Submitted URL: https://beta.serviceportal.hgv.it/
Effective URL: https://accounts.hgv.it/error?id=ba848957-14ae-477a-a7b1-27a23708baa1
Submission: On September 12 via automatic, source certstream-suspicious — Scanned from IT

Summary

This website contacted 4 IPs in 2 countries across 1 domains to perform 10 HTTP transactions. The main IP is 199.36.158.100, located in United States and belongs to FASTLY, US. The main domain is accounts.hgv.it.
TLS certificate: Issued by GTS CA 1D4 on August 10th 2023. Valid for: 3 months.
This is the only time accounts.hgv.it was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 142.250.185.179 15169 (GOOGLE)
1 2 104.18.13.126 13335 (CLOUDFLAR...)
5 199.36.158.100 54113 (FASTLY)
10 4
Apex Domain
Subdomains
Transfer
10 hgv.it
beta.serviceportal.hgv.it
api.accounts.hgv.it Failed
accounts.hgv.it
405 KB
10 1
Domain Requested by
5 accounts.hgv.it beta.serviceportal.hgv.it
accounts.hgv.it
3 beta.serviceportal.hgv.it beta.serviceportal.hgv.it
2 api.accounts.hgv.it beta.serviceportal.hgv.it
accounts.hgv.it
10 3

This site contains no links.

Subject Issuer Validity Valid
beta.serviceportal.hgv.it
GTS CA 1D4
2023-09-12 -
2023-12-11
3 months crt.sh
accounts.hgv.it
GTS CA 1D4
2023-08-10 -
2023-11-08
3 months crt.sh
api.accounts.hgv.it
GTS CA 1P5
2023-08-09 -
2023-11-07
3 months crt.sh

This page contains 1 frames:

Primary Page: https://accounts.hgv.it/error?id=ba848957-14ae-477a-a7b1-27a23708baa1
Frame ID: 7838D2EEEF90980815D478C8E4D35915
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

HGV Konto

Page URL History Show full URLs

  1. https://beta.serviceportal.hgv.it/ Page URL
  2. https://api.accounts.hgv.it/self-service/login/browser?return_to=https://beta.serviceportal.hgv.it/ HTTP 303
    https://accounts.hgv.it/error?id=ba848957-14ae-477a-a7b1-27a23708baa1 Page URL

Page Statistics

10
Requests

90 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

4
IPs

2
Countries

405 kB
Transfer

1535 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://beta.serviceportal.hgv.it/ Page URL
  2. https://api.accounts.hgv.it/self-service/login/browser?return_to=https://beta.serviceportal.hgv.it/ HTTP 303
    https://accounts.hgv.it/error?id=ba848957-14ae-477a-a7b1-27a23708baa1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
beta.serviceportal.hgv.it/
547 B
751 B
Document
General
Full URL
https://beta.serviceportal.hgv.it/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.179 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f19.1e100.net
Software
Google Frontend /
Resource Hash
3b6b888451a2caa8d5981f7cd37caed25b0876c8acbbb9050528729835021255
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self';connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

accept-ranges
bytes
cache-control
private
content-encoding
gzip
content-length
336
content-security-policy
default-src 'none';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self';connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'self'
content-type
text/html; charset=utf-8
date
Tue, 12 Sep 2023 15:23:26 GMT
referrer-policy
no-referrer-when-downgrade
server
Google Frontend
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-cloud-trace-context
aa3668f9e50e733e8bd7cd029a9b2b83
x-content-type-options
nosniff
index-00eb7ae8.js
beta.serviceportal.hgv.it/assets/
939 KB
266 KB
Script
General
Full URL
https://beta.serviceportal.hgv.it/assets/index-00eb7ae8.js
Requested by
Host: beta.serviceportal.hgv.it
URL: https://beta.serviceportal.hgv.it/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.179 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f19.1e100.net
Software
Google Frontend /
Resource Hash
fec565b500705a9d5d3b41d0c1e59a0bd2036ffaf277a5c983cd427f44268314
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self';connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://beta.serviceportal.hgv.it/
Origin
https://beta.serviceportal.hgv.it
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

content-security-policy
default-src 'none';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self';connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'self'
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
content-encoding
gzip
server
Google Frontend
date
Tue, 12 Sep 2023 15:23:27 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=8760h0m0s, immutable
accept-ranges
bytes
index-379f8aea.css
beta.serviceportal.hgv.it/assets/
45 KB
10 KB
Stylesheet
General
Full URL
https://beta.serviceportal.hgv.it/assets/index-379f8aea.css
Requested by
Host: beta.serviceportal.hgv.it
URL: https://beta.serviceportal.hgv.it/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.179 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f19.1e100.net
Software
Google Frontend /
Resource Hash
379f8aea42597a3aefaf0a9977184c4e7e69b7578187a4a389144e8e77dec65d
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self';connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://beta.serviceportal.hgv.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

content-security-policy
default-src 'none';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self';connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'self'
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
content-encoding
gzip
server
Google Frontend
date
Tue, 12 Sep 2023 15:23:27 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
cache-control
public, max-age=8760h0m0s, immutable
accept-ranges
bytes
whoami
api.accounts.hgv.it/sessions/
0
0

Primary Request error
accounts.hgv.it/
Redirect Chain
  • https://api.accounts.hgv.it/self-service/login/browser?return_to=https://beta.serviceportal.hgv.it/
  • https://accounts.hgv.it/error?id=ba848957-14ae-477a-a7b1-27a23708baa1
452 B
772 B
Document
General
Full URL
https://accounts.hgv.it/error?id=ba848957-14ae-477a-a7b1-27a23708baa1
Requested by
Host: beta.serviceportal.hgv.it
URL: https://beta.serviceportal.hgv.it/assets/index-00eb7ae8.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8b7434ef383b631a72413bb2d94fefd124848a6efbe9bf3b377b6b7fdbc3ddea
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://beta.serviceportal.hgv.it/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
public, max-age=10
content-encoding
br
content-length
175
content-security-policy
default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'none'
content-type
text/html; charset=utf-8
date
Tue, 12 Sep 2023 15:23:28 GMT
etag
"01683533d634790d5fdb9dab4417ba3332f2f244175418596095091785ae30aa-br"
last-modified
Fri, 08 Sep 2023 09:17:20 GMT
referrer-policy
no-referrer
strict-transport-security
max-age=31536000; includeSubDomains
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
x-cache-hits
0
x-content-type-options
nosniff
x-served-by
cache-fco2270030-FCO
x-timer
S1694532208.326931,VS0,VE98

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
805926d9dadc0da1-MRS
content-length
94
content-type
text/html; charset=utf-8
date
Tue, 12 Sep 2023 15:23:28 GMT
location
https://accounts.hgv.it/error?id=ba848957-14ae-477a-a7b1-27a23708baa1
ory-network-region
euw
server
cloudflare
vary
Origin,Origin,Cookie
index-7ed20127.js
accounts.hgv.it/assets/
499 KB
100 KB
Script
General
Full URL
https://accounts.hgv.it/assets/index-7ed20127.js
Requested by
Host: accounts.hgv.it
URL: https://accounts.hgv.it/error?id=ba848957-14ae-477a-a7b1-27a23708baa1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
29faffa68a7d495560e95ac800ef0fe98c67fa7dc3e32c8bd4f429911bf94818
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://accounts.hgv.it
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

content-security-policy
default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'none'
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 12 Sep 2023 15:23:28 GMT
x-cache
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
101739
x-served-by
cache-fco2270030-FCO
referrer-policy
no-referrer
last-modified
Fri, 08 Sep 2023 09:17:20 GMT
x-timer
S1694532208.461925,VS0,VE184
etag
"a870a91d9d672c2ddbedc105ce2ec7f1fe74b91cee1ba5afaf655e65eeb0ddab-br"
vary
x-fh-requested-host, accept-encoding
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
0
index-09180975.css
accounts.hgv.it/assets/
24 KB
5 KB
Stylesheet
General
Full URL
https://accounts.hgv.it/assets/index-09180975.css
Requested by
Host: accounts.hgv.it
URL: https://accounts.hgv.it/error?id=ba848957-14ae-477a-a7b1-27a23708baa1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0918097574a5fde70ad085b6b9989e3af29dd3f125ec3ca3cf63e55f1c7da619
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

content-security-policy
default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'none'
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 12 Sep 2023 15:23:28 GMT
x-cache
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
4641
x-served-by
cache-fco2270030-FCO
referrer-policy
no-referrer
last-modified
Fri, 08 Sep 2023 09:17:20 GMT
x-timer
S1694532208.462105,VS0,VE95
etag
"800de593cdd1925636d1a118b1c3d49fee088c30accd97a806144e1aac8b5df0-br"
vary
x-fh-requested-host, accept-encoding
content-type
text/css; charset=utf-8
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
0
warning-6c4bcd10.svg
accounts.hgv.it/assets/
9 KB
4 KB
Image
General
Full URL
https://accounts.hgv.it/assets/warning-6c4bcd10.svg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6c4bcd10c9f9592dfd2690d25d6509c4c3b6eb5a303a24857395b3423c1a5e97
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

content-security-policy
default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'none'
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 12 Sep 2023 15:23:29 GMT
x-cache
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
3897
x-served-by
cache-fco2270022-FCO
referrer-policy
no-referrer
last-modified
Fri, 08 Sep 2023 09:17:20 GMT
x-timer
S1694532209.826974,VS0,VE289
etag
"2bd26c2c7f25443fdc146248eb30aabc0aabc798f9c1869b01b2ac780b03a5c3-br"
vary
x-fh-requested-host, accept-encoding
content-type
image/svg+xml
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
0
open-sans-latin-400-normal-441e2360.woff2
accounts.hgv.it/assets/
18 KB
19 KB
Font
General
Full URL
https://accounts.hgv.it/assets/open-sans-latin-400-normal-441e2360.woff2
Requested by
Host: accounts.hgv.it
URL: https://accounts.hgv.it/assets/index-09180975.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://accounts.hgv.it
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

content-security-policy
default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'none'
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
date
Tue, 12 Sep 2023 15:23:28 GMT
x-cache
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
18664
x-served-by
cache-fco2270022-FCO
referrer-policy
no-referrer
last-modified
Fri, 08 Sep 2023 09:17:20 GMT
x-timer
S1694532209.829464,VS0,VE74
etag
"ebf517c0f0236574cc9f529eb0d75a75c0c073058307b3bd272a762085fcef7b"
vary
x-fh-requested-host, accept-encoding
content-type
font/woff2
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
0
whoami
api.accounts.hgv.it/sessions/
206 B
575 B
XHR
General
Full URL
https://api.accounts.hgv.it/sessions/whoami
Requested by
Host: accounts.hgv.it
URL: https://accounts.hgv.it/assets/index-7ed20127.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.13.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53f87fbc9a202125d0b0cab2c78bd06e75b370651c00b64706c9935a3cfb5002

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

date
Tue, 12 Sep 2023 15:23:29 GMT
cf-cache-status
DYNAMIC
server
cloudflare
ory-network-region
euw
ory-session-cache-for
60
vary
Origin,Origin,Cookie, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://accounts.hgv.it
access-control-expose-headers
Cache-Control, Expires, Last-Modified, Pragma, Content-Length, Content-Language, Content-Type
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
ory-session-edge-status
MISS
cf-ray
805926e17dc00da4-MRS
alt-svc
h3=":443"; ma=86400
content-length
206

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.accounts.hgv.it
URL
https://api.accounts.hgv.it/sessions/whoami

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| __REACT_INTL_CONTEXT__

4 Cookies

Domain/Path Name / Value
api.accounts.hgv.it/ Name: __cflb
Value: 04dTofjtHwhfCny3TimBZbgWZXE933GctJW5dT2ysZ
.api.accounts.hgv.it/ Name: __cf_bm
Value: lQfcxHAnskAkbkKOyd.KDLIKcXysdqL_nW7lr4tnB10-1694532207-0-AQKXKJ9xiTqKTYXLmV/RSHdjVBa6/t6SAk4xBB1d3ZcvY0WG6EC0Hj9v0tA2q5ksEgZg2nL67bO53j9Cj6M3iOo=
.api.accounts.hgv.it/ Name: _cfuvid
Value: Fjq7357ZiEvI.q9vcKOgOpvDnWK5KsZMqLTT4XC3Usc-1694532207594-0-604800000
.hgv.it/ Name: csrf_token_08c109866b1aa722ec57d2d3fde7e268e49d5609fdb3e79c4308a4a40d40aaad
Value: Y0SkYv96oe6amVIX4Is1N9is5wjrHAYnDQB+o1RX6ck=

3 Console Messages

Source Level URL
Text
javascript error URL: https://beta.serviceportal.hgv.it/
Message:
Access to XMLHttpRequest at 'https://api.accounts.hgv.it/sessions/whoami' from origin 'https://beta.serviceportal.hgv.it' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.accounts.hgv.it/sessions/whoami
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://api.accounts.hgv.it/sessions/whoami
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self';connect-src 'self' https://api.accounts.hgv.it;frame-src 'none';font-src 'self';frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff