owasp.org Open in urlscan Pro
2606:4700:10::6816:1b4d Public Scan

Go To Rescan
Add Verdict Report

URL:
https://owasp.org/www-project-web-security-testing-guide/
Submission: On November 07 via api (November 7th 2024, 4:35:18 pm UTC) from LU — Scanned from US

Summary HTTP 38 Redirects Links 40 Behaviour Indicators

Summary

This website contacted 7 IPs in 1 countries across 7 domains to perform 38 HTTP transactions. The main IP is 2606:4700:10::6816:1b4d, located in United States and belongs to CLOUDFLARENET, US. The main domain is owasp.org. The Cisco Umbrella rank of the primary domain is 196907.
TLS certificate: Issued by WE1 on September 26th 2024. Valid for: 3 months.

This is the only time owasp.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	2606:4700:10:... 2606:4700:10::6816:1b4d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:400d:c07::64	15169 (GOOGLE) (GOOGLE)
1	2606:50c0:800... 2606:50c0:8003::153	54113 (FASTLY) (FASTLY)
3	2606:4700:303... 2606:4700:3035::ac43:ad59	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:10:... 2606:4700:10::6816:a79	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.199.109.154 185.199.109.154	54113 (FASTLY) (FASTLY)
1	140.82.114.5 140.82.114.5	36459 (GITHUB) (GITHUB)
38	7

29 2606:4700:10::6816:1b4d (United States)

ASN13335 (CLOUDFLARENET, US)

owasp.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c07::64 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:50c0:8003::153 (United States)

ASN54113 (FASTLY, US)

buttons.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3035::ac43:ad59 (United States)

ASN13335 (CLOUDFLARENET, US)

img.shields.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:a79 (United States)

ASN13335 (CLOUDFLARENET, US)

licensebuttons.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.199.109.154 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-109-154.github.com

github.githubassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 140.82.114.5 (United States)

ASN36459 (GITHUB, US)
PTR: lb-140-82-114-5-iad.github.com

api.github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	owasp.org owasp.org — Cisco Umbrella Rank: 196907	1 MB
3	shields.io img.shields.io — Cisco Umbrella Rank: 43416	5 KB
2	licensebuttons.net licensebuttons.net — Cisco Umbrella Rank: 29952	744 B
1	github.com api.github.com — Cisco Umbrella Rank: 4389	3 KB
1	githubassets.com github.githubassets.com — Cisco Umbrella Rank: 9744	2 KB
1	github.io buttons.github.io — Cisco Umbrella Rank: 66070	7 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 34	21 KB
38	7

	Domain	Requested by
29	owasp.org	owasp.org
3	img.shields.io	owasp.org
2	licensebuttons.net	owasp.org
1	api.github.com	buttons.github.io
1	github.githubassets.com	owasp.org
1	buttons.github.io	owasp.org
1	www.google-analytics.com	owasp.org
38	7

This site contains links to these domains. Also see Links.

Domain
owasporg.atlassian.net
god.owasp.de
india.appsecdays.org
www.owaspbenelux.eu
lascon.org
members.owasp.org
owasp.us17.list-manage.com
www.youtube.com
creativecommons.org
github.com
twitter.com
www.lulu.com
lists.owasp.org
owasp-slack.herokuapp.com
app.slack.com
www.bionic.ai
www.microfocus.com
www.uobgroup.com
www.scitum.com.mx
www.securebrain.co.jp
www.backslash.security
promon.co
www.salesforce.com
www.tenable.com
teamsecure.io
www.facebook.com
infosec.exchange
www.linkedin.com

Subject Issuer	Validity	Valid
owasp.org WE1	`2024-09-26` - `2024-12-25`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.github.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-03-15` - `2025-03-14`	a year	crt.sh
shields.io WE1	`2024-10-21` - `2025-01-19`	3 months	crt.sh
licensebuttons.net WE1	`2024-10-27` - `2025-01-25`	3 months	crt.sh
*.githubassets.com Sectigo RSA Domain Validation Secure Server CA	`2024-09-24` - `2025-09-24`	a year	crt.sh
*.github.com Sectigo ECC Domain Validation Secure Server CA	`2024-03-07` - `2025-03-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://owasp.org/www-project-web-security-testing-guide/
Frame ID: B93EEBF93A57F604F6E2151B1EE985EA
Requests: 38 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OWASP Web Security Testing Guide | OWASP Foundation

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

38
Requests

100 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

7
IPs

1
Countries

1158 kB
Transfer

1498 kB
Size

0
Cookies

40 Outgoing links

These are links going to different origins than the main page.

URL: https://owasporg.atlassian.net/servicedesk/customer/portal/7/create/70?src=-1419759666
Title: Start a New Project...

Search URL Search Domain Scan URL

URL: https://owasporg.atlassian.net/servicedesk/customer/portal/8/group/20/create/90?src=-1419759666
Title: Start a Local Chapter...

Search URL Search Domain Scan URL

URL: https://god.owasp.de/
Title: German OWASP Day 2024

Search URL Search Domain Scan URL

URL: https://india.appsecdays.org/
Title: OWASP Virtual Appsec Days India 2024

Search URL Search Domain Scan URL

URL: https://www.owaspbenelux.eu/
Title: OWASP BeNelux 2024

Search URL Search Domain Scan URL

URL: https://lascon.org/
Title: OWASP LASCON 2025

Search URL Search Domain Scan URL

URL: https://members.owasp.org/
Title: Membership Portal

Search URL Search Domain Scan URL

URL: https://owasp.us17.list-manage.com/subscribe?u=a8012c9e2e384bf8ea8d7deb7&id=22be76c892
Title: Subscribe to our Mailing List

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/OWASPGLOBAL/videos
Title: Video

Search URL Search Domain Scan URL

URL: https://creativecommons.org/licenses/by-sa/4.0/

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/wstg/

Search URL Search Domain Scan URL

URL: https://twitter.com/owasp_wstg

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/wstg
Title: guide’s project repo

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/wstg/tree/master/document
Title: read the latest development documents in our official GitHub repository

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/wstg/releases/download/v4.2/wstg-v4.2.pdf
Title: Download the v4.2 PDF

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/wstg/releases/download/v4.1/wstg-v4.1.pdf
Title: Download the v4.1 PDF

Search URL Search Domain Scan URL

URL: https://www.lulu.com/shop/matteo-meucci-and-andrew-muller/testing-guide-40-release/paperback/product-22294314.html
Title: available for purchase

Search URL Search Domain Scan URL

URL: https://lists.owasp.org/pipermail/owasp-testing/index
Title: archives of the Mailman owasp-testing mailing list

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/wstg/issues
Title: GitHub Issues

Search URL Search Domain Scan URL

URL: https://owasp-slack.herokuapp.com/
Title: invitation link

Search URL Search Domain Scan URL

URL: https://app.slack.com/client/T04T40NHX/CJ2QDHLRJ
Title: channel, #testing-guide

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-web-security-testing-guide/blob/master/index.md
Title: Edit on GitHub

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/wstg/blob/master/CODE_OF_CONDUCT.md
Title: Code of Conduct

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/wstg/blob/master/CONTRIBUTING.md
Title: Contribution Guide

Search URL Search Domain Scan URL

URL: https://www.bionic.ai/

Search URL Search Domain Scan URL

URL: https://www.microfocus.com/en-us/cyberres/application-security

Search URL Search Domain Scan URL

URL: https://www.uobgroup.com/

Search URL Search Domain Scan URL

URL: https://www.scitum.com.mx/

Search URL Search Domain Scan URL

URL: https://www.securebrain.co.jp/eng/

Search URL Search Domain Scan URL

URL: https://www.backslash.security/?utm_campaign=Launch&utm_source=owasp-sponsorship&utm_medium=banner&utm_content=homepage

Search URL Search Domain Scan URL

URL: http://promon.co/

Search URL Search Domain Scan URL

URL: https://www.salesforce.com/

Search URL Search Domain Scan URL

URL: https://www.tenable.com/

Search URL Search Domain Scan URL

URL: http://teamsecure.io/

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/OWASPFoundation

Search URL Search Domain Scan URL

URL: https://infosec.exchange/@owasp

Search URL Search Domain Scan URL

URL: https://twitter.com/owasp

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/owasp/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/OWASPGLOBAL

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

38 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
owasp.org/www-project-web-security-testing-guide/ 38 KB
14 KB 135ms
71ms Document
text/html 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed7e8da42fa22f5800e6c44885da4b2633e9996ed1b2bb55b2ddd722afba4973

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://owasp.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36

Response headers

access-control-allow-origin: *
age: 0
cache-control: max-age=600
cf-cache-status: DYNAMIC
cf-ray: 8deebc3c7c861809-EWR
content-encoding: br
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
content-type: text/html; charset=utf-8
date: Thu, 07 Nov 2024 16:35:14 GMT
expires: Thu, 07 Nov 2024 16:45:14 GMT
last-modified: Sat, 26 Oct 2024 12:17:22 GMT
permissions-policy: geolocation=(self)
referrer-policy: same-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-fastly-request-id: 9a60bcf9ab880bbc375419dcb6c9b2b800b2c757
x-frame-options: SAMEORIGIN
x-github-request-id: 67AC:2AA52A:15270D7:17BAE37:672CEC41
x-origin-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-lga21945-LGA
x-timer: S1730997314.032158,VS0,VE15

GET
H2 200 js.cookie.min.js Show response
owasp.org/www--site-theme/assets/js/ 2 KB
3 KB 37ms
34ms Script
application/javascript 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/js.cookie.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

582cc085dd8fea044917d1efde838e77e845262fd025bbfe0339f808607c81f6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: 8d727deeda2809f77544591345c6c055c1744cfa
content-encoding: gzip
cf-cache-status: HIT
etag: W/"672002ec-6c3"
age: 146
x-content-type-options: nosniff
x-github-request-id: 2B1B:2722BD:8400D5A:90D289F:672B3BA9
expires: Thu, 07 Nov 2024 16:42:36 GMT
x-proxy-cache: MISS
x-cache: HIT
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 28 Oct 2024 21:32:28 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21949-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730891483.138857,VS0,VE1
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3d0d351809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 839
x-origin-cache: HIT
server: cloudflare

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 76ms
21ms Script
text/javascript 2607:f8b0:400d:c07::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c07::64 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer

Response headers

content-encoding: gzip
age: 4415
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 17:21:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 15:21:39 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 styles.css
owasp.org/www--site-theme/assets/css/ 175 KB
38 KB 45ms
42ms Stylesheet
text/css 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/css/styles.css

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7f9972b318f3f0816c202e281dfacace681f7a35d4d3df782147f2b65a6cf43

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: dff132bdcc78dd1595eca76c8bd8f9a052669341
content-encoding: gzip
cf-cache-status: HIT
etag: W/"672002ec-2ba0d"
age: 146
x-content-type-options: nosniff
x-github-request-id: AF4E:130C07:3D986C3:46C4283:67200371
expires: Thu, 07 Nov 2024 16:42:48 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 28 Oct 2024 21:32:28 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21983-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730151281.342416,VS0,VE17
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3d0d311809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 36582
x-origin-cache: HIT
server: cloudflare

GET
H2 200 jquery-3.7.1.min.js Show response
owasp.org/www--site-theme/assets/js/ 85 KB
30 KB 34ms
32ms Script
application/javascript 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/jquery-3.7.1.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: 2dafb2d1826c75e53b25ccbd6bc52edec601092b
content-encoding: gzip
cf-cache-status: HIT
etag: W/"672002ec-155ed"
age: 146
x-content-type-options: nosniff
x-github-request-id: 81CE:91D2C:44C56D8:4EA1345:672062A2
expires: Thu, 07 Nov 2024 16:42:48 GMT
x-proxy-cache: MISS
x-cache: HIT
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 28 Oct 2024 21:32:28 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21957-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730182586.425474,VS0,VE14
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3d0d381809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30627
x-origin-cache: HIT
server: cloudflare

GET
H2 200 util.js Show response
owasp.org/www--site-theme/assets/js/ 2 KB
1 KB 38ms
36ms Script
application/javascript 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/util.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbe2121765e2f3e921a42bcb9b0c78635b68cee1dccd1b1ec31089b9382ff514

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: 3daf63d850f8a532bd98872c84736b3c613eaca9
content-encoding: gzip
cf-cache-status: HIT
etag: W/"672002ec-89b"
age: 146
x-content-type-options: nosniff
x-github-request-id: F627:91D2C:3FB3567:48DF486:67200371
expires: Thu, 07 Nov 2024 16:42:48 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 28 Oct 2024 21:32:28 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21960-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730151281.342797,VS0,VE14
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3d0d391809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 947
x-origin-cache: HIT
server: cloudflare

GET
H2 200 yaml.min.js Show response
owasp.org/www--site-theme/assets/js/ 42 KB
12 KB 39ms
37ms Script
application/javascript 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/yaml.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8ccdf0e45f181fc04f0d202779fff71aa76f27f0428a792e0e6f13fe1d0b085

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: ffeeffab280ec03f6fea05ec7055af8ba623d61d
content-encoding: gzip
cf-cache-status: HIT
etag: W/"672002ec-a944"
age: 146
x-content-type-options: nosniff
x-github-request-id: 5A3F:29C76:5B7E90B:6634363:6729F66D
expires: Thu, 07 Nov 2024 16:42:34 GMT
x-proxy-cache: MISS
x-cache: HIT
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 28 Oct 2024 21:32:28 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21965-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730804449.504347,VS0,VE13
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3d0d3b1809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10780
x-origin-cache: HIT
server: cloudflare

GET
H2 200 kjua.min.js Show response
owasp.org/www--site-theme/assets/js/ 28 KB
11 KB 102ms
100ms Script
application/javascript 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/kjua.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53d3b023092e049484c4e39ce6f50d1b8dd10074795e66da06e1140792a91d9a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: 23296721fe558f1d246ffbe5244b0a34b9986f41
content-encoding: gzip
cf-cache-status: HIT
etag: W/"672002ec-6f0d"
age: 146
x-content-type-options: nosniff
x-github-request-id: 0BA9:2A5EB6:3C80B9A:45AC5E3:67200371
expires: Thu, 07 Nov 2024 16:42:48 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 28 Oct 2024 21:32:28 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21992-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730151281.341184,VS0,VE14
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3d0d3e1809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10684
server: cloudflare

GET
H2 200 buttons.js Show response
buttons.github.io/ 19 KB
7 KB 37ms
9ms Script
application/javascript 2606:50c0:8003::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons.github.io/buttons.js
Requested by: Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:50c0:8003::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: eb9dffbab4d4ef9127d97d49b00aba034096ecb1ea18fb98f75b12e6886d802f

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer

Response headers

x-fastly-request-id: 1b1fd336af5fc66f8b32a3eb66df88e36ea91791
content-encoding: gzip
etag: W/"6728784a-4bf6"
age: 510
x-github-request-id: EC0E:1E389D:4AD4139:528C8A3:67287904
expires: Mon, 04 Nov 2024 07:44:24 GMT
x-proxy-cache: HIT
x-cache: HIT
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 Nov 2024 07:31:22 GMT
x-served-by: cache-lga21981-LGA
x-cache-hits: 151
vary: Accept-Encoding
cache-control: max-age=600
x-timer: S1730997314.225663,VS0,VE1
via: 1.1 varnish
permissions-policy: interest-cohort=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6701
x-origin-cache: HIT
server: GitHub.com

GET
H2 200 logo.png
owasp.org/assets/images/ 11 KB
11 KB 41ms
40ms Image
image/png 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/logo.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8902e5836a324eae0ab281a9be7d62683e025d503ce6778cce6768fb908c1089

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: 9ebd3d1d9b2519281c4d0bb1718e22d9b0a0c243
cf-cache-status: HIT
etag: "672c4d64-2b53"
age: 145
x-content-type-options: nosniff
x-github-request-id: A878:37998:C5F23B:E34BE8:672C4FBA
expires: Thu, 07 Nov 2024 16:42:49 GMT
x-proxy-cache: MISS
x-cache: HIT
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/png
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21979-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730958224.264623,VS0,VE14
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3d0d401809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11091
x-origin-cache: HIT
server: cloudflare

GET
H3 200 owasp-flagship-brightgreen.svg
img.shields.io/badge/ 1 KB
1 KB 103ms
31ms Image
image/svg+xml 2606:4700:3035::ac43:ad59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.shields.io/badge/owasp-flagship-brightgreen.svg

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:ad59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029876b4197ec6db9c4a77b6020c2bfe5dfc5f4dbfc9ab046b0fc710d05d328d

Security Headers

Name	Value
Content-Security-Policy	script-src 'none';

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer

Response headers

content-encoding: zstd
cf-cache-status: HIT
age: 109664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hCe9xRT%2Bk%2BnsBV0D5YaEvGZZXHb0V3MaFgC13ayMvv%2BNJ1ytiC%2FCUQrt1fPl5qnV5D1JIfd2gmb%2F3RX4csWjRjhtX%2BAY6YC9kweMyO6TJiy22ki3h%2FcJgp9v0r%2BKPASqx8sZEojTZAxjCNoXaA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=10300&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4210&recv_bytes=4397&delivery_rate=38081&cwnd=12000&unsent_bytes=0&cid=965662c4e1956f0f&ts=48&x=1", cfHdrFlush;dur=0
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/svg+xml;charset=utf-8
last-modified: Mon, 04 Nov 2024 19:43:22 GMT
fly-request-id: 01JC0F32TQYFBVGX3YTPV35DS4-lga
vary: Accept-Encoding
content-security-policy: script-src 'none';
cache-control: max-age=432000, s-maxage=432000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
via: 1.1 fly.io
cf-ray: 8deebc3d78b38c12-EWR
access-control-allow-origin: *
server: cloudflare

GET
H2 200 80x15.png
licensebuttons.net/l/by-sa/4.0/ 434 B
744 B 95ms
25ms Image
image/png 2606:4700:10::6816:a79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://licensebuttons.net/l/by-sa/4.0/80x15.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:a79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f63cfda6d32f33a6e3d9b3b855826327d5f844fa83aae18df79f97d7afddf20

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer

Response headers

cf-bgj: imgq:100,h2pri
etag: "5eab4a31-2a0"
age: 3557
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origSize=672
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/png
last-modified: Thu, 30 Apr 2020 21:59:13 GMT
vary: Accept-Encoding
x-frame-options: deny
strict-transport-security: max-age=15768000
cache-control: max-age=432000
cf-ray: 8deebc3dcc4872c2-EWR
accept-ranges: bytes
content-length: 434
x-xss-protection: 1; mode=block
server: cloudflare

GET
H3 200 wstg
img.shields.io/github/stars/OWASP/ 3 KB
2 KB 200ms
199ms Image
image/svg+xml 2606:4700:3035::ac43:ad59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.shields.io/github/stars/OWASP/wstg?label=Stars%20on%20GitHub&style=social

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:ad59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e32de241d7203d0537805c67944b306dc733e7d36d9640149d63a5d2ee62dbbc

Security Headers

Name	Value
Content-Security-Policy	script-src 'none';

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer

Response headers

content-encoding: zstd
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ee5Cdr4HpRKbvz8Cx4zRjrl3ZToSNSqpiI237eZ%2FdL%2FqvTBLSiTnb4Pu%2BSybDk4%2F8%2FXVoMeCjhmWY3XiE7E933xDIdS5ijwku4SoWT6L9sDPMsDmidmt2wiaWDkC16dYOtZPNE40dUMedAIf3A%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Thu, 07 Nov 2024 16:50:14 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9712&sent=19&recv=14&lost=0&retrans=0&sent_bytes=7435&recv_bytes=5201&delivery_rate=54234&cwnd=12000&unsent_bytes=0&cid=965662c4e1956f0f&ts=249&x=1", cfHdrFlush;dur=0
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/svg+xml;charset=utf-8
last-modified: Thu, 07 Nov 2024 16:35:14 GMT
fly-request-id: 01JC3QNRN9G12PZBT25Z7BG3QZ-lga
vary: Accept-Encoding
content-security-policy: script-src 'none';
cache-control: max-age=900, s-maxage=900
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
via: 1.1 fly.io
cf-ray: 8deebc3db9028c12-EWR
access-control-allow-origin: *
server: cloudflare

GET
H3 200 owasp_wstg
img.shields.io/twitter/follow/ 2 KB
2 KB 29ms
28ms Image
image/svg+xml 2606:4700:3035::ac43:ad59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.shields.io/twitter/follow/owasp_wstg?style=social

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:ad59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

568e348b95d4e8cb4f56cf2cd57c69883ecdf09d507cbbc1a0564b0db498832d

Security Headers

Name	Value
Content-Security-Policy	script-src 'none';

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer

Response headers

content-encoding: zstd
cf-cache-status: HIT
age: 76099
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OAgMY8GGlSPurExGyAmoTCbJc4fEg%2BqQZQsxlfGo5%2BMFW4VZewu4UJJCW04PMcSuKAnrm%2BzuqurQ%2FKr9d4nWPZF5UpH%2Bk6yJsztRsc5D8%2Bi%2B1Bch2gWDP1pgCTJhmtMUpdc1zhEtT6Ijd0N80Q%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Thu, 07 Nov 2024 19:26:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9898&sent=17&recv=13&lost=0&retrans=0&sent_bytes=5619&recv_bytes=5158&delivery_rate=46712&cwnd=12000&unsent_bytes=0&cid=965662c4e1956f0f&ts=85&x=1", cfHdrFlush;dur=0
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/svg+xml;charset=utf-8
last-modified: Wed, 06 Nov 2024 19:26:55 GMT
fly-request-id: 01JC1F3DKR683VQ0DXT7H4NGR5-lga
vary: Accept-Encoding
content-security-policy: script-src 'none';
cache-control: max-age=86400, s-maxage=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
via: 1.1 fly.io
cf-ray: 8deebc3db9118c12-EWR
access-control-allow-origin: *
server: cloudflare

GET
H2 200 1f6d1.png
github.githubassets.com/images/icons/emoji/unicode/ 1 KB
2 KB 64ms
19ms Image
image/png 185.199.109.154
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://github.githubassets.com/images/icons/emoji/unicode/1f6d1.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.109.154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-154.github.com

Software

Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

a7fe88b24e59ec7fc4baf91694591cd40c47162e2a7248773d915d1cb3d50f8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer

Response headers

content-md5: H3YA7/rd84zsNCZhwNz9OQ==
x-fastly-request-id: d3604a0395f4ba9f0a78757eaac997d648c4f305
etag: "0x8DCBC96B46070A4"
age: 0
x-cache: HIT, HIT
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/png
last-modified: Wed, 14 Aug 2024 19:24:23 GMT
x-cache-hits: 9552, 0
x-served-by: cache-iad-kjyo7100047-IAD, cache-lga21981-LGA
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1477
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0

GET
H2 200 email-decode.min.js Show response
owasp.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
841 B 14ms
11ms Script
application/javascript 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"672528e6-4d7"
x-content-type-options: nosniff
cf-ray: 8deebc3dbdef1809-EWR
expires: Sat, 09 Nov 2024 16:35:14 GMT
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: application/javascript
last-modified: Fri, 01 Nov 2024 19:15:50 GMT
vary: Accept-Encoding
server: cloudflare
x-frame-options: DENY

GET
H2 200 logo.png
owasp.org/assets/images/ 11 KB
0 1ms
1ms Image
image/png 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/logo.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8902e5836a324eae0ab281a9be7d62683e025d503ce6778cce6768fb908c1089

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: 9ebd3d1d9b2519281c4d0bb1718e22d9b0a0c243
cf-cache-status: HIT
etag: "672c4d64-2b53"
age: 145
x-content-type-options: nosniff
x-github-request-id: A878:37998:C5F23B:E34BE8:672C4FBA
expires: Thu, 07 Nov 2024 16:42:49 GMT
x-proxy-cache: MISS
x-cache: HIT
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/png
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
x-served-by: cache-lga21979-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730958224.264623,VS0,VE14
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3d0d401809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11091
x-origin-cache: HIT
server: cloudflare

GET
H2 200 80x15.png
licensebuttons.net/l/by-sa/4.0/ 434 B
0 29ms
28ms Image
image/png 2606:4700:10::6816:a79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://licensebuttons.net/l/by-sa/4.0/80x15.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:a79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f63cfda6d32f33a6e3d9b3b855826327d5f844fa83aae18df79f97d7afddf20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer

Response headers

cf-bgj: imgq:100,h2pri
etag: "5eab4a31-2a0"
age: 3557
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origSize=672
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/png
last-modified: Thu, 30 Apr 2020 21:59:13 GMT
vary: Accept-Encoding
x-frame-options: deny
cache-control: max-age=432000
cf-ray: 8deebc3dcc4872c2-EWR
accept-ranges: bytes
content-length: 434
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 fa-solid-900.woff2
owasp.org/assets/fontawesome/ 153 KB
153 KB 36ms
35ms Font
font/woff2 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/fontawesome/fa-solid-900.woff2

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9fc85f3a4544ab0d570c7f8f9bbb88db8d92c359b2707580ea8b07c75673eae2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Origin: https://owasp.org
Referer: https://owasp.org/www--site-theme/assets/css/styles.css

Response headers

x-fastly-request-id: d7e1ac31ff4350a38daf8d577d25851de747bc24
cf-cache-status: HIT
etag: "672c4d64-26350"
age: 307
x-content-type-options: nosniff
x-github-request-id: D136:2E9C39:AC3605:C322CA:672C4D6B
expires: Thu, 07 Nov 2024 16:40:07 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: font/woff2
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21982-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730956652.071928,VS0,VE25
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3dee1f1809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 156496
x-origin-cache: HIT
server: cloudflare

GET
H2 200 ubuntu-regular.woff2
owasp.org/assets/font/ 29 KB
31 KB 32ms
32ms Font
font/woff2 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/font/ubuntu-regular.woff2

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44beeee5122983409ccd274c152f020a953c769cfaf3bd13a31eb276abf5ec55

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Origin: https://owasp.org
Referer: https://owasp.org/www--site-theme/assets/css/styles.css

Response headers

x-fastly-request-id: 121dd399960c52d82ec26436889550fd8dccce78
cf-cache-status: HIT
etag: "672c4d64-7324"
age: 307
x-content-type-options: nosniff
x-github-request-id: DD16:E47B0:9F524B:B63E94:672C4D6C
expires: Thu, 07 Nov 2024 16:40:07 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: font/woff2
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21924-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730956652.073297,VS0,VE48
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3dee241809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 29476
x-origin-cache: HIT
server: cloudflare

GET
H2 200 ubuntu-medium.woff2
owasp.org/assets/font/ 28 KB
30 KB 34ms
34ms Font
font/woff2 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/font/ubuntu-medium.woff2

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8565a2bb056746aea663c4d9a0a4a85e431f07bb9d70533c6f025e44948fa458

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Origin: https://owasp.org
Referer: https://owasp.org/www--site-theme/assets/css/styles.css

Response headers

x-fastly-request-id: b4982f397a5968843b771a79f99ae53997ee11cf
cf-cache-status: HIT
etag: "672c4d64-6fa0"
age: 307
x-content-type-options: nosniff
x-github-request-id: 2467:2E9C39:AC3606:C322CB:672C4D6B
expires: Thu, 07 Nov 2024 16:40:07 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: font/woff2
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21980-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730956652.074061,VS0,VE20
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3dfe331809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 28576
x-origin-cache: HIT
server: cloudflare

GET
H2 200 fa-brands-400.woff2
owasp.org/assets/fontawesome/ 115 KB
115 KB 37ms
37ms Font
font/woff2 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/fontawesome/fa-brands-400.woff2

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a8924cd5203a28628716aedb5cef0943da4c3b44e3ffcee90ab06387b41c490

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Origin: https://owasp.org
Referer: https://owasp.org/www--site-theme/assets/css/styles.css

Response headers

x-fastly-request-id: bcc57de899eea5a37e8a9c6ce77c78ec5996aebc
cf-cache-status: HIT
etag: "672c4d64-1ca7c"
age: 307
x-content-type-options: nosniff
x-github-request-id: 9D0C:1AC35C:A45BEE:BB48BD:672C4D6B
expires: Thu, 07 Nov 2024 16:40:07 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: font/woff2
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21956-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730956652.073024,VS0,VE25
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3dfe371809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 117372
x-origin-cache: HIT
server: cloudflare

GET
H2 200 popup-data.yml Show response
owasp.org/www-project-web-security-testing-guide/assets/sitedata/ 1 KB
3 KB 66ms
66ms XHR
text/yaml 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www-project-web-security-testing-guide/assets/sitedata/popup-data.yml

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef6559103903953e244a5ffee1101b36faff6d5bd378d44a4514944b643434de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: e63f41e188627f93583448822e6c9cdb071efab7
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"671cddd2-539"
age: 0
x-content-type-options: nosniff
x-github-request-id: B44C:D586E:1510F64:17A506C:672CEC41
expires: Thu, 07 Nov 2024 16:45:14 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: text/yaml
last-modified: Sat, 26 Oct 2024 12:17:22 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21987-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=600
x-timer: S1730997314.274534,VS0,VE15
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3dfe3a1809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 661
server: cloudflare

GET
H2 200 menus.json Show response
owasp.org/www--site-theme/assets/sitedata/ 6 KB
3 KB 37ms
36ms XHR
application/json 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/sitedata/menus.json

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/jquery-3.7.1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f600f2957c3833dd8a36552a74f1f39f1da9d9ee33dfcdbbf5ab3d601ca6945

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://owasp.org/www-project-web-security-testing-guide/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01

Response headers

x-fastly-request-id: faeadd24db5effc858031ae57e77657ac56032b8
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"672002ec-17d6"
age: 202
x-content-type-options: nosniff
x-github-request-id: CDEF:25B470:160CCEA:18A2F52:672CEB55
expires: Thu, 07 Nov 2024 16:41:17 GMT
x-proxy-cache: MISS
x-cache: HIT
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: application/json; charset=utf-8
last-modified: Mon, 28 Oct 2024 21:32:28 GMT
vary: Accept-Encoding
x-cache-hits: 1
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21987-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=600
x-timer: S1730997314.337856,VS0,VE5
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3e8eb31809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1419
server: cloudflare

GET
H2 200 events.yml Show response
owasp.org/assets/sitedata/ 3 KB
2 KB 34ms
34ms XHR
text/yaml 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/sitedata/events.yml

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a66a40bc9ea9a7f1605abe9cb13f706a50665e536ac2ed79753e79b404b70a0f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: 3384378e7b0ba42dfbcb67c978332e0686fa394f
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"672c4d64-d77"
age: 202
x-content-type-options: nosniff
x-github-request-id: CEB8:16C88E:153F1A3:17D53C1:672CEB55
expires: Thu, 07 Nov 2024 16:41:17 GMT
x-proxy-cache: MISS
x-cache: HIT
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: text/yaml
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 1
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21926-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=600
x-timer: S1730997314.343753,VS0,VE2
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3e8eb51809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1499
x-origin-cache: HIT
server: cloudflare

GET
H2 200 corp_members.yml Show response
owasp.org/assets/sitedata/ 51 KB
17 KB 34ms
34ms XHR
text/yaml 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/sitedata/corp_members.yml

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d7c71b51f765e2eab5134843ed966bd2494a46e904795cbfb0dcf056ef9223e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: 39bbed445947b23342b56096528b525436dfd8c8
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"672c4d64-cb83"
age: 202
x-content-type-options: nosniff
x-github-request-id: 4028:60615:15057B4:179BA37:672CEB55
expires: Thu, 07 Nov 2024 16:41:17 GMT
x-proxy-cache: MISS
x-cache: HIT
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: text/yaml
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 1
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21988-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=600
x-timer: S1730997314.397424,VS0,VE1
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3edf091809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16956
x-origin-cache: HIT
server: cloudflare

GET
H2 200 bionic_logo_1.png
owasp.org/assets/images/corp-member-logo/ 13 KB
15 KB 34ms
30ms Image
image/png 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/bionic_logo_1.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c36fbd29afc6794854a95aa9e707574da335377067d13bc8f4ee6c8fe7036d9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: ff59625d6d3776c23a9d5d895af877b0f8c8899a
cf-cache-status: HIT
etag: "672c4d64-3538"
age: 60
x-content-type-options: nosniff
x-github-request-id: 3927:3D1777:D33D7D:F0C03C:672C511E
expires: Thu, 07 Nov 2024 16:44:14 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/png
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21962-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730957599.634104,VS0,VE16
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3f4f871809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13624
x-origin-cache: HIT
server: cloudflare

GET
H2 200 fortify__logo__normal2x_1.png
owasp.org/assets/images/corp-member-logo/ 6 KB
8 KB 43ms
39ms Image
image/png 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/fortify__logo__normal2x_1.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

286660d917d91be57df337081cabaf66fd5276596c40c8cc172133f2ce760ec6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: 698ef5e160675a838af684119e528bd7cde78394
cf-cache-status: HIT
etag: "672c4d64-18c5"
age: 461
x-content-type-options: nosniff
x-github-request-id: B07E:3C6AAF:CB9748:E91A18:672C5117
expires: Thu, 07 Nov 2024 14:48:58 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/png
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21956-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730957599.640987,VS0,VE128
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3f5f8c1809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6341
x-origin-cache: HIT
server: cloudflare

GET
H2 200 UnitedOverseasBankLogo.jpeg
owasp.org/assets/images/corp-member-logo/ 520 KB
523 KB 84ms
81ms Image
image/jpeg 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/UnitedOverseasBankLogo.jpeg

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d408a7171660ba3293b7a0ade34a5b916e9280318650f9dba5276dc691dcba32

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: 1acaecf63923619e635c3ab0adfbd455c68e9f52
cf-cache-status: REVALIDATED
etag: "672c4d64-8218e"
cf-bgj: h2pri
x-content-type-options: nosniff
x-github-request-id: 18EB:1DA3CB:C07A13:DDD4A8:672C4FBD
expires: Thu, 07 Nov 2024 16:45:14 GMT
x-proxy-cache: MISS
x-cache: HIT
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/jpeg
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21953-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730963157.693033,VS0,VE15
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3f5f8e1809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 532878
x-origin-cache: HIT
server: cloudflare

GET
H2 200 Scitum.png
owasp.org/assets/images/corp-member-logo/ 20 KB
20 KB 36ms
33ms Image
image/png 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/Scitum.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8353bfdd1cd583ffe3544362614c1a262e7d6186d557eb73606789958ce56cd6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: cd5246f0bcd376dbe1c49e1f6e859cf5ff7317b6
cf-cache-status: HIT
etag: "672c4d64-4f92"
age: 461
x-content-type-options: nosniff
x-github-request-id: 1AF3:3D1777:D5F005:F3D57D:672C5475
expires: Thu, 07 Nov 2024 14:44:39 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/png
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21991-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730958454.983459,VS0,VE13
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3f5f911809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 20370
x-origin-cache: HIT
server: cloudflare

GET
H2 200 Hitachi.png
owasp.org/assets/images/corp-member-logo/ 6 KB
6 KB 106ms
103ms Image
image/png 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/Hitachi.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e79c90608a465e63f0d9a5a8474411d82feb2bfdd4f10d71834514fa9d17f4a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: 84f2a822b1433774f11751f057c32ee22c4178fa
cf-cache-status: REVALIDATED
etag: "672c4d64-1780"
x-content-type-options: nosniff
x-github-request-id: BFA5:27F0F6:D8D3E2:F6B23C:672C5427
expires: Thu, 07 Nov 2024 16:45:14 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/png
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21977-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730958377.869107,VS0,VE11
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3f5f921809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6016
x-origin-cache: HIT
server: cloudflare

GET
H2 200 Backslash-logo.png
owasp.org/assets/images/corp-member-logo/ 6 KB
6 KB 64ms
62ms Image
image/png 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/Backslash-logo.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c2fbf87029bd0ef0f1040027dcf7d19c9a425f93a584f9cadb55e1c077af7d1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: fcdf85eda825e4f4511ecc178a01fa5fa884ebd9
cf-cache-status: REVALIDATED
etag: "672c4d64-18d0"
x-content-type-options: nosniff
x-github-request-id: F3C2:17312E:C728A3:E482C2:672C4FBD
expires: Thu, 07 Nov 2024 16:45:14 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/png
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21930-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730957245.265009,VS0,VE13
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3f5f941809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6352
x-origin-cache: HIT
server: cloudflare

GET
H2 200 promon_logo_dark.png
owasp.org/assets/images/corp-member-logo/ 4 KB
4 KB 40ms
38ms Image
image/png 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/promon_logo_dark.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11798aad6988c97fc47d924519ab3686c3f357e7978cc0f0e4678111b0cee595

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: 3d745b573813edccc925dab205616d3d6d18faa6
cf-cache-status: HIT
etag: "672c4d64-ef5"
age: 91
x-content-type-options: nosniff
x-github-request-id: FA60:3447B:D1A23D:EF0EE5:672C5052
expires: Thu, 07 Nov 2024 16:43:43 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/png
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21930-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730957394.113739,VS0,VE11
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3f5f971809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3829
x-origin-cache: HIT
server: cloudflare

GET
H2 200 salesforce.png
owasp.org/assets/images/corp-member-logo/ 6 KB
8 KB 62ms
60ms Image
image/png 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/salesforce.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

889850c939bd8424253a67211f9eda5d2939ca0126d93814bd904e0dc09538a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: 3706c97b1c2e8d4035c5fa3d015dd1c680b8ff7a
cf-cache-status: REVALIDATED
etag: "672c4d64-192e"
x-content-type-options: nosniff
x-github-request-id: B6EC:27F0F6:D49B93:F1EDEE:672C4F6B
expires: Thu, 07 Nov 2024 16:45:14 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/png
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21949-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730957163.385521,VS0,VE16
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3f5f991809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6446
x-origin-cache: HIT
server: cloudflare

GET
H2 200 tenable_logo.png
owasp.org/assets/images/corp-member-logo/ 36 KB
38 KB 38ms
36ms Image
image/png 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/tenable_logo.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66bf051c02926d6a928217c001ac52b239880dd7ae5c73346d946876274f04be

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: a6aa3e08287812b7fdfe61945f687da144f2e6c0
cf-cache-status: HIT
etag: "672c4d64-9084"
age: 465
x-content-type-options: nosniff
x-github-request-id: B999:15A173:CA73B0:E7C489:672C4F6A
expires: Thu, 07 Nov 2024 14:53:06 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/png
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21982-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730957163.368214,VS0,VE19
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3f5f9c1809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 36996
x-origin-cache: HIT
server: cloudflare

GET
H2 200 TeamSecure.png
owasp.org/assets/images/corp-member-logo/ 11 KB
11 KB 47ms
46ms Image
image/png 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/TeamSecure.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-web-security-testing-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f341123e081bdf9610c4a292290e0e988f558605e7c0c3bd4ffe4ad4a1d61968

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: 9da2e6b79f9a65c59801a04f54a42a843d93fe18
cf-cache-status: HIT
etag: "672c4d64-2aa6"
age: 406
x-content-type-options: nosniff
x-github-request-id: 46A9:28C898:AAD179:C27E8C:672C53EE
expires: Thu, 07 Nov 2024 16:38:28 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/png
last-modified: Thu, 07 Nov 2024 05:17:24 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21960-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730958319.492622,VS0,VE11
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc3f5f9f1809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10918
x-origin-cache: HIT
server: cloudflare

GET
H2 200 wstg Show response
api.github.com/repos/OWASP/ 7 KB
3 KB 169ms
98ms XHR
application/json 140.82.114.5
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://api.github.com/repos/OWASP/wstg

Requested by

Host: buttons.github.io
URL: https://buttons.github.io/buttons.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.114.5 , United States, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-114-5-iad.github.com

Software

github.com /

Resource Hash

810f06bd246846005b2278517678184d12c3cf088f1e9635b69116a138467fd7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer

Response headers

x-github-media-type: github.v3; format=json
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
content-encoding: gzip
etag: W/"9a170849374c8ea92b92fe990171638cdd21a5a2029c917317a6e1a690743134"
x-content-type-options: nosniff
x-github-request-id: B730:1A653F:A827B2:14A1D9A:672CEC42
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: application/json; charset=utf-8
vary: Accept,Accept-Encoding, Accept, X-Requested-With
last-modified: Wed, 06 Nov 2024 23:01:17 GMT
x-frame-options: deny
x-ratelimit-used: 4
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-ratelimit-resource: core
x-github-api-version-selected: 2022-11-28
cache-control: public, max-age=60, s-maxage=60
content-security-policy: default-src 'none'
x-ratelimit-reset: 1731000797
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-ratelimit-remaining: 56
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1682
x-xss-protection: 0
x-ratelimit-limit: 60
server: github.com

GET
H2 200 favicon.ico
owasp.org/www--site-theme/ 4 KB
6 KB 33ms
33ms Other
image/vnd.microsoft.icon 2606:4700:10::6816:1b4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1b4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d0d321afa7acfbbc0243bd8aa26ae79d91f9ab8560ffa5a2e76152f37499479

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.53 Safari/537.36
Referer: https://owasp.org/www-project-web-security-testing-guide/

Response headers

x-fastly-request-id: efadf9960afc7d8dbaaa6485a46a0ed5b23c8dca
content-encoding: gzip
cf-cache-status: HIT
etag: W/"672002ec-e6b"
age: 60
x-content-type-options: nosniff
x-github-request-id: CB96:2E2611:3E7869D:47DEF0B:67200574
expires: Thu, 07 Nov 2024 16:44:14 GMT
x-proxy-cache: MISS
x-cache: MISS
date: Thu, 07 Nov 2024 16:35:14 GMT
content-type: image/vnd.microsoft.icon
last-modified: Mon, 28 Oct 2024 21:32:28 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-served-by: cache-lga21969-LGA
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
cache-control: max-age=14400
x-timer: S1730151797.423310,VS0,VE15
referrer-policy: same-origin
via: 1.1 varnish
cf-ray: 8deebc4058bf1809-EWR
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3719
x-origin-cache: HIT
server: cloudflare

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://.fontawesome.com https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' https://.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.github.com
buttons.github.io
github.githubassets.com
img.shields.io
licensebuttons.net
owasp.org
www.google-analytics.com
140.82.114.5
185.199.109.154
2606:4700:10::6816:1b4d
2606:4700:10::6816:a79
2606:4700:3035::ac43:ad59
2606:50c0:8003::153
2607:f8b0:400d:c07::64
029876b4197ec6db9c4a77b6020c2bfe5dfc5f4dbfc9ab046b0fc710d05d328d
11798aad6988c97fc47d924519ab3686c3f357e7978cc0f0e4678111b0cee595
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
286660d917d91be57df337081cabaf66fd5276596c40c8cc172133f2ce760ec6
3a8924cd5203a28628716aedb5cef0943da4c3b44e3ffcee90ab06387b41c490
3c36fbd29afc6794854a95aa9e707574da335377067d13bc8f4ee6c8fe7036d9
3d0d321afa7acfbbc0243bd8aa26ae79d91f9ab8560ffa5a2e76152f37499479
44beeee5122983409ccd274c152f020a953c769cfaf3bd13a31eb276abf5ec55
4f63cfda6d32f33a6e3d9b3b855826327d5f844fa83aae18df79f97d7afddf20
53d3b023092e049484c4e39ce6f50d1b8dd10074795e66da06e1140792a91d9a
568e348b95d4e8cb4f56cf2cd57c69883ecdf09d507cbbc1a0564b0db498832d
582cc085dd8fea044917d1efde838e77e845262fd025bbfe0339f808607c81f6
5d7c71b51f765e2eab5134843ed966bd2494a46e904795cbfb0dcf056ef9223e
66bf051c02926d6a928217c001ac52b239880dd7ae5c73346d946876274f04be
7c2fbf87029bd0ef0f1040027dcf7d19c9a425f93a584f9cadb55e1c077af7d1
810f06bd246846005b2278517678184d12c3cf088f1e9635b69116a138467fd7
8353bfdd1cd583ffe3544362614c1a262e7d6186d557eb73606789958ce56cd6
8565a2bb056746aea663c4d9a0a4a85e431f07bb9d70533c6f025e44948fa458
889850c939bd8424253a67211f9eda5d2939ca0126d93814bd904e0dc09538a9
8902e5836a324eae0ab281a9be7d62683e025d503ce6778cce6768fb908c1089
8e79c90608a465e63f0d9a5a8474411d82feb2bfdd4f10d71834514fa9d17f4a
8f600f2957c3833dd8a36552a74f1f39f1da9d9ee33dfcdbbf5ab3d601ca6945
9fc85f3a4544ab0d570c7f8f9bbb88db8d92c359b2707580ea8b07c75673eae2
a66a40bc9ea9a7f1605abe9cb13f706a50665e536ac2ed79753e79b404b70a0f
a7fe88b24e59ec7fc4baf91694591cd40c47162e2a7248773d915d1cb3d50f8f
b7f9972b318f3f0816c202e281dfacace681f7a35d4d3df782147f2b65a6cf43
b8ccdf0e45f181fc04f0d202779fff71aa76f27f0428a792e0e6f13fe1d0b085
cbe2121765e2f3e921a42bcb9b0c78635b68cee1dccd1b1ec31089b9382ff514
d408a7171660ba3293b7a0ade34a5b916e9280318650f9dba5276dc691dcba32
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e32de241d7203d0537805c67944b306dc733e7d36d9640149d63a5d2ee62dbbc
eb9dffbab4d4ef9127d97d49b00aba034096ecb1ea18fb98f75b12e6886d802f
ed7e8da42fa22f5800e6c44885da4b2633e9996ed1b2bb55b2ddd722afba4973
ef6559103903953e244a5ffee1101b36faff6d5bd378d44a4514944b643434de
f341123e081bdf9610c4a292290e0e988f558605e7c0c3bd4ffe4ad4a1d61968
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

owasp.org Open in urlscan Pro 2606:4700:10::6816:1b4d Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

38 Requests

100 %HTTPS

71 %IPv6

7 Domains

7 Subdomains

7 IPs

1 Countries

1158 kBTransfer

1498 kBSize

0 Cookies

40 Outgoing links

Redirected requests

38 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

owasp.org Open in urlscan Pro
2606:4700:10::6816:1b4d Public Scan

Screenshot
Live screenshot

Full Image

38
Requests

100 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

7
IPs

1
Countries

1158 kB
Transfer

1498 kB
Size

0
Cookies

38 HTTP transactions
0 data transactions