Cnw==
content-type: font/woff2
cache-control: public,max-age=3600
x-goog-stored-content-length: 45452
accept-ranges: bytes

GET
H3 200 MabryPro-Regular-B_k5wJnW.woff2
app.shine.fr/assets/ 53 KB
53 KB 20ms
19ms Font
font/woff2 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/assets/MabryPro-Regular-B_k5wJnW.woff2

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

c00fb62623e5a6fdb26de7425f2a07d8f6cbe689aed3fc426ca0457171ce2c23

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Origin: https://app.shine.fr
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:33:20 GMT
content-security-policy: upgrade-insecure-requests
x-goog-meta-goog-reserved-file-mtime: 1715088638
age: 561
x-guploader-uploadid: ABPtcPoIyGblmi3EH8HPkTGJh9Vlxe6jpuqnuGedNlrD4_DcQ7YyiKY-lWds3ZDx-e0QwC42yg
content-security-policy-report-only: connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com; frame-src https://js.stripe.com/ https://tr.snapchat.com/; media-src https://js.intercomcdn.com; report-uri /report-csp-violation; object-src 'none'; frame-ancestors 'none';
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54664
last-modified: Fri, 31 May 2024 15:05:26 GMT
server: UploadServer
etag: "c233d7acdb00718a2e1f77bfe6777ee1"
x-frame-options: DENY
x-goog-generation: 1715088679292047
x-goog-hash: crc32c=v71KHQ==, md5=wjPXrNsAcYouH3e/5nd+4Q==
content-type: font/woff2
cache-control: public,max-age=3600
x-goog-stored-content-length: 54664
accept-ranges: bytes

GET
H3 200 MabryPro-Medium-CIo8vNpy.woff2
app.shine.fr/assets/ 51 KB
51 KB 21ms
20ms Font
font/woff2 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/assets/MabryPro-Medium-CIo8vNpy.woff2

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

503cd1b7735f54768cd262c1552b98c4b98c3588abd519ab1fc639305698f554

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Origin: https://app.shine.fr
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:33:20 GMT
content-security-policy: upgrade-insecure-requests
x-goog-meta-goog-reserved-file-mtime: 1714063809
age: 561
x-guploader-uploadid: ABPtcPqmXenMifjgV4BaAz5dbnIO4nky7iepRqZf-_K3X63ET48n3uDruB3rQRM0ONw0kZBciN6Gd_FbEA
content-security-policy-report-only: connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com; frame-src https://js.stripe.com/ https://tr.snapchat.com/; media-src https://js.intercomcdn.com; report-uri /report-csp-violation; object-src 'none'; frame-ancestors 'none';
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52512
last-modified: Fri, 31 May 2024 15:05:26 GMT
server: UploadServer
etag: "767647d4714911dc3d105cfaf323b317"
x-frame-options: DENY
x-goog-generation: 1714063850790306
x-goog-hash: crc32c=+eB2UA==, md5=dnZH1HFJEdw9EFz68yOzFw==
content-type: font/woff2
cache-control: public,max-age=3600
x-goog-stored-content-length: 52512
accept-ranges: bytes

GET
H2 200 allowed_countries Show response
api.shine.fr/v2/authentication/phone/ 410 B
379 B 31ms
27ms Fetch
application/json 34.117.112.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.shine.fr/v2/authentication/phone/allowed_countries?

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/vendor-hZ73KDyC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.117.112.165 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.112.117.34.bc.googleusercontent.com

Software

Resource Hash

8da8f838f99e37560dfdd548864ecb28c7cdff0727eca76151a29972993421c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
app-version: 1.0.0
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://app.shine.fr/
platform: web
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:42:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 google
etag: W/"19a-BMQxCOQfQ3EBRBKq7BXvDqjxiuA"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 4400536a6b3a8e836090861a7a622075/9869755525328379946;o=1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2632121835a345c64e72f2bf0f9c429e35656b077c9c961729a1a3e0150ba7bf

Request headers

Accept-Language: fr-FR,fr;q=0.9;q=0.9
Referer: https://app.shine.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 337 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 432bfbf2c23dbe77fd1ba65f127fcf5ff497190450728c9e62459eed965f0930

Request headers

Accept-Language: fr-FR,fr;q=0.9;q=0.9
Referer: https://app.shine.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 app-EkAu6lvN.png
app.shine.fr/assets/ 527 KB
527 KB 58ms
58ms Image
image/png 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.shine.fr/assets/app-EkAu6lvN.png

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

0acfbfdfca5f089367ae935b7f088284430094ce11ac293aece58cf2169cc402

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:23:04 GMT
content-security-policy: upgrade-insecure-requests
x-goog-meta-goog-reserved-file-mtime: 1717088616
age: 1177
x-guploader-uploadid: ABPtcPo_CIim7Y0r5-hf5gC-HkmWROb9NsflD86WzqhMtYLa_wSEJZZnhZSQJAu72jPf63YKl2g
content-security-policy-report-only: connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com; frame-src https://js.stripe.com/ https://tr.snapchat.com/; media-src https://js.intercomcdn.com; report-uri /report-csp-violation; object-src 'none'; frame-ancestors 'none';
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 539665
last-modified: Fri, 31 May 2024 15:05:27 GMT
server: UploadServer
etag: "53c50875676a6397fa09dd33d79e077e"
x-frame-options: DENY
x-goog-generation: 1717088660448943
x-goog-hash: crc32c=YQX1Aw==, md5=U8UIdWdqY5f6Cd0z154Hfg==
content-type: image/png
cache-control: public,max-age=3600
x-goog-stored-content-length: 539665
accept-ranges: bytes

POST
H3 204 report-csp-violation
app.shine.fr/ 0
18 B 26ms
26ms Other
text/plain 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/report-csp-violation

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/vendor-hZ73KDyC.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sun, 02 Jun 2024 00:42:41 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 google
x-download-options: noopen
content-security-policy-report-only: connect-src 'self' https://api.shine.fr https://api.shine.fr wss://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://static.landbot.io; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com https://cdn.landbot.io https://fonts.cdnfonts.com; frame-ancestors 'none'; img-src 'self' data: blob: https://lipis.github.io https://firebasestorage.googleapis.com https://static.intercomassets.com; media-src https://js.intercomcdn.com; object-src 'none'; report-uri /report-csp-violation; script-src 'self' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://static.landbot.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests
x-dns-prefetch-control: off
x-frame-options: DENY
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

POST
H2 200 installations Show response
firebaseinstallations.googleapis.com/v1/projects/shine-163816/ 617 B
673 B 373ms
372ms Fetch
application/json 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseinstallations.googleapis.com/v1/projects/shine-163816/installations

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/vendor-hZ73KDyC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cabc1bf89f2e959cf32985b0573682d9f10709f17a85cb8a001256f0d241f064

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
x-firebase-client: eyJ2ZXJzaW9uIjoyLCJoZWFydGJlYXRzIjpbeyJhZ2VudCI6ImZpcmUtY29yZS8wLjcuMjggZmlyZS1jb3JlLWVzbTIwMTcvMC43LjI4IGZpcmUtanMvIGZpcmUtanMtYWxsLWFwcC85LjkuMCBmaXJlLWlpZC8wLjUuMTIgZmlyZS1paWQtZXNtMjAxNy8wLjUuMTIgZmlyZS1yYy8wLjMuMTEgZmlyZS1yYy1lc20yMDE3LzAuMy4xMSIsImRhdGVzIjpbIjIwMjQtMDYtMDIiXX1dfQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type: application/json
accept: application/json
Referer: https://app.shine.fr/
x-goog-api-key: AIzaSyAFb38ulbWrpaDCOMxHwcjb2jVDTYvmzII
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:42:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://app.shine.fr
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 483
x-xss-protection: 0

OPTIONS
H2 200 installations
firebaseinstallations.googleapis.com/v1/projects/shine-163816/ Frame 0
0 110ms
39ms Preflight
text/html 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseinstallations.googleapis.com/v1/projects/shine-163816/installations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-firebase-client,x-goog-api-key
Access-Control-Request-Method: POST
Origin: https://app.shine.fr
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-firebase-client,x-goog-api-key
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://app.shine.fr
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Sun, 02 Jun 2024 00:42:42 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 v3 Show response
js.stripe.com/ 606 KB
148 KB 130ms
37ms Script
text/javascript 18.173.187.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/UploadContent-B0d3GlhG.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.187.127 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-187-127.muc50.r.cloudfront.net

Software

Cloudfront /

Resource Hash

82dd90922f348e8a948008c0bab8396c567366b2f283cf493d205fd5a53f5793

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:42:16 GMT
content-encoding: br
via: 1.1 b25ea630a0bc5820a6901f77047718fe.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 26
x-amz-cf-pop: MUC50-P4
x-cache: Hit from cloudfront
last-modified: Fri, 31 May 2024 20:47:50 GMT
server: Cloudfront
etag: W/"71bbfd938024c0d609c09d8d2514ad8c"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
timing-allow-origin: *
x-amz-cf-id: HrBUSXpy7PDYEiXf7bxaQtcZFUoB_j9W5ZL_YiAHsD6MGynDJv6_yA==

POST
H3 204 report-csp-violation
app.shine.fr/ 0
18 B 27ms
27ms Other
text/plain 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/report-csp-violation

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/WithinAppLayoutRoutes-DhP5-5-5.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sun, 02 Jun 2024 00:42:42 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 google
x-download-options: noopen
content-security-policy-report-only: connect-src 'self' https://api.shine.fr https://api.shine.fr wss://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://static.landbot.io; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com https://cdn.landbot.io https://fonts.cdnfonts.com; frame-ancestors 'none'; img-src 'self' data: blob: https://lipis.github.io https://firebasestorage.googleapis.com https://static.intercomassets.com; media-src https://js.intercomcdn.com; object-src 'none'; report-uri /report-csp-violation; script-src 'self' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://static.landbot.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests
x-dns-prefetch-control: off
x-frame-options: DENY
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 connect.js Show response
connect-js.stripe.com/v1.0/ 4 MB
1007 KB 1225ms
1139ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://connect-js.stripe.com/v1.0/connect.js

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/WithinAppLayoutRoutes-DhP5-5-5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

dd24d19ebb791d7d9302395466906e7b2cf64d814f8641bac5cd29fb410549eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sun, 02 Jun 2024 00:42:43 GMT
via: 1.1 varnish
age: 1
x-cache: MISS
content-length: 1030754
x-request-id: 1ceab71b-f874-489f-a705-8f51348ab5b2
x-served-by: cache-ams21036-AMS
server: Fastly
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0

GET
H2 200 sdk.2e71e718a23e7508c6fd8cc0f241e61f88b3b14b.js Show response
sdk.privacy-center.org/sdk/2e71e718a23e7508c6fd8cc0f241e61f88b3b14b/modern/ 341 KB
88 KB 39ms
39ms Script
application/javascript 2600:9000:225b:1800:5:b7cc:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.privacy-center.org/sdk/2e71e718a23e7508c6fd8cc0f241e61f88b3b14b/modern/sdk.2e71e718a23e7508c6fd8cc0f241e61f88b3b14b.js
Requested by: Host: sdk.privacy-center.org
URL: https://sdk.privacy-center.org/5b58c4e5-abc4-40d7-bf7d-fb1387527333/loader.js?target=app.shine.fr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:1800:5:b7cc:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ba726e356845a48bfcc05fadd025f9216a265dff5eab6847e3f869bfd5f89a60

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 09:34:10 GMT
content-encoding: br
via: 1.1 c3f546c2f6132a41e608317139aa8faa.cloudfront.net (CloudFront)
last-modified: Wed, 29 May 2024 09:33:44 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P1
age: 313713
etag: W/"dfa3b0d8d8b446631760bbdbd2716b59-1"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: xkj26sssF4fHcPHXGDbAqVja2wf8ZsZrBxwCsdmmc4BPE2l7xxxrVg==

GET
H2 200 controller-with-preconnect-e9cc61a01edd16da406e3864612b9bfb.html
js.stripe.com/v3/ Frame C371 0
0 97ms
36ms Document
text/html 18.173.187.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-with-preconnect-e9cc61a01edd16da406e3864612b9bfb.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.187.50 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-187-50.muc50.r.cloudfront.net

Software

Cloudfront /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: fr-FR,fr;q=0.9;q=0.9
Referer: https://app.shine.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 36
cache-control: max-age=60, stale-while-revalidate=900
content-length: 391
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sun, 02 Jun 2024 00:42:17 GMT
etag: "e9cc61a01edd16da406e3864612b9bfb"
last-modified: Fri, 31 May 2024 20:03:54 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 541abc390c35db77f7d121c96f0661ec.cloudfront.net (CloudFront)
x-amz-cf-id: ugw8HexUX0-cxJbjVPaaJPpHoFg6i2BqQqsFBGO64tYUKBMdJjsIrg==
x-amz-cf-pop: MUC50-P4
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H3 200 ui-gdpr-en-web.2e71e718a23e7508c6fd8cc0f241e61f88b3b14b.js Show response
sdk.privacy-center.org/sdk/2e71e718a23e7508c6fd8cc0f241e61f88b3b14b/modern/ 265 KB
55 KB 36ms
35ms Script
application/javascript 18.66.192.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.privacy-center.org/sdk/2e71e718a23e7508c6fd8cc0f241e61f88b3b14b/modern/ui-gdpr-en-web.2e71e718a23e7508c6fd8cc0f241e61f88b3b14b.js
Requested by: Host: sdk.privacy-center.org
URL: https://sdk.privacy-center.org/sdk/2e71e718a23e7508c6fd8cc0f241e61f88b3b14b/modern/sdk.2e71e718a23e7508c6fd8cc0f241e61f88b3b14b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.192.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-192-42.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dd3b0a748465f202b3b29fe38989c8e0b913243352c28c45c4184338b96b1044

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 09:34:13 GMT
content-encoding: br
via: 1.1 47755cdb8b36419a04f12ee3c24f7fae.cloudfront.net (CloudFront)
last-modified: Wed, 29 May 2024 09:33:47 GMT
server: AmazonS3
age: 313710
x-amz-cf-pop: MUC50-P1
etag: W/"d7720d5a860457ce2e727b406ce7b4bd-1"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: LVbEGXdbgdONKmxg-XX4vJVl2tx8MurLJSKXRM7n0q3a5KrBLegUJg==

OPTIONS
H2 204 events
api.privacy-center.org/v1/ Frame 0
0 132ms
42ms Preflight 2600:9000:225b:a200:d:2044:5c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.privacy-center.org/v1/events
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:a200:d:2044:5c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-requested-with
Access-Control-Request-Method: POST
Origin: https://app.shine.fr
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-requested-with
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400
date: Sun, 02 Jun 2024 00:42:42 GMT
vary: Access-Control-Request-Headers
via: 1.1 fb542039f97bb702c0e68d2142c449aa.cloudfront.net (CloudFront)
x-amz-cf-id: Z155sJunP0VlDoU3yZNDkTEnP7fD5GrB-UF2sLobQPGGOS2ojnESMg==
x-amz-cf-pop: MUC50-P1
x-cache: Miss from cloudfront
x-powered-by: Express

POST
H3 204 report-csp-violation
app.shine.fr/ 0
18 B 27ms
27ms Other
text/plain 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/report-csp-violation

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/vendor-hZ73KDyC.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sun, 02 Jun 2024 00:42:42 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 google
x-download-options: noopen
content-security-policy-report-only: connect-src 'self' https://api.shine.fr https://api.shine.fr wss://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://static.landbot.io; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com https://cdn.landbot.io https://fonts.cdnfonts.com; frame-ancestors 'none'; img-src 'self' data: blob: https://lipis.github.io https://firebasestorage.googleapis.com https://static.intercomassets.com; media-src https://js.intercomcdn.com; object-src 'none'; report-uri /report-csp-violation; script-src 'self' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://static.landbot.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests
x-dns-prefetch-control: off
x-frame-options: DENY
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

POST
H2 204 events Show response
api.privacy-center.org/v1/ 0
567 B 52ms
52ms XHR
text/plain 2600:9000:225b:a200:d:2044:5c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.privacy-center.org/v1/events

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/vendor-hZ73KDyC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225b:a200:d:2044:5c40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://app.shine.fr/
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:42:42 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 fb542039f97bb702c0e68d2142c449aa.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
surrogate-control: no-store
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
etag: W/"4-K+iMpCQsduglOsYkdIUQZQMtaDM"
x-download-options: noopen
allow: POST
vary: Accept
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-didomi-version: adde6747
x-frame-options: SAMEORIGIN
x-amz-cf-id: yitkWuroyYDziDW_O261rdEathVWdo_RkVHt3COT4r9GUMtogomvog==
expires: 0

OPTIONS
H2 204 events
api.privacy-center.org/v1/ Frame 0
0 49ms
49ms Preflight 2600:9000:225b:a200:d:2044:5c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.privacy-center.org/v1/events
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:a200:d:2044:5c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-requested-with
Access-Control-Request-Method: POST
Origin: https://app.shine.fr
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-requested-with
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400
date: Sun, 02 Jun 2024 00:42:42 GMT
vary: Access-Control-Request-Headers
via: 1.1 fb542039f97bb702c0e68d2142c449aa.cloudfront.net (CloudFront)
x-amz-cf-id: rhaTxAD_UPHUouB2tBrODvHSHEP3lEww8e7RTUZV5DeG1NWhYGDU-g==
x-amz-cf-pop: MUC50-P1
x-cache: Miss from cloudfront
x-powered-by: Express

POST
H2 204 events Show response
api.privacy-center.org/v1/ 0
569 B 59ms
59ms XHR
text/plain 2600:9000:225b:a200:d:2044:5c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.privacy-center.org/v1/events

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/vendor-hZ73KDyC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225b:a200:d:2044:5c40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://app.shine.fr/
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:42:42 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 fb542039f97bb702c0e68d2142c449aa.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
surrogate-control: no-store
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
etag: W/"4-K+iMpCQsduglOsYkdIUQZQMtaDM"
x-download-options: noopen
allow: POST
vary: Accept
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-didomi-version: adde6747
x-frame-options: SAMEORIGIN
x-amz-cf-id: YRO3AG5VLq9Gm3vrWDJCzAMraruZN2LUFy5QhM4-zN_KZvhYhTxB2A==
expires: 0

POST
H3 204 report-csp-violation
app.shine.fr/ 0
18 B 27ms
26ms Other
text/plain 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/report-csp-violation

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sun, 02 Jun 2024 00:42:42 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 google
x-download-options: noopen
content-security-policy-report-only: connect-src 'self' https://api.shine.fr https://api.shine.fr wss://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://static.landbot.io; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com https://cdn.landbot.io https://fonts.cdnfonts.com; frame-ancestors 'none'; img-src 'self' data: blob: https://lipis.github.io https://firebasestorage.googleapis.com https://static.intercomassets.com; media-src https://js.intercomcdn.com; object-src 'none'; report-uri /report-csp-violation; script-src 'self' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://static.landbot.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests
x-dns-prefetch-control: off
x-frame-options: DENY
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 shine-logo.svg
www.shine.fr/images/ 4 KB
2 KB 121ms
34ms Image
image/svg+xml 2a05:d014:58f:6200::64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.shine.fr/images/shine-logo.svg

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:58f:6200::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

007e9b329f340080797ea4c728430fc5f3ad7533c7caccf201540902c2f5fc75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nf-request-id: 01HZB6C2GHA54H73TAXKNVY0TJ
date: Sun, 02 Jun 2024 00:42:42 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
age: 114622
content-length: 1913
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
cache-status: "Netlify Edge"; hit
etag: "7f08a7bd0be9df7098f1826e808314b2-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

OPTIONS
H2 200 firebase:fetch
firebaseremoteconfig.googleapis.com/v1/projects/shine-163816/namespaces/ Frame 0
0 46ms
32ms Preflight
text/html 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseremoteconfig.googleapis.com/v1/projects/shine-163816/namespaces/firebase:fetch?key=AIzaSyAFb38ulbWrpaDCOMxHwcjb2jVDTYvmzII

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-encoding,content-type,if-none-match
Access-Control-Request-Method: POST
Origin: https://app.shine.fr
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-encoding,content-type,if-none-match
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://app.shine.fr
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Sun, 02 Jun 2024 00:42:42 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 firebase:fetch Show response
firebaseremoteconfig.googleapis.com/v1/projects/shine-163816/namespaces/ 3 KB
1 KB 251ms
251ms Fetch
application/json 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseremoteconfig.googleapis.com/v1/projects/shine-163816/namespaces/firebase:fetch?key=AIzaSyAFb38ulbWrpaDCOMxHwcjb2jVDTYvmzII

Requested by

Host: app.shine.fr
URL: https://app.shine.fr/assets/vendor-hZ73KDyC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a34e049656923e67f84c80479a8f3358e9e6c2eef20da2bd27374b4dde867995

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Content-Encoding: gzip
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://app.shine.fr/
If-None-Match: *
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 00:42:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
etag: etag-shine-163816-firebase-fetch--1100440420
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://app.shine.fr
access-control-expose-headers: etag,vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 845
x-xss-protection: 0

GET
H2 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame CBD3 0
0 35ms
35ms Document
text/html 18.173.187.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.187.50 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-187-50.muc50.r.cloudfront.net

Software

Cloudfront /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: fr-FR,fr;q=0.9;q=0.9
Referer: https://app.shine.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 3557
cache-control: max-age=31536000
content-length: 200
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 01 Jun 2024 23:43:27 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Thu, 30 May 2024 20:04:59 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 541abc390c35db77f7d121c96f0661ec.cloudfront.net (CloudFront)
x-amz-cf-id: GUEBB8DUZYeGWQHFjXIxL_AmNRpk6QhFqNp17Y3ZAt2CvCPsum5chw==
x-amz-cf-pop: MUC50-P4
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 e6lrdjky Show response
widget.intercom.io/widget/ 7 KB
3 KB 116ms
42ms Script
application/javascript 54.230.228.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.intercom.io/widget/e6lrdjky
Requested by: Host: app.shine.fr
URL: https://app.shine.fr/assets/vendor-hZ73KDyC.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.228.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-228-89.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 818b15814b8ba5895a1e882ae38a245fa6509ee47d6efff9b185a0d3cf8620ef

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: FbhP3oeQl9B308GrjsB9RMYa56l0YYoN
content-encoding: gzip
via: 1.1 7b7e33ce27dedf9c28b39ecc0309b556.cloudfront.net (CloudFront)
date: Sun, 02 Jun 2024 00:40:05 GMT
x-amz-cf-pop: MUC50-P5
age: 160
x-amz-server-side-encryption: AES256
x-cache: Error from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2670
last-modified: Fri, 31 May 2024 11:01:57 GMT
server: AmazonS3
etag: "b3a428ce25dfe6e42afbb44419b37fed"
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: max-age=300, s-maxage=300, public
accept-ranges: bytes
x-amz-cf-id: YNXGAWiaCpIrKSlU2QYn526aaeQMbUExTgM1_H-LcikJplbtr4iHJQ==

GET
H2 200 accessory_layer_09c91f6147d78c61c87e.html
connect-js.stripe.com/ Frame 79A0 0
0 59ms
20ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://connect-js.stripe.com/accessory_layer_09c91f6147d78c61c87e.html

Requested by

Host: connect-js.stripe.com
URL: https://connect-js.stripe.com/v1.0/connect.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://errors.stripe.com https://api.stripe.com; default-src 'none'; font-src data: https:; form-action 'none'; frame-src 'self' https://js.stripe.com https://verify.stripe.com https://dashboard.stripe.com https://b.stripecdn.com; img-src 'self' blob: https://stripe-images.s3.amazonaws.com https://stripe-images.s3.us-west-1.amazonaws.com https://files.stripe.com https://issuing-card-assets-us-west-2-prod.s3.us-west-2.amazonaws.com; script-src 'self' https://js.stripe.com; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: fr-FR,fr;q=0.9;q=0.9
Referer: https://app.shine.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
age: 93796
cache-control: max-age=31536000, public
content-encoding: br
content-length: 174
content-security-policy: base-uri 'none'; connect-src 'self' https://errors.stripe.com https://api.stripe.com; default-src 'none'; font-src data: https:; form-action 'none'; frame-src 'self' https://js.stripe.com https://verify.stripe.com https://dashboard.stripe.com https://b.stripecdn.com; img-src 'self' blob: https://stripe-images.s3.amazonaws.com https://stripe-images.s3.us-west-1.amazonaws.com https://files.stripe.com https://issuing-card-assets-us-west-2-prod.s3.us-west-2.amazonaws.com; script-src 'self' https://js.stripe.com; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sun, 02 Jun 2024 00:42:44 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding, Origin
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 22
x-content-type-options: nosniff
x-request-id: 1b53220b-6038-47df-b3af-52f91d4df509
x-served-by: cache-ams21055-AMS

POST
H3 204 report-csp-violation
app.shine.fr/ 0
18 B 26ms
25ms Other
text/plain 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/report-csp-violation

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sun, 02 Jun 2024 00:42:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 google
x-download-options: noopen
content-security-policy-report-only: connect-src 'self' https://api.shine.fr https://api.shine.fr wss://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://static.landbot.io; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com https://cdn.landbot.io https://fonts.cdnfonts.com; frame-ancestors 'none'; img-src 'self' data: blob: https://lipis.github.io https://firebasestorage.googleapis.com https://static.intercomassets.com; media-src https://js.intercomcdn.com; object-src 'none'; report-uri /report-csp-violation; script-src 'self' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://static.landbot.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests
x-dns-prefetch-control: off
x-frame-options: DENY
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 frame-modern.535d6e8b.js Show response
js.intercomcdn.com/ Frame F996 460 KB
138 KB 210ms
110ms Script
application/javascript 18.173.187.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/frame-modern.535d6e8b.js

Requested by

Host: widget.intercom.io
URL: https://widget.intercom.io/widget/e6lrdjky

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.187.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-187-121.muc50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

bb47f19613d341d00d0f3379cf0f89f3e04462ea0265ae21fba2f1aae55176fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 6660Cqdc6azqBi_zf_1_MlpSi5MvW6q2
content-encoding: gzip
via: 1.1 5f2f5e879d7e38fec917517376aca8bc.cloudfront.net (CloudFront)
date: Sat, 01 Jun 2024 23:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: MUC50-P4
age: 6046
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 140947
last-modified: Fri, 31 May 2024 10:58:39 GMT
server: AmazonS3
etag: "c2610c2cf1b9cabb0631343d576ea046"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: B3_gLIEvQzk7CF8JAs0qVUr6vCZbJxjXGgb5OeFT9FNJnAAWyB66Pw==

GET
H2 200 vendor-modern.1a13b382.js Show response
js.intercomcdn.com/ Frame F996 492 KB
153 KB 135ms
36ms Script
application/javascript 18.173.187.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/vendor-modern.1a13b382.js

Requested by

Host: widget.intercom.io
URL: https://widget.intercom.io/widget/e6lrdjky

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.187.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-187-121.muc50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

0994a3d3661344684acec971fc82154a4605c4b2bbd4a95a6c065140dff7811f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 7TzMVquNufeLPqAioEI3AnR_4COuk_VE
content-encoding: gzip
via: 1.1 5f2f5e879d7e38fec917517376aca8bc.cloudfront.net (CloudFront)
date: Sat, 01 Jun 2024 23:47:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: MUC50-P4
age: 3293
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 155543
last-modified: Wed, 29 May 2024 17:03:40 GMT
server: AmazonS3
etag: "82b135e7f918556124285c160cf4be1e"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: x3VrBo639CMc-gENx-BwElzjr6ZlpnlQwpvrsegOY3M8LiVYhW1SXQ==

GET
H3 200 favicon-32x32.png
app.shine.fr/ 1006 B
1 KB 20ms
19ms Other
image/png 35.190.91.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shine.fr/favicon-32x32.png

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.91.146 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

146.91.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

c7b3b22856820b6f363e4d4c96964802fd4bbe3e1aa7adc3887d98d5e2f87c81

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://app.shine.fr/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 23:49:54 GMT
content-security-policy: upgrade-insecure-requests
x-goog-meta-goog-reserved-file-mtime: 1714063744
age: 3170
x-guploader-uploadid: ABPtcPrD-hVMsDpIwB7LZkPsvGl-3wKSxnIearGTueWK2AERTMLCkICOuyLu0ULA7z7_2B2ukNJKGVwGVQ
content-security-policy-report-only: connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com; frame-src https://js.stripe.com/ https://tr.snapchat.com/; media-src https://js.intercomcdn.com; report-uri /report-csp-violation; object-src 'none'; frame-ancestors 'none';
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1006
last-modified: Fri, 31 May 2024 15:05:30 GMT
server: UploadServer
etag: "686b80461fe8516feb9bcaf5d533a3b7"
x-frame-options: DENY
x-goog-generation: 1714063854148066
x-goog-hash: crc32c=BzR7lw==, md5=aGuARh/oUW/rm8r11TOjtw==
content-type: image/png
cache-control: public,max-age=3600
x-goog-stored-content-length: 1006
accept-ranges: bytes

POST
H2 200 ping Show response
api-iam.intercom.io/messenger/web/ Frame F996 10 KB
3 KB 727ms
532ms XHR
application/json 54.225.73.111
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/ping

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.535d6e8b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.225.73.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-225-73-111.compute-1.amazonaws.com

Software

nginx /

Resource Hash

d58e60ae717988e61dcdabb528b1a7b2419473f411b30f2a0ff26bdedcd89a25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 02 Jun 2024 00:42:45 GMT
strict-transport-security: max-age=31556952; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
x-ami-version: ami-09a36a6c62f211f17
status: 200 OK
x-xss-protection: 1; mode=block
x-request-id: 002506ls8jjhfvbnkds0
x-runtime: 0.434107
server: nginx
etag: W/"d58e60ae717988e61dcdabb528b1a7b2"
x-request-queueing: 0
vary: Accept,Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://app.shine.fr
x-intercom-version: d9c89b16d3eebf2a6a0a2a109765d02b4306ac01
access-control-expose-headers: x-request-id
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-frame-options: SAMEORIGIN
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA

GET
H2 200 vendors~locale-fr-json-modern.c750ddf3.js Show response
js.intercomcdn.com/ Frame F996 34 KB
10 KB 32ms
31ms Script
application/javascript 18.173.187.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/vendors~locale-fr-json-modern.c750ddf3.js

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.535d6e8b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.187.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-187-121.muc50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

d646e3dd9b283a3338bb466126cb371574ce9bbfeb7496efa555383ec7bd8206

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: dFagL6FSEB6iZkp.dTnNwTlWJQVgrQ97
content-encoding: gzip
via: 1.1 5f2f5e879d7e38fec917517376aca8bc.cloudfront.net (CloudFront)
date: Sat, 01 Jun 2024 23:41:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: MUC50-P4
age: 3861
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 9448
last-modified: Wed, 29 May 2024 17:03:41 GMT
server: AmazonS3
etag: "02294db0a4c68c73da62960e530b30ae"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: nfJT7X8I-38EEJ0x0gDZkP0ii2eufU4UXBRM0QQgc_SOzE0xFA1ltg==

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.shine.fr/	1970-01-21 01:25:03	Name: didomi_token Value: eyJ1c2VyX2lkIjoiMThmZDY2NjAtOTNmMC02M2ViLTg5NjItNmJjMzI0NzhhZjAzIiwiY3JlYXRlZCI6IjIwMjQtMDYtMDJUMDA6NDI6NDIuMzY3WiIsInVwZGF0ZWQiOiIyMDI0LTA2LTAyVDAwOjQyOjQyLjM2N1oiLCJ2ZXJzaW9uIjpudWxsfQ==
m.stripe.com/	1970-01-21 06:37:28	Name: m Value: 433e9744-0c87-47fb-840f-a7d3f26d96f2ce2c9d
.app.shine.fr/	1970-01-21 05:47:04	Name: __stripe_mid Value: f05003f8-6099-4f9c-88f2-23e17a3d5e32b8fc3f
.app.shine.fr/	1970-01-20 21:01:30	Name: __stripe_sid Value: af3d950c-3468-4372-94bf-5160cd62c14bd4633c
.shine.fr/	1970-01-21 03:30:18	Name: intercom-id-e6lrdjky Value: c32a94da-f0fd-4c52-833c-6ead8ee27a0d
.shine.fr/	1970-01-20 21:11:33	Name: intercom-session-e6lrdjky Value:
.shine.fr/	1970-01-21 03:30:18	Name: intercom-device-id-e6lrdjky Value: 45000108-3c90-441f-aabe-440bee81a508

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://app.shine.fr/assets/vendor-hZ73KDyC.js(Line 43) Message: [Report Only] Refused to connect to 'https://firebaseinstallations.googleapis.com/v1/projects/shine-163816/installations' because it violates the following Content Security Policy directive: "connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com".
security	error	URL: https://app.shine.fr/assets/vendor-hZ73KDyC.js(Line 43) Message: [Report Only] Refused to connect to 'https://firebaseinstallations.googleapis.com/v1/projects/shine-163816/installations' because it violates the following Content Security Policy directive: "connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com".
security	error	URL: https://app.shine.fr/assets/WithinAppLayoutRoutes-DhP5-5-5.js(Line 804) Message: [Report Only] Refused to load the script 'https://connect-js.stripe.com/v1.0/connect.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://connect.facebook.net https://sdk.privacy-center.org https://bat.bing.com https://www.googletagmanager.com https://www.redditstatic.com https://websdk.appsflyer.com https://sc-static.net https://shine.script.admo.tv https://snap.licdn.com https://www.clarity.ms https://canny.io". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://app.shine.fr/assets/vendor-hZ73KDyC.js(Line 58) Message: [Report Only] Refused to connect to 'https://api.privacy-center.org/v1/events' because it violates the following Content Security Policy directive: "connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com".
security	error	URL: https://app.shine.fr/assets/vendor-hZ73KDyC.js(Line 58) Message: [Report Only] Refused to connect to 'https://api.privacy-center.org/v1/events' because it violates the following Content Security Policy directive: "connect-src 'self' https://api.shine.fr wss://api.shine.fr https://o1089553.ingest.sentry.io https://api.segment.io https://www.google.com https://googleads.g.doubleclick.net https://wa.appsflyer.com https://www.googleapis.com https://firebasestorage.googleapis.com https://securetoken.googleapis.com https://firebaseremoteconfig.googleapis.com https://api.onfido.com wss://sync.onfido.com https://telephony.onfido.com https://widget.intercom.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://shinetools.typeform.com https://cdn.segment.com https://*.clarity.ms https://shine.script.admo.tv https://www.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://bat.bing.com https://tr.snapchat.com https://shine.admo.tv https://pagead2.googlesyndication.com https://region1.analytics.google.com".
security	error	URL: https://app.shine.fr/ Message: [Report Only] Refused to load the image 'https://www.shine.fr/images/shine-logo.svg' because it violates the following Content Security Policy directive: "img-src 'self' data: blob: https://lipis.github.io https://images.prismic.io https://firebasestorage.googleapis.com https://static.intercomassets.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://alb.reddit.com".
security	error	URL: https://connect-js.stripe.com/ Message: [Report Only] Refused to frame 'https://connect-js.stripe.com/' because it violates the following Content Security Policy directive: "frame-src https://js.stripe.com/ https://tr.snapchat.com/".
security	error	URL: https://connect-js.stripe.com/ Message: [Report Only] Refused to frame 'https://connect-js.stripe.com/' because it violates the following Content Security Policy directive: "frame-src https://js.stripe.com/ https://tr.snapchat.com/".
other	warning	URL: https://app.shine.fr/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
api.privacy-center.org
api.shine.fr
app.shine.fr
connect-js.stripe.com
firebaseinstallations.googleapis.com
firebaseremoteconfig.googleapis.com
js.intercomcdn.com
js.stripe.com
o1089553.ingest.sentry.io
sdk.privacy-center.org
widget.intercom.io
www.shine.fr
151.101.0.176
18.173.187.121
18.173.187.127
18.173.187.50
18.66.192.42
2600:9000:225b:1800:5:b7cc:d3c0:93a1
2600:9000:225b:a200:d:2044:5c40:93a1
2a00:1450:4001:80e::200a
2a00:1450:4001:812::200a
2a05:d014:58f:6200::64
34.117.112.165
34.120.195.249
35.190.91.146
54.225.73.111
54.230.228.89
007e9b329f340080797ea4c728430fc5f3ad7533c7caccf201540902c2f5fc75
096fa1a7935e03a375c686a18fafa2a380f5dee72b2d77d2702812642a9ace1d
0994a3d3661344684acec971fc82154a4605c4b2bbd4a95a6c065140dff7811f
0acfbfdfca5f089367ae935b7f088284430094ce11ac293aece58cf2169cc402
1c652baa385b4311f472a9c388a1cf42b3a36bd3f8d900d18a82c8c67a2d4454
208a80a2df89cea0ea49c679974c328130427539d183cec84b555e76a8c39a15
2632121835a345c64e72f2bf0f9c429e35656b077c9c961729a1a3e0150ba7bf
3ee9bad98b3ff943c379284c97e046910b4866e8531a5ea06c6cbff2bf57c64e
3fa77d143ff94e5843ae8691be10e9a058a2c190620c2f190810196342d433f9
432bfbf2c23dbe77fd1ba65f127fcf5ff497190450728c9e62459eed965f0930
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
503cd1b7735f54768cd262c1552b98c4b98c3588abd519ab1fc639305698f554
818b15814b8ba5895a1e882ae38a245fa6509ee47d6efff9b185a0d3cf8620ef
82dd90922f348e8a948008c0bab8396c567366b2f283cf493d205fd5a53f5793
8367d7ee47b49051fa77af4e6fc50279b048eb82298f9a5e87ec9cac77c1925c
8743067cfaa990b92e9cc7b8b10185e1b3e71834af67f4dd1ea8684c84f6a87b
8da8f838f99e37560dfdd548864ecb28c7cdff0727eca76151a29972993421c0
95be5b5404f063739886fd6a5d3dc67a6a56866b5dfa132f538dd1ac4ec9bfb6
a34e049656923e67f84c80479a8f3358e9e6c2eef20da2bd27374b4dde867995
a5bbb51248ac45f7c0dc9be0dc78ea17dad6152511801dd466d8e050e308d8b1
ba726e356845a48bfcc05fadd025f9216a265dff5eab6847e3f869bfd5f89a60
bb47f19613d341d00d0f3379cf0f89f3e04462ea0265ae21fba2f1aae55176fa
c00fb62623e5a6fdb26de7425f2a07d8f6cbe689aed3fc426ca0457171ce2c23
c7b3b22856820b6f363e4d4c96964802fd4bbe3e1aa7adc3887d98d5e2f87c81
cabc1bf89f2e959cf32985b0573682d9f10709f17a85cb8a001256f0d241f064
d58e60ae717988e61dcdabb528b1a7b2419473f411b30f2a0ff26bdedcd89a25
d646e3dd9b283a3338bb466126cb371574ce9bbfeb7496efa555383ec7bd8206
dd24d19ebb791d7d9302395466906e7b2cf64d814f8641bac5cd29fb410549eb
dd3b0a748465f202b3b29fe38989c8e0b913243352c28c45c4184338b96b1044
e29f66709ddc4d4a19c526ad09307df02033f2f2e64344facfd6290a17d4a21e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5760c6e45df947ed62c1cdaec98a1a7ff56eec1d84c9d517b20a48020993dc2

app.shine.fr Open in urlscan Pro 35.190.91.146 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

44 Requests

100 %HTTPS

33 %IPv6

7 Domains

13 Subdomains

16 IPs

2 Countries

4532 kBTransfer

15874 kBSize

7 Cookies

4 Outgoing links

Page URL History

Redirected requests

44 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

app.shine.fr Open in urlscan Pro
35.190.91.146 Public Scan

Screenshot
Live screenshot

Full Image

44
Requests

100 %
HTTPS

33 %
IPv6

7
Domains

13
Subdomains

16
IPs

2
Countries

4532 kB
Transfer

15874 kB
Size

7
Cookies

44 HTTP transactions
2 data transactions