URL: https://hackerone.com/reports/1065517
Submission: On November 22 via api from DE — Scanned from DE

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 52 HTTP transactions. The main IP is 2606:4700::6810:6334, located in United States and belongs to CLOUDFLARENET, US. The main domain is hackerone.com. The Cisco Umbrella rank of the primary domain is 96350.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 21st 2022. Valid for: a year.
This is the only time hackerone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification


Live information

Domain & IP information

IP Address AS Autonomous System
43 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2600:1f18:24e... 14618 (AMAZON-AES)
2 2600:9000:205... 16509 (AMAZON-02)
52 5
Subject Issuer Validity Valid
hackerone.com
DigiCert SHA2 Extended Validation Server CA
2022-02-21 -
2023-03-24
a year crt.sh
errors.hackerone.net
DigiCert SHA2 Extended Validation Server CA
2022-01-12 -
2023-02-12
a year crt.sh
*.browser-intake-datadoghq.com
DigiCert TLS RSA SHA256 2020 CA1
2022-07-21 -
2023-07-22
a year crt.sh
profile-photos.hackerone-user-content.com
Amazon
2022-05-16 -
2023-06-14
a year crt.sh

This page contains 1 frames:

Primary Page: https://hackerone.com/reports/1065517
Frame ID: E671F88B0D6BAACCB1A7CF664244FE65
Requests: 53 HTTP requests in this frame

Screenshot

Page Title

#1065517 h1 hacky holidays CTF solution

Page Statistics

52
Requests

92 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

5
IPs

1
Countries

2000 kB
Transfer

6415 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

52 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request 1065517
hackerone.com/reports/
4 KB
3 KB
Document
General
Full URL
https://hackerone.com/reports/1065517
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eca6b4ed3813b40b1c7769cb4dec3f8f636526da3efa6e8a18768cffd89db2b8
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu 'nonce-0GUVyv3FvFkCtH4RG9ieeItFwCRCIvS9NfpWwwPE33w=' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
cf-cache-status
DYNAMIC
cf-ray
76e49308d9d89220-FRA
content-disposition
inline; filename="response.html"
content-encoding
br
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu 'nonce-0GUVyv3FvFkCtH4RG9ieeItFwCRCIvS9NfpWwwPE33w=' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
content-type
text/html; charset=utf-8
date
Tue, 22 Nov 2022 20:56:54 GMT
etag
W/"eca6b4ed3813b40b1c7769cb4dec3f8f"
expect-ct
enforce, max-age=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-request-id
ff614b81-9f41-47ee-ad46-ea5c2d2b60e5
x-xss-protection
1; mode=block
vendor.8b11831d.css
hackerone.com/assets/static/css/
21 KB
3 KB
Stylesheet
General
Full URL
https://hackerone.com/assets/static/css/vendor.8b11831d.css
Requested by
Host: hackerone.com
URL: https://hackerone.com/reports/1065517
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36187916bcf2c2c53d9ea7d03eef30aa6e67c12b2c8a47b0051d2c231d7f524e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hackerone.com/reports/1065517
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
1587529
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 04 Nov 2022 11:05:00 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e4930aedab9220-FRA
expires
Fri, 23 Dec 2022 20:56:54 GMT
main.73d2bece.css
hackerone.com/assets/static/css/
652 KB
115 KB
Stylesheet
General
Full URL
https://hackerone.com/assets/static/css/main.73d2bece.css
Requested by
Host: hackerone.com
URL: https://hackerone.com/reports/1065517
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce7e14cdd33fbb0952afcb6a2cfc9c3e6f1a4f9c09d9f2a11f14efe420416863
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hackerone.com/reports/1065517
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2827
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 22 Nov 2022 20:08:49 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e4930aedae9220-FRA
expires
Fri, 23 Dec 2022 20:56:54 GMT
constants-d5d813179af273d579530eb45e4be7bde6055112045d869b04990918bae45ced.js
hackerone.com/assets/
55 KB
20 KB
Script
General
Full URL
https://hackerone.com/assets/constants-d5d813179af273d579530eb45e4be7bde6055112045d869b04990918bae45ced.js
Requested by
Host: hackerone.com
URL: https://hackerone.com/reports/1065517
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5d813179af273d579530eb45e4be7bde6055112045d869b04990918bae45ced
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hackerone.com/reports/1065517
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2826
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 22 Nov 2022 19:36:12 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e4930aedb09220-FRA
expires
Fri, 23 Dec 2022 20:56:54 GMT
vendor.2679f10e.js
hackerone.com/assets/static/js/
3 MB
763 KB
Script
General
Full URL
https://hackerone.com/assets/static/js/vendor.2679f10e.js
Requested by
Host: hackerone.com
URL: https://hackerone.com/reports/1065517
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9da6a61d269c5275ec62afc530207db413af71895c0fefecc00ad68200b71d9
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hackerone.com/reports/1065517
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
15674
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 22 Nov 2022 16:34:10 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e4930aedb39220-FRA
expires
Fri, 23 Dec 2022 20:56:54 GMT
main.c092562d.js
hackerone.com/assets/static/js/
2 MB
433 KB
Script
General
Full URL
https://hackerone.com/assets/static/js/main.c092562d.js
Requested by
Host: hackerone.com
URL: https://hackerone.com/reports/1065517
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3f4c9d87ef28763fb0e6fffb50c73865780ad0c9d74786b812f1f7e26a0982b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hackerone.com/reports/1065517
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2829
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 22 Nov 2022 20:08:49 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e4930aedb49220-FRA
expires
Fri, 23 Dec 2022 20:56:54 GMT
/
errors.hackerone.net/api/30/security/
0
501 B
Other
General
Full URL
https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Requested by
Host: hackerone.com
URL: https://hackerone.com/reports/1065517
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:eb35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; block-all-mixed-content; form-action 'none'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/34/csp-report/?sentry_key=959b5f6ed24d477c928e8dd455cc5071
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 22 Nov 2022 20:56:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'none'; block-all-mixed-content; form-action 'none'; frame-ancestors 'none'; report-uri https://errors.hackerone.net/api/34/csp-report/?sentry_key=959b5f6ed24d477c928e8dd455cc5071
server
cloudflare
x-frame-options
DENY
vary
Origin
access-control-allow-origin
https://hackerone.com
access-control-expose-headers
retry-after, x-sentry-error, x-sentry-rate-limits
cf-ray
76e4930bdf4d9180-FRA
content-length
0
x-xss-protection
1; mode=block
gates
hackerone.com/
2 B
2 KB
XHR
General
Full URL
https://hackerone.com/gates
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://hackerone.com/reports/1065517
X-CSRF-Token
X8aGaPGPsiMDwuv/ETEokAT7tx8G7tRu4njjeppBVehQ4x7Lz4rasvAaWWi480nV8r1gi4NCU75CT/w5G0EkKA==
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
content-disposition
inline; filename="response.json"
x-xss-protection
1; mode=block
x-request-id
3a42b956-4414-4e24-a9d4-c156891396d3
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"44136fa355b3678a1146ad16f7e8649e"
x-download-options
noopen
vary
Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e4930e3b8d9220-FRA
graphql
hackerone.com/
11 KB
2 KB
Fetch
General
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
525abedf37e69e2ddc1721a87b1c6b97818f7ec98e9253a809829e1f3fa1de8c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-csrf-token
X8aGaPGPsiMDwuv/ETEokAT7tx8G7tRu4njjeppBVehQ4x7Lz4rasvAaWWi480nV8r1gi4NCU75CT/w5G0EkKA==
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
content-type
application/json
x-product-feature
other
accept
*/*
x-product-area
other
Referer
https://hackerone.com/reports/1065517

Response headers

date
Tue, 22 Nov 2022 20:56:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
90b9154b-2ba3-452a-a626-19d75bcecd3c
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"525abedf37e69e2ddc1721a87b1c6b97"
x-download-options
noopen
vary
Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e493108f239220-FRA
graphql
hackerone.com/
245 B
1 KB
Fetch
General
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2747da8457f0833a19367dd967e49c9195aca71790ca63c12982ed1ce36cc222
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-csrf-token
X8aGaPGPsiMDwuv/ETEokAT7tx8G7tRu4njjeppBVehQ4x7Lz4rasvAaWWi480nV8r1gi4NCU75CT/w5G0EkKA==
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
content-type
application/json
x-product-feature
other
accept
*/*
x-product-area
other
Referer
https://hackerone.com/reports/1065517

Response headers

date
Tue, 22 Nov 2022 20:56:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
828b6c53-4d5b-414d-8332-82e580d7d438
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"2747da8457f0833a19367dd967e49c91"
x-download-options
noopen
vary
Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e493108f269220-FRA
6335.167aa746.chunk.js
hackerone.com/assets/static/js/
506 B
1 KB
Script
General
Full URL
https://hackerone.com/assets/static/js/6335.167aa746.chunk.js
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.c092562d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0bf8cb7ad4a9ac449d9b0611c99eec42cd89b52ff8ee2576a0559c0217e8044
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hackerone.com/reports/1065517
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2286079
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 27 Oct 2022 09:12:19 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e4931639449220-FRA
expires
Fri, 23 Dec 2022 20:56:56 GMT
9261.b5134e6c.chunk.js
hackerone.com/assets/static/js/
2 KB
715 B
Script
General
Full URL
https://hackerone.com/assets/static/js/9261.b5134e6c.chunk.js
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/main.c092562d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1628118957d7a2a45f78ca1e22852070e2e89bded736f19ecdf2400ee3818057
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hackerone.com/reports/1065517
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
679323
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 15 Nov 2022 00:13:52 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e4931639489220-FRA
expires
Fri, 23 Dec 2022 20:56:56 GMT
chevron-left.a035abc1dda32a1b506721df22dadee4.svg
hackerone.com/assets/static/media/
161 B
238 B
XHR
General
Full URL
https://hackerone.com/assets/static/media/chevron-left.a035abc1dda32a1b506721df22dadee4.svg
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
66a1750b4eaba9bc9006423272119330f9391be376bbf1dbc8c57e3ca0ad8cc6
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
3196920104718559219
x-datadog-trace-id
2003493734692606130
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2067818
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 27 Oct 2022 19:14:22 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/svg+xml
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e49316394a9220-FRA
expires
Fri, 23 Dec 2022 20:56:56 GMT
1065517.json
hackerone.com/reports/
55 KB
19 KB
XHR
General
Full URL
https://hackerone.com/reports/1065517.json
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71c3f1611cd9a00825f9e2416c3d0a7510119a272e7e0b8f039ec7f264a4c5fd
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

X-CSRF-Token
X8aGaPGPsiMDwuv/ETEokAT7tx8G7tRu4njjeppBVehQ4x7Lz4rasvAaWWi480nV8r1gi4NCU75CT/w5G0EkKA==
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://hackerone.com/reports/1065517
X-Requested-With
XMLHttpRequest
x-datadog-parent-id
4351765012958476613
x-datadog-trace-id
3474357399634905712

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
content-disposition
inline; filename="response.json"
x-xss-protection
1; mode=block
x-request-id
647480b7-9050-4a47-a37a-a11f5a52777c
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"71c3f1611cd9a00825f9e2416c3d0a75"
x-download-options
noopen
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e49316aa169220-FRA
sidebar-expand.8715a037a403b68aea530265e6ba4dd9.svg
hackerone.com/assets/static/media/
304 B
271 B
XHR
General
Full URL
https://hackerone.com/assets/static/media/sidebar-expand.8715a037a403b68aea530265e6ba4dd9.svg
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29184e7e7ab81e3a3a03b7878c141d52a2102e6c8fb28525037f97e3e4005ad0
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
5068792557023422396
x-datadog-trace-id
2225098262176474031
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2062855
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 27 Oct 2022 19:14:22 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/svg+xml
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e49316aa2c9220-FRA
expires
Fri, 23 Dec 2022 20:56:56 GMT
graphql
hackerone.com/
698 B
2 KB
Fetch
General
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a28e6430649e97c8990a7d78869f0f5058c93a017ab17cc5ebf884273bc4f78
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-csrf-token
X8aGaPGPsiMDwuv/ETEokAT7tx8G7tRu4njjeppBVehQ4x7Lz4rasvAaWWi480nV8r1gi4NCU75CT/w5G0EkKA==
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1
content-type
application/json
x-product-feature
other
accept
*/*
x-product-area
other
Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
3567133781383214549
x-datadog-trace-id
644169055878448788

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
74f0c991-a8e0-4a59-994e-9d61db5a34aa
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"2a28e6430649e97c8990a7d78869f0f5"
x-download-options
noopen
vary
Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e49316ba399220-FRA
graphql
hackerone.com/
397 B
2 KB
Fetch
General
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7df27b6a21c75101bae610a208de823062837ae7c9c816c972f732858f0e429
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-csrf-token
X8aGaPGPsiMDwuv/ETEokAT7tx8G7tRu4njjeppBVehQ4x7Lz4rasvAaWWi480nV8r1gi4NCU75CT/w5G0EkKA==
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1
content-type
application/json
x-product-feature
other
accept
*/*
x-product-area
other
Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
7174471373783794876
x-datadog-trace-id
418366327476122281

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
d2b39af4-5624-49b2-8d15-779719b9157d
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"f7df27b6a21c75101bae610a208de823"
x-download-options
noopen
vary
Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e49316ba3e9220-FRA
events
hackerone.com/
32 B
2 KB
Fetch
General
Full URL
https://hackerone.com/events
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
815b69b828e2756ab81ee652d5a7179399f5f845ee5cf662a68257020e5764c3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1
Content-Type
application/json
Accept
*/*
Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
5596720646785621981
x-datadog-trace-id
8310212826850053548

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
301ea38e-7069-49ab-9a01-0e36d940cda6
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"815b69b828e2756ab81ee652d5a71793"
x-download-options
noopen
vary
Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e49316ba3f9220-FRA
truncated
/
161 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
77a39b17916dc620e07d86cc1fef024e93f607ca39e4a2ee957755648c5ee80c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
Poppins-SemiBold.cce5625b56ec678e4202.ttf
hackerone.com/assets/static/media/
152 KB
152 KB
Font
General
Full URL
https://hackerone.com/assets/static/media/Poppins-SemiBold.cce5625b56ec678e4202.ttf
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.73d2bece.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf9c1ff640acc8bb5441a9b564360943f9db90969742aa33a36329b2828d2759
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/assets/static/css/main.73d2bece.css
Origin
https://hackerone.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
529341
content-length
155192
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 16 Nov 2022 11:33:24 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/octet-stream
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
76e49316ca5b9220-FRA
expires
Fri, 23 Dec 2022 20:56:56 GMT
Poppins-Regular.8081832fc5cfbf634aa6.ttf
hackerone.com/assets/static/media/
154 KB
155 KB
Font
General
Full URL
https://hackerone.com/assets/static/media/Poppins-Regular.8081832fc5cfbf634aa6.ttf
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.73d2bece.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/assets/static/css/main.73d2bece.css
Origin
https://hackerone.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2060991
content-length
158192
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 27 Oct 2022 19:14:22 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/octet-stream
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
76e49316ea899220-FRA
expires
Fri, 23 Dec 2022 20:56:56 GMT
UbuntuMono-Bold.e7cc8f5c505bc1717762.ttf
hackerone.com/assets/static/media/
170 KB
170 KB
Font
General
Full URL
https://hackerone.com/assets/static/media/UbuntuMono-Bold.e7cc8f5c505bc1717762.ttf
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.73d2bece.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1febee51defc0145669117eae46e891ca4e3e4b9836cfe494c822062d300fa2b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/assets/static/css/main.73d2bece.css
Origin
https://hackerone.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
1401069
content-length
174008
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Sun, 06 Nov 2022 10:15:43 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/octet-stream
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
76e49316ea8c9220-FRA
expires
Fri, 23 Dec 2022 20:56:56 GMT
logo-white.32021b7f9d0cc11235a5f8fb15c91697.svg
hackerone.com/assets/static/media/
6 KB
3 KB
Image
General
Full URL
https://hackerone.com/assets/static/media/logo-white.32021b7f9d0cc11235a5f8fb15c91697.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d04d9b6203e0a41075d3283ef1ba7e4786bd6964d0b6006f6fbfad2aefbecb99
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hackerone.com/reports/1065517
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2067817
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 27 Oct 2022 19:14:22 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/svg+xml
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e49316ea8e9220-FRA
expires
Fri, 23 Dec 2022 20:56:56 GMT
notifications
hackerone.com/
49 B
680 B
XHR
General
Full URL
https://hackerone.com/notifications
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9150fbd683b9c553d2881b9d1ea04168329e5a2cd999ce0ec99ee34b8eab678
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

X-CSRF-Token
X8aGaPGPsiMDwuv/ETEokAT7tx8G7tRu4njjeppBVehQ4x7Lz4rasvAaWWi480nV8r1gi4NCU75CT/w5G0EkKA==
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1
Content-Type
application/x-www-form-urlencoded; charset=UTF-8
Accept
*/*
Referer
https://hackerone.com/reports/1065517
X-Requested-With
XMLHttpRequest
x-datadog-parent-id
4117992757049115272
x-datadog-trace-id
5491831186685143351

Response headers

date
Tue, 22 Nov 2022 20:56:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
x-xss-protection
1; mode=block
x-request-id
11c2a08d-dd62-4dd1-b00b-4d79893ed6ea
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
content-type
*/*; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-cache
cf-ray
76e4931b192b9220-FRA
participants
hackerone.com/reports/1065517/
2 KB
2 KB
XHR
General
Full URL
https://hackerone.com/reports/1065517/participants
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a3a46e0064b29a87f276c188d88412fdebc25bc9c577681c243f0d22356d22a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

X-CSRF-Token
X8aGaPGPsiMDwuv/ETEokAT7tx8G7tRu4njjeppBVehQ4x7Lz4rasvAaWWi480nV8r1gi4NCU75CT/w5G0EkKA==
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://hackerone.com/reports/1065517
X-Requested-With
XMLHttpRequest
x-datadog-parent-id
8370760162405599412
x-datadog-trace-id
1570840551104165368

Response headers

date
Tue, 22 Nov 2022 20:56:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
content-disposition
inline; filename="response.json"
x-xss-protection
1; mode=block
x-request-id
0f7af719-7671-4d0d-9afb-5154e64d8109
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"6a3a46e0064b29a87f276c188d88412f"
x-download-options
noopen
vary
Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e4931b19329220-FRA
baseline_arrow_drop_up.5019adc68b4ed2e827b0ba9395f0f815.svg
hackerone.com/assets/static/media/
451 B
364 B
XHR
General
Full URL
https://hackerone.com/assets/static/media/baseline_arrow_drop_up.5019adc68b4ed2e827b0ba9395f0f815.svg
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1858984bd0041e7013109298629cbba60b3ff6b12258cfd60572fbf77e713f84
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
7643796070426975661
x-datadog-trace-id
3261214374104770586
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2067553
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 27 Oct 2022 19:14:22 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/svg+xml
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e4931b39789220-FRA
expires
Fri, 23 Dec 2022 20:56:56 GMT
graphql
hackerone.com/
0
0

graphql
hackerone.com/
318 B
2 KB
Fetch
General
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
436c092ce369d3fbe228fd19b55d65a145b2c10c7baa830aa9714cc235e949a4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-csrf-token
X8aGaPGPsiMDwuv/ETEokAT7tx8G7tRu4njjeppBVehQ4x7Lz4rasvAaWWi480nV8r1gi4NCU75CT/w5G0EkKA==
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1
content-type
application/json
x-product-feature
other
accept
*/*
x-product-area
other
Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
6791751135692118516
x-datadog-trace-id
8445376487317564291

Response headers

date
Tue, 22 Nov 2022 20:56:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
991d057e-f736-4c1f-b7b2-757b41c5e030
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"436c092ce369d3fbe228fd19b55d65a1"
x-download-options
noopen
vary
Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e4931b398d9220-FRA
graphql
hackerone.com/
745 B
2 KB
Fetch
General
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0476d04d1bbbe96b4452bb0449b76986e2c05996056d80ce894fad178a52441b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-csrf-token
X8aGaPGPsiMDwuv/ETEokAT7tx8G7tRu4njjeppBVehQ4x7Lz4rasvAaWWi480nV8r1gi4NCU75CT/w5G0EkKA==
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1
content-type
application/json
x-product-feature
other
accept
*/*
x-product-area
other
Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
6684018759419807182
x-datadog-trace-id
4826825296480373921

Response headers

date
Tue, 22 Nov 2022 20:56:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
58a77dec-cf62-4fe1-b82d-4d480a923642
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"0476d04d1bbbe96b4452bb0449b76986"
x-download-options
noopen
vary
Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e4931b398e9220-FRA
effra-regular.58638933bea19af32939.woff
hackerone.com/assets/static/media/
26 KB
26 KB
Font
General
Full URL
https://hackerone.com/assets/static/media/effra-regular.58638933bea19af32939.woff
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.73d2bece.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
447f89ebd0d856515058930185bfe0eb54716368f39d2be50bde10bb296e8e89
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/assets/static/css/main.73d2bece.css
Origin
https://hackerone.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2067817
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 27 Oct 2022 19:14:22 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/font-woff
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e4931b49a79220-FRA
expires
Fri, 23 Dec 2022 20:56:56 GMT
hackerone.28988fd0c3628ca2df69.ttf
hackerone.com/assets/static/media/
10 KB
10 KB
Font
General
Full URL
https://hackerone.com/assets/static/media/hackerone.28988fd0c3628ca2df69.ttf
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.73d2bece.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac29c7c90220cf0e4ac4bcf95ffb5249c9d075ac3c97e2e29f80926ff400863b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/assets/static/css/main.73d2bece.css
Origin
https://hackerone.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2067817
content-length
10596
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 27 Oct 2022 19:14:22 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/octet-stream
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
76e4931b49b19220-FRA
expires
Fri, 23 Dec 2022 20:56:56 GMT
effra-medium.21ad2cc3831b535ed009.woff
hackerone.com/assets/static/media/
24 KB
24 KB
Font
General
Full URL
https://hackerone.com/assets/static/media/effra-medium.21ad2cc3831b535ed009.woff
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.73d2bece.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93102c54e14f85b42e97b24077e6cd2fc83d9be4b7a659bece4568d7af47863c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/assets/static/css/main.73d2bece.css
Origin
https://hackerone.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2067817
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 27 Oct 2022 19:14:22 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/font-woff
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e4931b49b39220-FRA
expires
Fri, 23 Dec 2022 20:56:56 GMT
rum
rum.browser-intake-datadoghq.com/api/v2/
53 B
239 B
Fetch
General
Full URL
https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.24.0%2Cenv%3Aproduction%2Cservice%3Acore%2Cversion%3A182ec773ba4bc3bf742d6aa87247e5185103b3d8&dd-api-key=pub5197cece87412c3d9702c8fa913a829d&dd-evp-origin-version=4.24.0&dd-evp-origin=browser&dd-request-id=cc2e16e9-c39a-4850-8ce3-984a25323351&batch_time=1669150616903
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b900:61fd:bb28:a027:cc4a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
f37654e527dd758f76d528626a320b8b52656e54f09821857b253f7a4f0ca965
Security Headers
Name Value
Strict-Transport-Security max-age=15724800;
X-Content-Type-Options nosniff

Request headers

Referer
https://hackerone.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 22 Nov 2022 20:56:57 GMT
strict-transport-security
max-age=15724800;
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
content-length
53
content-type
application/json
edit.0d86487cdb411dca795307bacf71c61d.svg
hackerone.com/assets/static/media/
276 B
959 B
XHR
General
Full URL
https://hackerone.com/assets/static/media/edit.0d86487cdb411dca795307bacf71c61d.svg
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f5ab1c0873416012a02bf62b119978c922dcec241b60eeeda727559e536b7dd
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
4515628821275877251
x-datadog-trace-id
2834160210012835281
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1

Response headers

date
Tue, 22 Nov 2022 20:56:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
1033853
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 10 Nov 2022 21:13:54 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/svg+xml
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e4931bfac69220-FRA
expires
Fri, 23 Dec 2022 20:56:56 GMT
plus-light.8c4f2f9e022ea6e2b184bd898aab3cab.svg
hackerone.com/assets/static/media/
251 B
508 B
XHR
General
Full URL
https://hackerone.com/assets/static/media/plus-light.8c4f2f9e022ea6e2b184bd898aab3cab.svg
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
abf812db4242d3e4f93c1de48dfa58dec2fc39b9611ccf8ac34549ff78f89856
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
7787747725280231025
x-datadog-trace-id
6609351015292111304
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1

Response headers

date
Tue, 22 Nov 2022 20:56:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
538595
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 16 Nov 2022 11:33:24 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/svg+xml
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e4931bface9220-FRA
expires
Fri, 23 Dec 2022 20:56:56 GMT
graphql
hackerone.com/
11 KB
2 KB
Fetch
General
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
730216c8b8ccec2d27589f46978b9db590e29423a3ef82470cb53e0cf70d5dd4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-csrf-token
X8aGaPGPsiMDwuv/ETEokAT7tx8G7tRu4njjeppBVehQ4x7Lz4rasvAaWWi480nV8r1gi4NCU75CT/w5G0EkKA==
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1
content-type
application/json
x-product-feature
other
accept
*/*
x-product-area
other
Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
3845302028781656963
x-datadog-trace-id
366901898173457095

Response headers

date
Tue, 22 Nov 2022 20:56:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
0f925dff-7641-4124-bc8c-d04efa751265
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"730216c8b8ccec2d27589f46978b9db5"
x-download-options
noopen
vary
Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e4931c1afc9220-FRA
graphql
hackerone.com/
3 KB
2 KB
Fetch
General
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
796797e64cf15429967a4d189a04cf464f51f4a60440c6321561b09184c6d12b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-csrf-token
X8aGaPGPsiMDwuv/ETEokAT7tx8G7tRu4njjeppBVehQ4x7Lz4rasvAaWWi480nV8r1gi4NCU75CT/w5G0EkKA==
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1
content-type
application/json
x-product-feature
other
accept
*/*
x-product-area
other
Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
6103972952795666832
x-datadog-trace-id
6153612405538990284

Response headers

date
Tue, 22 Nov 2022 20:56:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
3f08d2f9-1d74-4027-98dc-bb6930a9902d
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"796797e64cf15429967a4d189a04cf46"
x-download-options
noopen
vary
Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e4931c1afe9220-FRA
clear-verified-icon.f9f1b25a3dbe0eb4ab8f66bafe13cbf7.svg
hackerone.com/assets/static/media/
2 KB
1 KB
XHR
General
Full URL
https://hackerone.com/assets/static/media/clear-verified-icon.f9f1b25a3dbe0eb4ab8f66bafe13cbf7.svg
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9c75bfe6f45fc3e1404e45a17c1843b64c32cf6f6d083ce37ad0fe7a4a9ce07
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
8381942443812912524
x-datadog-trace-id
5198334440935110305
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1

Response headers

date
Tue, 22 Nov 2022 20:56:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2066142
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 27 Oct 2022 19:14:22 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/svg+xml
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e4931d2cc19220-FRA
expires
Fri, 23 Dec 2022 20:56:57 GMT
default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png
hackerone.com/assets/avatars/
5 KB
6 KB
Image
General
Full URL
https://hackerone.com/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hackerone.com/reports/1065517
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:57 GMT
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2059145
cf-polished
status=not_needed
content-length
4711
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
cf-bgj
imgq:100,h2pri
last-modified
Tue, 20 Sep 2022 20:09:07 GMT
server
cloudflare
expect-ct
enforce, max-age=86400
x-download-options
noopen
x-frame-options
DENY
content-type
image/png
vary
Accept-Encoding
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
76e4931d2cc79220-FRA
expires
Fri, 23 Dec 2022 20:56:57 GMT
866ee71cd31a762660c292f5a83c460018409d8ecb48c41a0a6a99f85339baf4
profile-photos.hackerone-user-content.com/variants/000/002/413/ab3559068530ebd67a8224a9da7821be178dda07_original.png/
9 KB
9 KB
Image
General
Full URL
https://profile-photos.hackerone-user-content.com/variants/000/002/413/ab3559068530ebd67a8224a9da7821be178dda07_original.png/866ee71cd31a762660c292f5a83c460018409d8ecb48c41a0a6a99f85339baf4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ec00:4:4c7d:87c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
af53a7efb63a50dff80a511f7ccf876f356fa5a02b370d2bb5953974fd15884f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hackerone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-amz-version-id
bfqUKJBBIoBAUl5WDI.rJhEdxb7X7d8H
date
Tue, 22 Nov 2022 20:46:29 GMT
via
1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
629
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
8994
last-modified
Wed, 07 Sep 2022 10:27:19 GMT
server
AmazonS3
etag
"fd96fecdb48d9ef2a4d2d4d635343f37"
vary
Accept-Encoding
content-type
image/png
accept-ranges
bytes
x-amz-cf-id
mtJu_XefYUP-T7zR0lSR-OR6kR2HIvuKXKY-SZ3AqUP5rg0KQrUIkg==
default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png
hackerone.com/assets/avatars/
5 KB
6 KB
Image
General
Full URL
https://hackerone.com/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hackerone.com/reports/1065517
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:57 GMT
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2059145
cf-polished
status=not_needed
content-length
4711
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
cf-bgj
imgq:100,h2pri
last-modified
Tue, 20 Sep 2022 20:09:07 GMT
server
cloudflare
expect-ct
enforce, max-age=86400
x-download-options
noopen
x-frame-options
DENY
content-type
image/png
vary
Accept-Encoding
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
76e4931dddc79220-FRA
expires
Fri, 23 Dec 2022 20:56:57 GMT
more_vert-24px.5836aa97c64814de21ea46543b347aa4.svg
hackerone.com/assets/static/media/
283 B
270 B
XHR
General
Full URL
https://hackerone.com/assets/static/media/more_vert-24px.5836aa97c64814de21ea46543b347aa4.svg
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f59e208f5babcf58c07505356ca1f109a9e1972e839b991dff19f709a28eeba
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
1346780428312928482
x-datadog-trace-id
560284090907004486
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1

Response headers

date
Tue, 22 Nov 2022 20:56:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2066142
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 27 Oct 2022 19:14:22 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/svg+xml
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
cf-ray
76e4931e1e369220-FRA
expires
Fri, 23 Dec 2022 20:56:57 GMT
graphql
hackerone.com/
337 B
1 KB
Fetch
General
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50a591955ad027c42c39dd72929bbc0dad6bdb884b8b056cd06ea219a902a8c0
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-csrf-token
X8aGaPGPsiMDwuv/ETEokAT7tx8G7tRu4njjeppBVehQ4x7Lz4rasvAaWWi480nV8r1gi4NCU75CT/w5G0EkKA==
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1
content-type
application/json
x-product-feature
other
accept
*/*
x-product-area
other
Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
48417191932205150
x-datadog-trace-id
4819496543898981384

Response headers

date
Tue, 22 Nov 2022 20:56:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
60c7be80-617f-4cab-92af-e10643626bac
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"50a591955ad027c42c39dd72929bbc0d"
x-download-options
noopen
vary
Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e4931e1e3b9220-FRA
graphql
hackerone.com/
76 KB
18 KB
Fetch
General
Full URL
https://hackerone.com/graphql
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74623a560ddec40a07e92ba1ae2b7ae61acebe8cfc43d1442d87af49ac0bcc6c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-csrf-token
X8aGaPGPsiMDwuv/ETEokAT7tx8G7tRu4njjeppBVehQ4x7Lz4rasvAaWWi480nV8r1gi4NCU75CT/w5G0EkKA==
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1
content-type
application/json
x-product-feature
other
accept
*/*
x-product-area
other
Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
4397137531030108191
x-datadog-trace-id
5239438470148710756

Response headers

date
Tue, 22 Nov 2022 20:56:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
df856b6d-f805-4d64-b342-457c2fc5313e
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"74623a560ddec40a07e92ba1ae2b7ae6"
x-download-options
noopen
vary
Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e4931e1e439220-FRA
rum
rum.browser-intake-datadoghq.com/api/v2/
53 B
238 B
Fetch
General
Full URL
https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.24.0%2Cenv%3Aproduction%2Cservice%3Acore%2Cversion%3A182ec773ba4bc3bf742d6aa87247e5185103b3d8&dd-api-key=pub5197cece87412c3d9702c8fa913a829d&dd-evp-origin-version=4.24.0&dd-evp-origin=browser&dd-request-id=6233dc31-71bc-42e1-8281-265131c36133&batch_time=1669150617810
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b900:61fd:bb28:a027:cc4a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
389c42f69b26c74105c265df22a838c63c260971dcb06ab4c596377e23b59ade
Security Headers
Name Value
Strict-Transport-Security max-age=15724800;
X-Content-Type-Options nosniff

Request headers

Referer
https://hackerone.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 22 Nov 2022 20:56:58 GMT
strict-transport-security
max-age=15724800;
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
content-length
53
content-type
application/json
events
hackerone.com/
32 B
2 KB
Fetch
General
Full URL
https://hackerone.com/events
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
815b69b828e2756ab81ee652d5a7179399f5f845ee5cf662a68257020e5764c3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
x-datadog-sampling-priority
1
Content-Type
application/json
Accept
*/*
Referer
https://hackerone.com/reports/1065517
x-datadog-parent-id
712686212760231726
x-datadog-trace-id
8138208624539494309

Response headers

date
Tue, 22 Nov 2022 20:56:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
br
content-disposition
inline; filename="response."
x-xss-protection
1; mode=block
x-request-id
dc7368bc-63f4-4301-af33-39e5c126574b
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"815b69b828e2756ab81ee652d5a71793"
x-download-options
noopen
vary
Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
expect-ct
enforce, max-age=86400
cache-control
no-store
cf-ray
76e49321ec829220-FRA
default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png
hackerone.com/assets/avatars/
5 KB
5 KB
Image
General
Full URL
https://hackerone.com/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hackerone.com/reports/1065517
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:58 GMT
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2059146
cf-polished
status=not_needed
content-length
4711
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
cf-bgj
imgq:100,h2pri
last-modified
Tue, 20 Sep 2022 20:09:07 GMT
server
cloudflare
expect-ct
enforce, max-age=86400
x-download-options
noopen
x-frame-options
DENY
content-type
image/png
vary
Accept-Encoding
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
76e4932509cc9220-FRA
expires
Fri, 23 Dec 2022 20:56:58 GMT
default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png
hackerone.com/assets/avatars/
5 KB
6 KB
Image
General
Full URL
https://hackerone.com/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/js/vendor.2679f10e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hackerone.com/reports/1065517
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:58 GMT
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2059146
cf-polished
status=not_needed
content-length
4711
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
cf-bgj
imgq:100,h2pri
last-modified
Tue, 20 Sep 2022 20:09:07 GMT
server
cloudflare
expect-ct
enforce, max-age=86400
x-download-options
noopen
x-frame-options
DENY
content-type
image/png
vary
Accept-Encoding
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
76e49327ef1d9220-FRA
expires
Fri, 23 Dec 2022 20:56:58 GMT
rum
rum.browser-intake-datadoghq.com/api/v2/
0
0

rum
rum.browser-intake-datadoghq.com/api/v2/
0
0

wa1vv793v2vqqv5i8e1wp6wl2eg5
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/
0
0

94b3712d9e5abbd36ce7a482476dd87ba5bbd7e8343379fcbab9f3c0fe8b2bb9
profile-photos.hackerone-user-content.com/variants/000/002/413/ab3559068530ebd67a8224a9da7821be178dda07_original.png/
14 KB
15 KB
Image
General
Full URL
https://profile-photos.hackerone-user-content.com/variants/000/002/413/ab3559068530ebd67a8224a9da7821be178dda07_original.png/94b3712d9e5abbd36ce7a482476dd87ba5bbd7e8343379fcbab9f3c0fe8b2bb9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ec00:4:4c7d:87c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6ed1c743c2e910987c1216531dca1e67e49403cf3cc8416ee695472736f8eb68

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hackerone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-amz-version-id
fi.nogSccuRkGcMByMO1b1pbQZjDbi22
date
Tue, 22 Nov 2022 20:56:59 GMT
via
1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
1072
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
14824
last-modified
Wed, 07 Sep 2022 10:03:10 GMT
server
AmazonS3
etag
"e64d463922b3349444920d1b616c6e54"
vary
Accept-Encoding
content-type
image/png
accept-ranges
bytes
x-amz-cf-id
7AYbBsDLmJnsmYiLPiCcePLMcheH2LQsxenUXclYKWuYQmA7X7E0xg==
open-sans-regular.6c643d985ed34dc1dc2c.woff2
hackerone.com/assets/static/media/
9 KB
9 KB
Font
General
Full URL
https://hackerone.com/assets/static/media/open-sans-regular.6c643d985ed34dc1dc2c.woff2
Requested by
Host: hackerone.com
URL: https://hackerone.com/assets/static/css/main.73d2bece.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b54fd3af961105296e2ede9650bddb03df20fb051372d3c239ac01c31ec84d38
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hackerone.com/assets/static/css/main.73d2bece.css
Origin
https://hackerone.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 20:56:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
2066145
content-length
9196
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 27 Oct 2022 19:14:22 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/font-woff2
expect-ct
enforce, max-age=86400
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
76e49328e90d9220-FRA
expires
Fri, 23 Dec 2022 20:56:59 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
hackerone.com
URL
https://hackerone.com/graphql
Domain
rum.browser-intake-datadoghq.com
URL
https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.24.0%2Cenv%3Aproduction%2Cservice%3Acore%2Cversion%3A182ec773ba4bc3bf742d6aa87247e5185103b3d8&dd-api-key=pub5197cece87412c3d9702c8fa913a829d&dd-evp-origin-version=4.24.0&dd-evp-origin=browser&dd-request-id=5733599f-966a-493b-bea8-a67faabf4617&batch_time=1669150618955
Domain
rum.browser-intake-datadoghq.com
URL
https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.24.0%2Cenv%3Aproduction%2Cservice%3Acore%2Cversion%3A182ec773ba4bc3bf742d6aa87247e5185103b3d8&dd-api-key=pub5197cece87412c3d9702c8fa913a829d&dd-evp-origin-version=4.24.0&dd-evp-origin=browser&dd-request-id=2ee42798-8e84-4028-b705-c6f6cbef1c29&batch_time=1669150618963
Domain
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
URL
https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/wa1vv793v2vqqv5i8e1wp6wl2eg5?response-content-disposition=inline%3B%20filename%3D%22final.PNG%22%3B%20filename%2A%3DUTF-8%27%27final.PNG&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQTJT4BU7A%2F20221122%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20221122T205658Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEKT%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJGMEQCIGh1bpGpKynp65FNLzmW3RLjU6Wvlywj3VQaLg1gN2PnAiBOZfKeK6aeeZt6SYUIhjSFbb8IwgwrzF6wnhIVF8bZpSrVBAit%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAMaDDAxMzYxOTI3NDg0OSIMrbs03Q931E4FTOj%2FKqkECdFP0OyTozFips72tHAvsnfR6SIT1TuQx5i3bvfz1t6qQN7iGdtrRIh7EFvmHXXZfJfqFVLHo8jJtmLlgljADXVNiHPLAYI8oqhkWKMSZOxUIS2nVtYKA%2Bkief%2FxWqBxP25h59Q5ePEbx1hjvrQCVx6aUqGkXw5GH1cvyQFmxV9zQP1GuvbsHUpbSF7PCEv%2FMH1%2FiZ3OsfOrRX5rdy8dIFf6u4sDnBma3iy%2BiLS7Kmb3AyvlIWeqOiOV1%2FtmUSI2lXK46%2Fits2iGioPBj3Wg%2BUW502LKSzkUVaLY%2FjEoY9FBvTXgC2d%2FPQkoZ8hOYUXP1o8p9t8h%2Bvv0moHsbWmXAbE9wkShR%2BJrVmvHRdc9nhiE%2BtVW2MlekbsUJ7cTwMMeNp3lPJ9BwEHOA4Bc5R2oRGqgJL2zVulT9gEtyQCRd%2BQcWvR%2Bc7FjxNueLJ7%2Bg3wiwwRhPCxPb8fC4ovvVGd3Z31u9P%2FcdA%2BOOeKwYYNYBsUnCTpdUFkFP316G2%2B1L02ZOrQoNYMcVu2vl7s0qL5HKVbVIG0ji3V0gwGjqJtxvg8Mq6YaHklnJIJUksD0NW2RSIdMuGpHDu1NYAziZmc761SM0qrg4tbq%2FQHEjOEmDaz5a64ywKToj0DISY5yFyM6nhoCIcs5uxzn7IIqTVrSxKePPc8HFYB3RD2qxGWdeeFg9kRg%2FnCZtlcSSzKQ1TRjS%2Fz1dFCDBtwrZ99WCTqQHTWxFDmZo0OeMjC40PSbBjqqAXaylH8uAMMefhgqjbF1KqjJFOQ6ZuE4qY5Zm1JHRdaGeGRgBld1qET4zoOGEs7tU9QmpBcqjk1MX4Z7bY5Jr0fcIGm4P5uk%2BrSp2BXr9ER5BzxPSzE5aqOFiVsTR3Q%2BAtNqpR2jICaT3taX0Bu2sRQog%2F%2BUPY6ulegb7BQqN97DKawJn2R2J6kfV1ZH8kkPnwRCLtKt3kJ6VucpDC0olImgCtVvNYOZ39gd&X-Amz-SignedHeaders=host&X-Amz-Signature=bd85c6e9586735e14dcd00c7662a1b0904333837315b423550a17b635bb206b3

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| constants object| webpackChunkhackerone function| setImmediate function| clearImmediate object| Backbone object| __global__ object| DD_RUM function| Mousetrap function| Dropzone function| Buffer function| saveAs object| notifications object| TeamStore function| jQuery object| analyticsConnectorInstances object| current_user string| product_feature string| product_area

5 Cookies

Domain/Path Name / Value
hackerone.com/ Name: h1_device_id
Value: fa85d3f0-2ade-44cc-9b60-3bb4291962fa
hackerone.com/ Name: _dd_s
Value: rum=1&id=94cb63c0-1406-4e62-8999-ef6f0bf61602&created=1669150616008&expire=1669151516008
.hackerone.com/ Name: AMP_MKTG_b7cba2c14c
Value: JTdCJTdE
.hackerone.com/ Name: AMP_b7cba2c14c
Value: JTdCJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJkZXZpY2VJZCUyMiUzQSUyMjZlNmFjYTAxLTBhOTUtNGJmMi1iMzQ0LTQ1NzY3MWU2MGYwNSUyMiUyQyUyMmxhc3RFdmVudFRpbWUlMjIlM0ExNjY5MTUwNjE2ODg3JTJDJTIyc2Vzc2lvbklkJTIyJTNBMTY2OTE1MDYxNTAzMSU3RA==
hackerone.com/ Name: __Host-session
Value: ZEppOUhtZTlTVHh1RjFCTFFLYlJDOVhHNHk1anFIalhYUWVKZlhCakh0blBQcjMwWVo5V2lIbE11bTNaNm1EMTVYZ2FYazdNZEU3ajhkbHVOOXlacFBLQWo2VHdLb2wxVlV0ejJhZnAwVW5ZTDg5S212MEF1a2NERWhybUVNazgzditoSUI4MWZVeFFUdDl0WkRqWE9qTzVONm9pS2pKemtxNDUwTG92V1FEUllvN0JhV1VsSlRaUXlPdEkrbjJzM3p5R3d4SElIZERUT0hIbFdhWXBvOGtud2FwOHZ5cWZ3bFZvbitFZjI2bnBpa2NpTTd1bXU1NkY3R3FRSnhuMXpKbit0a2FyenVoOVZtdi9SUERDMVBxNEU3YWxwY3hmV21nTHhnY0l4Ykk9LS1WQWFMZWk3UGFCdXhZd1p0eDc4UVNRPT0%3D--a2f1f5e4d5d8d442b6cc84bd95853c397e0499ed

1 Console Messages

Source Level URL
Text
network error URL: https://hackerone.com/notifications
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; connect-src 'self' errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io; font-src 'self' js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff js.intercomcdn.com/fonts/proximanova-regular-italic.053a1112.woff js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff js.intercomcdn.com/fonts/proximanova-semibold-italic.660bf63e.woff; form-action 'self'; frame-ancestors 'none'; frame-src hackerone.integration-configuration.com api-60d81e65.duosecurity.com a5s.hackerone-ext-content.com b5s.hackerone-ext-content.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com/images/ static.intercomassets.com/avatars/ downloads.intercomcdn.com; media-src 'self' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu 'nonce-0GUVyv3FvFkCtH4RG9ieeItFwCRCIvS9NfpWwwPE33w=' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

errors.hackerone.net
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
hackerone.com
profile-photos.hackerone-user-content.com
rum.browser-intake-datadoghq.com
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
hackerone.com
rum.browser-intake-datadoghq.com
2600:1f18:24e6:b900:61fd:bb28:a027:cc4a
2600:9000:2057:ec00:4:4c7d:87c0:93a1
2606:4700::6810:6334
2606:4700::6811:eb35
0476d04d1bbbe96b4452bb0449b76986e2c05996056d80ce894fad178a52441b
1628118957d7a2a45f78ca1e22852070e2e89bded736f19ecdf2400ee3818057
1858984bd0041e7013109298629cbba60b3ff6b12258cfd60572fbf77e713f84
1febee51defc0145669117eae46e891ca4e3e4b9836cfe494c822062d300fa2b
2747da8457f0833a19367dd967e49c9195aca71790ca63c12982ed1ce36cc222
29184e7e7ab81e3a3a03b7878c141d52a2102e6c8fb28525037f97e3e4005ad0
2a28e6430649e97c8990a7d78869f0f5058c93a017ab17cc5ebf884273bc4f78
36187916bcf2c2c53d9ea7d03eef30aa6e67c12b2c8a47b0051d2c231d7f524e
389c42f69b26c74105c265df22a838c63c260971dcb06ab4c596377e23b59ade
436c092ce369d3fbe228fd19b55d65a145b2c10c7baa830aa9714cc235e949a4
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
447f89ebd0d856515058930185bfe0eb54716368f39d2be50bde10bb296e8e89
4f59e208f5babcf58c07505356ca1f109a9e1972e839b991dff19f709a28eeba
50a591955ad027c42c39dd72929bbc0dad6bdb884b8b056cd06ea219a902a8c0
525abedf37e69e2ddc1721a87b1c6b97818f7ec98e9253a809829e1f3fa1de8c
66a1750b4eaba9bc9006423272119330f9391be376bbf1dbc8c57e3ca0ad8cc6
6a3a46e0064b29a87f276c188d88412fdebc25bc9c577681c243f0d22356d22a
6ed1c743c2e910987c1216531dca1e67e49403cf3cc8416ee695472736f8eb68
71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918
71c3f1611cd9a00825f9e2416c3d0a7510119a272e7e0b8f039ec7f264a4c5fd
730216c8b8ccec2d27589f46978b9db590e29423a3ef82470cb53e0cf70d5dd4
74623a560ddec40a07e92ba1ae2b7ae61acebe8cfc43d1442d87af49ac0bcc6c
77a39b17916dc620e07d86cc1fef024e93f607ca39e4a2ee957755648c5ee80c
78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527
796797e64cf15429967a4d189a04cf464f51f4a60440c6321561b09184c6d12b
7f5ab1c0873416012a02bf62b119978c922dcec241b60eeeda727559e536b7dd
815b69b828e2756ab81ee652d5a7179399f5f845ee5cf662a68257020e5764c3
93102c54e14f85b42e97b24077e6cd2fc83d9be4b7a659bece4568d7af47863c
a9150fbd683b9c553d2881b9d1ea04168329e5a2cd999ce0ec99ee34b8eab678
abf812db4242d3e4f93c1de48dfa58dec2fc39b9611ccf8ac34549ff78f89856
ac29c7c90220cf0e4ac4bcf95ffb5249c9d075ac3c97e2e29f80926ff400863b
af53a7efb63a50dff80a511f7ccf876f356fa5a02b370d2bb5953974fd15884f
b3f4c9d87ef28763fb0e6fffb50c73865780ad0c9d74786b812f1f7e26a0982b
b54fd3af961105296e2ede9650bddb03df20fb051372d3c239ac01c31ec84d38
bf9c1ff640acc8bb5441a9b564360943f9db90969742aa33a36329b2828d2759
c0bf8cb7ad4a9ac449d9b0611c99eec42cd89b52ff8ee2576a0559c0217e8044
ce7e14cdd33fbb0952afcb6a2cfc9c3e6f1a4f9c09d9f2a11f14efe420416863
d04d9b6203e0a41075d3283ef1ba7e4786bd6964d0b6006f6fbfad2aefbecb99
d5d813179af273d579530eb45e4be7bde6055112045d869b04990918bae45ced
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9c75bfe6f45fc3e1404e45a17c1843b64c32cf6f6d083ce37ad0fe7a4a9ce07
eca6b4ed3813b40b1c7769cb4dec3f8f636526da3efa6e8a18768cffd89db2b8
f37654e527dd758f76d528626a320b8b52656e54f09821857b253f7a4f0ca965
f7df27b6a21c75101bae610a208de823062837ae7c9c816c972f732858f0e429
f9da6a61d269c5275ec62afc530207db413af71895c0fefecc00ad68200b71d9