urlscan.io logo urlscan.io
SecurityTrails logo

a1wechat-iaccount-dev.roche.com.cn Open in urlscan Pro
2606:4700::6812:3c1  Public Scan

Go To Rescan Add Verdict Report
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Submission: On July 17 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 24 HTTP transactions. The main IP is 2606:4700::6812:3c1, located in United States and belongs to CLOUDFLARENET, US. The main domain is a1wechat-iaccount-dev.roche.com.cn.
TLS certificate: Issued by E5 on July 17th 2024. Valid for: 3 months.
This is the only time a1wechat-iaccount-dev.roche.com.cn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
17 2606:4700::68... 13335 (CLOUDFLAR...)
2 2404:2280:1cc... 24429 (TAOBAO Zh...)
3 61.170.79.229 4812 (CHINANET-...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
24 4
Apex Domain
Subdomains		 Transfer
19 roche.com.cn
a1wechat-iaccount-dev.roche.com.cn
a1wechat-gateway-test.roche.com.cn
659 KB
3 smartmice.cn
spkg.smartmice.cn
2 KB
2 alicdn.com
at.alicdn.com — Cisco Umbrella Rank: 12488
60 KB
24 3
Domain Requested by
17 a1wechat-iaccount-dev.roche.com.cn a1wechat-iaccount-dev.roche.com.cn
3 spkg.smartmice.cn
2 a1wechat-gateway-test.roche.com.cn
2 at.alicdn.com a1wechat-iaccount-dev.roche.com.cn
24 4

This site contains no links.

Subject Issuer Validity Valid
a1wechat-iaccount-dev.roche.com.cn
E5		 2024-07-17 -
2024-10-15		 3 months crt.sh
*.tbcdn.cn
GlobalSign Organization Validation CA - SHA256 - G3		 2024-06-19 -
2025-07-21		 a year crt.sh
*.smartmice.cn
GeoTrust CN RSA CA G1		 2023-09-18 -
2024-10-12		 a year crt.sh
a1wechat-gateway-test.roche.com.cn
E6		 2024-07-17 -
2024-10-15		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://a1wechat-iaccount-dev.roche.com.cn/
Frame ID: DB011F90C497756146EC82429D278D2D
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

会引擎 - 登录

Page Statistics

24
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

721 kB
Transfer

2926 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
a1wechat-iaccount-dev.roche.com.cn/ 		4 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1622bd5c4e2f5dc7a7e18f7785482034b418985221b57b000a9c07a3953deb61
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
cf-ray
8a4a90335e0a1c30-FRA
content-encoding
br
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
content-type
text/html; charset=utf-8
date
Wed, 17 Jul 2024 13:26:22 GMT
expect-staple
max-age=3600; includeSubDomains
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
1; mode=block
0.js
a1wechat-iaccount-dev.roche.com.cn/js/ 		0
40 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/js/0.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
Origin
https://a1wechat-iaccount-dev.roche.com.cn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:24 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-268b8"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90386d391c30-FRA
1.js
a1wechat-iaccount-dev.roche.com.cn/js/ 		0
51 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/js/1.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
Origin
https://a1wechat-iaccount-dev.roche.com.cn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:24 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-3dad3"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90386d3d1c30-FRA
10.js
a1wechat-iaccount-dev.roche.com.cn/js/ 		0
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/js/10.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
Origin
https://a1wechat-iaccount-dev.roche.com.cn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:24 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-6397"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90387d401c30-FRA
2.js
a1wechat-iaccount-dev.roche.com.cn/js/ 		0
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/js/2.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
Origin
https://a1wechat-iaccount-dev.roche.com.cn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:23 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-5d52"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90387d4c1c30-FRA
3.js
a1wechat-iaccount-dev.roche.com.cn/js/ 		0
8 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/js/3.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
Origin
https://a1wechat-iaccount-dev.roche.com.cn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:24 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-7c9f"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90387d4f1c30-FRA
4.js
a1wechat-iaccount-dev.roche.com.cn/js/ 		0
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/js/4.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
Origin
https://a1wechat-iaccount-dev.roche.com.cn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:23 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-7572"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90387d501c30-FRA
5.js
a1wechat-iaccount-dev.roche.com.cn/js/ 		0
8 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/js/5.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
Origin
https://a1wechat-iaccount-dev.roche.com.cn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:23 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-8049"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90387d541c30-FRA
6.js
a1wechat-iaccount-dev.roche.com.cn/js/ 		0
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/js/6.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
Origin
https://a1wechat-iaccount-dev.roche.com.cn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:24 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-77c3"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90387d5a1c30-FRA
7.js
a1wechat-iaccount-dev.roche.com.cn/js/ 		0
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/js/7.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
Origin
https://a1wechat-iaccount-dev.roche.com.cn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:23 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-7391"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90387d5c1c30-FRA
8.js
a1wechat-iaccount-dev.roche.com.cn/js/ 		0
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/js/8.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
Origin
https://a1wechat-iaccount-dev.roche.com.cn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:23 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-76af"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90387d5e1c30-FRA
9.js
a1wechat-iaccount-dev.roche.com.cn/js/ 		0
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/js/9.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
Origin
https://a1wechat-iaccount-dev.roche.com.cn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:23 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-6638"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90387d601c30-FRA
app.js
a1wechat-iaccount-dev.roche.com.cn/js/ 		54 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/js/app.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bbe6ba0a709495e43c3cf2e33585796326b85782c0d803ff7c35817179f89c0
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
Origin
https://a1wechat-iaccount-dev.roche.com.cn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:24 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-d9f4"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90386d3c1c30-FRA
chunk-vendors.js
a1wechat-iaccount-dev.roche.com.cn/js/ 		2 MB
481 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/js/chunk-vendors.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
65a10fe26e173234ba152c1de6d6557884777ded6adebca36327f7a38fbe0f3e
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
Origin
https://a1wechat-iaccount-dev.roche.com.cn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:25 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-2647d4"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90386d3e1c30-FRA
font_1121813_zl9htz2f6a.js
at.alicdn.com/t/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://at.alicdn.com/t/font_1121813_zl9htz2f6a.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2404:2280:1cc:0:715::3fb , Singapore, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software
Tengine /
Resource Hash
f1e48d1e67af71b8556a87092d46aaeb18d7cd0077fc8e81246a0f7a17d75b7a

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 10:29:09 GMT
via
cache4.l2de2[409,409,200-0,M], cache25.l2de2[410,0], ens-cache10.de5[0,0,200-0,H], ens-cache6.de5[1,0]
content-encoding
gzip
x-oss-request-id
66979CF5B0967731315D1634
content-md5
87wzTzZC8Bdlg6xg9TPCMw==
age
10633
x-swift-cachetime
63072000
x-cache
HIT TCP_HIT dirn:11:219247632
x-swift-savetime
Wed, 17 Jul 2024 10:29:09 GMT
x-oss-object-type
Normal
last-modified
Fri, 24 Dec 2021 10:46:42 GMT
server
Tengine
etag
W/"F3BC334F3642F0176583AC60F533C233"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Origin
ali-swift-global-savetime
1721212149
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=63072000
x-oss-storage-class
Standard
timing-allow-origin
*
x-oss-hash-crc64ecma
17827543646793160965
eagleid
a3b55c9a17212227828401231e
x-oss-server-time
35
font_1561333_cwptbrlmi8.js
at.alicdn.com/t/ 		156 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://at.alicdn.com/t/font_1561333_cwptbrlmi8.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2404:2280:1cc:0:715::3fb , Singapore, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software
Tengine /
Resource Hash
8d834c70f11a1b6daca14c599acf19fb52834d88657e169836366769d5fcf2d8

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 10:29:09 GMT
via
cache20.l2de2[459,459,200-0,M], cache20.l2de2[461,0], ens-cache7.de5[0,0,200-0,H], ens-cache6.de5[2,0]
content-encoding
gzip
x-oss-request-id
66979CF5FC091B333177CD53
content-md5
jffk62ZsPnTAeEQ2LJ4b8A==
age
10633
x-swift-cachetime
63072000
x-cache
HIT TCP_HIT dirn:11:496490068
x-swift-savetime
Wed, 17 Jul 2024 10:29:09 GMT
x-oss-object-type
Normal
last-modified
Fri, 24 Dec 2021 16:22:00 GMT
server
Tengine
etag
W/"8DF7E4EB666C3E74C07844362C9E1BF0"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Origin
ali-swift-global-savetime
1721212149
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=63072000
x-oss-storage-class
Standard
timing-allow-origin
*
x-oss-hash-crc64ecma
10220048535759196096
eagleid
a3b55c9a17212227829121599e
x-oss-server-time
66
base.json
spkg.smartmice.cn/configuration/iapp-config/null/development/ 		413 B
609 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://spkg.smartmice.cn/configuration/iapp-config/null/development/base.json?rnd=1721222787061
Requested by
Host:
URL: webpack:///./node_modules/smart-core-util/lib/index.umd.js?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
61.170.79.229 , China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN),
Reverse DNS
229.79.170.61.broad.xw.sh.dynamic.163data.com.cn
Software
Tengine /
Resource Hash
c4571d6bff40e355be4bb473608d21c1b8e5a9d7d60d00dbfecfe44528cc78ad

Request headers

Accept
application/json, text/plain, */*
Referer
https://a1wechat-iaccount-dev.roche.com.cn/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:29 GMT
via
cache36.l2cn3008[112,112,404-1280,M], cache27.l2cn3008[113,0], ens-cache16.cn6011[155,155,404-1280,M], ens-cache10.cn6011[157,0]
x-oss-request-id
6697C685E38C983834198FCD
x-swift-error
orig response 4XX error
x-swift-cachetime
1
x-cache
MISS TCP_MISS dirn:-2:-2
x-oss-cdn-auth
success
x-swift-savetime
Wed, 17 Jul 2024 13:26:29 GMT
content-length
413
server
Tengine
access-control-max-age
0
access-control-allow-methods
GET, POST, HEAD
content-type
application/xml
access-control-allow-origin
*
ali-swift-global-savetime
1721222789
x-oss-ec
0026-00000001
timing-allow-origin
*
eagleid
3daa4f1e17212227889671718e
x-oss-server-time
7
routerQueue.json
spkg.smartmice.cn/configuration/iapp-config/null/development/ 		420 B
608 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://spkg.smartmice.cn/configuration/iapp-config/null/development/routerQueue.json?rnd=1721222787061
Requested by
Host:
URL: webpack:///./node_modules/smart-core-util/lib/index.umd.js?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
61.170.79.229 , China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN),
Reverse DNS
229.79.170.61.broad.xw.sh.dynamic.163data.com.cn
Software
Tengine /
Resource Hash
6f7504216af8c5720138ff4a1ce673eaf1e310337ddddb94990976f21dc61dd9

Request headers

Accept
application/json, text/plain, */*
Referer
https://a1wechat-iaccount-dev.roche.com.cn/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:29 GMT
via
cache67.l2cn3008[13,12,404-1280,M], cache56.l2cn3008[14,0], ens-cache10.cn6011[70,70,404-1280,M], ens-cache10.cn6011[73,0]
x-oss-request-id
6697C685AB8D9037327BF9F4
x-swift-error
orig response 4XX error
x-swift-cachetime
1
x-cache
MISS TCP_MISS dirn:-2:-2
x-oss-cdn-auth
success
x-swift-savetime
Wed, 17 Jul 2024 13:26:29 GMT
content-length
420
server
Tengine
access-control-max-age
0
access-control-allow-methods
GET, POST, HEAD
content-type
application/xml
access-control-allow-origin
*
ali-swift-global-savetime
1721222789
x-oss-ec
0026-00000001
timing-allow-origin
*
eagleid
3daa4f1e17212227889901814e
x-oss-server-time
2
uris.json
spkg.smartmice.cn/configuration/iapp-config/null/development/ 		413 B
918 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://spkg.smartmice.cn/configuration/iapp-config/null/development/uris.json?rnd=1721222787061
Requested by
Host:
URL: webpack:///./node_modules/smart-core-util/lib/index.umd.js?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
61.170.79.229 , China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN),
Reverse DNS
229.79.170.61.broad.xw.sh.dynamic.163data.com.cn
Software
Tengine /
Resource Hash
e3c2428ba609ee8c5d617202375fc57f2dcdd190ba63aee11f1e7412fc7bea2a

Request headers

Accept
application/json, text/plain, */*
Referer
https://a1wechat-iaccount-dev.roche.com.cn/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:29 GMT
via
cache74.l2cn3008[14,13,404-1280,M], cache14.l2cn3008[15,0], ens-cache1.cn6011[57,56,404-1280,M], ens-cache10.cn6011[58,0]
x-oss-request-id
6697C685DC8170353245933B
x-swift-error
orig response 4XX error
x-swift-cachetime
1
x-cache
MISS TCP_MISS dirn:-2:-2
x-oss-cdn-auth
success
x-swift-savetime
Wed, 17 Jul 2024 13:26:29 GMT
content-length
413
server
Tengine
access-control-max-age
0
access-control-allow-methods
GET, POST, HEAD
content-type
application/xml
access-control-allow-origin
*
ali-swift-global-savetime
1721222789
x-oss-ec
0026-00000001
timing-allow-origin
*
eagleid
3daa4f1e17212227889911818e
x-oss-server-time
2
favicon.ico
a1wechat-iaccount-dev.roche.com.cn/ 		4 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db74ab0b78338c1f778f8398c45f4103c99aea0e845a3118a7750b4eeafd3445
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:29 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-10be"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
image/x-icon
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90544a2f1c30-FRA
1.js
a1wechat-iaccount-dev.roche.com.cn/js/ 		247 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/js/1.js
Requested by
Host: a1wechat-iaccount-dev.roche.com.cn
URL: https://a1wechat-iaccount-dev.roche.com.cn/js/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af85f966a0e14494235d5486f7d4fb980d32dd9b1bbd124ffc6eefd7c71ad3a3
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/
Origin
https://a1wechat-iaccount-dev.roche.com.cn
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:24 GMT
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-3dad3"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90386d3d1c30-FRA
getsettings
a1wechat-gateway-test.roche.com.cn/api/tpm/cfg/ 		85 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://a1wechat-gateway-test.roche.com.cn/api/tpm/cfg/getsettings
Requested by
Host:
URL: webpack:///./node_modules/smart-core-util/lib/index.umd.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:2c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d286d9a6b924b9d95a89925dbe7f06bcdc4aeeb6bb9ce99b04339f59112ac915
Security Headers
Name Value
Content-Security-Policy object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://a1wechat-iaccount-dev.roche.com.cn/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

date
Wed, 17 Jul 2024 13:26:31 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-security-policy
object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
content-encoding
br
x-kong-proxy-latency
56
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
x-kong-upstream-latency
34
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://a1wechat-iaccount-dev.roche.com.cn
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
expect-staple
max-age=3600; includeSubDomains
access-control-allow-credentials
true
cf-ray
8a4a9068995d1951-FRA
getsettings
a1wechat-gateway-test.roche.com.cn/api/tpm/cfg/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://a1wechat-gateway-test.roche.com.cn/api/tpm/cfg/getsettings
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:2c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://a1wechat-iaccount-dev.roche.com.cn
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin
https://a1wechat-iaccount-dev.roche.com.cn
access-control-max-age
86402
cf-cache-status
DYNAMIC
cf-ray
8a4a9062cf531951-FRA
content-security-policy
object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
date
Wed, 17 Jul 2024 13:26:30 GMT
expect-staple
max-age=3600; includeSubDomains
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
1; mode=block
favicon.ico
a1wechat-iaccount-dev.roche.com.cn/ 		4 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://a1wechat-iaccount-dev.roche.com.cn/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:3c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db74ab0b78338c1f778f8398c45f4103c99aea0e845a3118a7750b4eeafd3445
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://a1wechat-iaccount-dev.roche.com.cn/login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 13:26:29 GMT
content-security-policy
default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction": 0.15}
content-encoding
br
content-security-policy-report-only
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
feature-policy-report-only
geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 07:25:24 GMT
server
cloudflare
etag
W/"65f2a664-10be"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
content-type
image/x-icon
expect-staple
max-age=3600; includeSubDomains
cf-ray
8a4a90544a2f1c30-FRA

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackJsonp object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill string| idomain

4 Cookies

Domain/Path Name / Value
.roche.com.cn/ Name: __cf_bm
Value: T1N4NHRwkEBoqL31K75de0w8ztZn9snTVZl2kVmXQRY-1721222782-1.0.1.1-GjmJNiRAYpb2k9R5_kCcMWcjTYPIBW8TAnPvQawEhSwctx_mRze6it7aODuNnqmlK0CY.edXUnN5Hl_U4H9doA
.roche.com.cn/ Name: __cfruid
Value: 021b0dc6724baa0de26673be61cda2dba136cd22-1721222782
.roche.com.cn/ Name: _cfuvid
Value: 5FopRALniI.J5FQ0HD24GyZXNKtgKZmvqIUxcsH6G.4-1721222782739-0.0.1.1-604800000
.roche.com.cn/ Name: Uris
Value: %7B%22Uris%22%3A%7B%7D%7D

6 Console Messages

Source Level URL
Text
security error URL: https://a1wechat-iaccount-dev.roche.com.cn/(Line 7)
Message:
The Content-Security-Policy directive name 'style-src*.alicdn.com*.roche.com.cn*.smartmice.cn'unsafe-inline'' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security error URL: https://a1wechat-iaccount-dev.roche.com.cn/
Message:
[Report Only] Refused to load the script 'https://at.alicdn.com/t/font_1121813_zl9htz2f6a.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://a1wechat-iaccount-dev.roche.com.cn/
Message:
[Report Only] Refused to load the script 'https://at.alicdn.com/t/font_1561333_cwptbrlmi8.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
network error URL: https://spkg.smartmice.cn/configuration/iapp-config/null/development/uris.json?rnd=1721222787061
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://spkg.smartmice.cn/configuration/iapp-config/null/development/routerQueue.json?rnd=1721222787061
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://spkg.smartmice.cn/configuration/iapp-config/null/development/base.json?rnd=1721222787061
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com;script-src 'self' *.roche.com.cn 'unsafe-inline' 'unsafe-eval' *.smartmice.cn *.wx.qq.com *.alicdn.com *.aliyuncs.com *.amap.com *.eventworld.cn;font-src 'self' data: *.alicdn.com *.yzcdn.cn;style-src 'self' *.example.com 'unsafe-inline' *.smartmice.cn *.amap.com;img-src 'self' data: blob: *.yzcdn.cn store.is.autonavi.com *.cn-north-1.amazonaws.com.cn *.s3.cn-north-1.amazonaws.com.cn *.amap.com *.oss-cn-hangzhou.aliyuncs.com *.oss-cn-shanghai.aliyuncs.com *.smartmice.cn;worker-src 'self' blob: *.amap.com;connect-src 'self' *.roche.com.cn *.aliyun.com *.aliyuncs.com *.smartmice.cn *.alicdn.com *.amap.com *.eventworld.cn;
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block