urlscan.io logo urlscan.io
SecurityTrails logo

generali.insillion.com Open in urlscan Pro
34.225.69.191  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://generali.insillion.com/
Effective URL: https://generali.insillion.com/login.html?x=1&
Submission: On October 05 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 29 HTTP transactions. The main IP is 34.225.69.191, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is generali.insillion.com.
TLS certificate: Issued by E6 on August 30th 2024. Valid for: 3 months.
This is the only time generali.insillion.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 30 34.225.69.191 14618 (AMAZON-AES)
29 1
Apex Domain
Subdomains		 Transfer
30 insillion.com
generali.insillion.com
3 MB
29 1
Domain Requested by
30 generali.insillion.com 1 redirects generali.insillion.com
29 1

This site contains no links.

Subject Issuer Validity Valid
generali.insillion.com
E6		 2024-08-30 -
2024-11-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://generali.insillion.com/login.html?x=1&
Frame ID: 057C693A10A761C7E172F6589ABC66BC
Requests: 29 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://generali.insillion.com/ Page URL
  2. https://generali.insillion.com/login.html?x=1&_src=https%3A%2F%2Fgenerali.insillion.com%2F HTTP 301
    https://generali.insillion.com/login.html?x=1& Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

29
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

3423 kB
Transfer

7987 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://generali.insillion.com/ Page URL
  2. https://generali.insillion.com/login.html?x=1&_src=https%3A%2F%2Fgenerali.insillion.com%2F HTTP 301
    https://generali.insillion.com/login.html?x=1& Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
generali.insillion.com/ 		28 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
2f9046a170f8b6714e15d4376aa6cfec844f10342f4f692eb682c4e283a8e7c5
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin deny
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Content-Type
text/html
Date
Sat, 05 Oct 2024 11:59:16 GMT
ETag
W/"66e809e1-6ec9"
Last-Modified
Mon, 16 Sep 2024 10:35:13 GMT
Referrer-Policy
same-origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin deny
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
Insillion
X-XSS-Protection
1; mode=block
js
generali.insillion.com/api/v1/analytics/ 		73 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/api/v1/analytics/js
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
27c19dd1a23c426ac66216f5a7fc137160aa9e770cfa93e439720f3f07fc6acc
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self'
Strict-Transport-Security max-age=5184000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/

Response headers

Access-Control-Max-Age
86400
Access-Control-Expose-Headers
set-in-auth-token
ETag
W/"49-PyQYO2v5Ai2KcP80Z0Dg8uxcayw"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:16 GMT
Content-Type
application/javascript; charset=utf-8
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=5184000; includeSubDomains; preload
Content-Security-Policy
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self'
Connection
keep-alive
Access-Control-Allow-Credentials
true
Referrer-Policy
same-origin
Content-Length
73
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
x-content-type
application/javascript
insall-1.24.2-rc.16.min.css
generali.insillion.com/res/ 		221 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/insall-1.24.2-rc.16.min.css
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
f998aad874446532da29612019ee4034f20674695e2c36dff80286ce2d48a04c
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/

Response headers

Content-Encoding
gzip
ETag
"66e809e1-8f95"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:16 GMT
Content-Type
text/css
Last-Modified
Mon, 16 Sep 2024 10:35:13 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
36757
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
in.css
generali.insillion.com/res/css/ 		45 KB
46 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/css/in.css?v=1.24.2-rc.16
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
fd4bfbb8d061faa588060fc701f4212049efe134a9cb0fbd87ceea12a4415d51
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/

Response headers

ETag
"66d1b7ad-b419"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:16 GMT
Content-Type
text/css
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
46105
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
override.css
generali.insillion.com/res/css/ 		12 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/css/override.css?x=1&v=3
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
e6145cb715c63f9e3e66f49035a976485a8598ebe1fea72e1d7da54fde1c1c30
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/

Response headers

ETag
"66d1b7ad-2f3c"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:16 GMT
Content-Type
text/css
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
12092
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
insall-1.24.2-rc.16.min.js
generali.insillion.com/res/ 		3 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/insall-1.24.2-rc.16.min.js
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
8bee0c0a644f770a5f6a026b802215961a4ce8b027717033d90e56aeeb64bc09
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/

Response headers

Content-Encoding
gzip
ETag
"66e809e1-13517b"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:16 GMT
Content-Type
application/javascript
Last-Modified
Mon, 16 Sep 2024 10:35:13 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
1266043
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
in.js
generali.insillion.com/res/js/ 		232 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/js/in.js?v=1.24.2-rc.16
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
9163d8f9164f29796becf9bd4080cd689d08d9b0e2a98ec76132edd4ba8304d1
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/

Response headers

Content-Encoding
gzip
ETag
W/"66e809e1-39fcc"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:16 GMT
Content-Type
application/javascript
Last-Modified
Mon, 16 Sep 2024 10:35:13 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Frame-Options
sameorigin, deny
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
components.js
generali.insillion.com/res/js/ 		61 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/js/components.js
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
81dcb7828d964c60524b4789fc730d70347e5c2b4ec1ef4268d6ce5e37d6061b
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/

Response headers

Content-Encoding
gzip
ETag
W/"66d1b7ad-f280"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:16 GMT
Content-Type
application/javascript
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Frame-Options
sameorigin, deny
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
publickey
generali.insillion.com/api/v1/auth/ 		31 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/api/v1/auth/publickey
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/res/insall-1.24.2-rc.16.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self'
Strict-Transport-Security max-age=5184000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

in-auth-token
Referer
https://generali.insillion.com/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01

Response headers

Access-Control-Max-Age
86400
Access-Control-Expose-Headers
set-in-auth-token
ETag
W/"1f-1nEJd9Ev/gkPjBpMEbRImrllMUQ"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
application/json; charset=utf-8
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=5184000; includeSubDomains; preload
Content-Security-Policy
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self'
Connection
keep-alive
Access-Control-Allow-Credentials
true
Referrer-Policy
same-origin
Content-Length
31
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
x-content-type
application/json; charset=UTF-8
profile
generali.insillion.com/api/v1/ 		109 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/api/v1/profile?x=1&pages=1&priv=1&menu=1&routes=1
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/res/insall-1.24.2-rc.16.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self'
Strict-Transport-Security max-age=5184000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

in-auth-token
Referer
https://generali.insillion.com/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01

Response headers

Access-Control-Max-Age
86400
Access-Control-Expose-Headers
set-in-auth-token
ETag
W/"6d-kOmq8Cg+UfJ/xr5lMBYFPSTTB74"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
application/json; charset=utf-8
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=5184000; includeSubDomains; preload
Content-Security-Policy
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self'
Connection
keep-alive
Access-Control-Allow-Credentials
true
Referrer-Policy
same-origin
Content-Length
109
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
x-content-type
application/json
Montserrat-Regular.ttf
generali.insillion.com/res/fonts/ 		95 KB
0 		Font
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/fonts/Montserrat-Regular.ttf
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/res/css/in.css?v=1.24.2-rc.16
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://generali.insillion.com
Referer
https://generali.insillion.com/res/css/in.css?v=1.24.2-rc.16

Response headers

ETag
"66d1b7ad-40418"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
font/ttf
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
263192
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
fontawesome-webfont.woff2
generali.insillion.com/res/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/res/insall-1.24.2-rc.16.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://generali.insillion.com
Referer
https://generali.insillion.com/res/insall-1.24.2-rc.16.min.css

Response headers

ETag
"66d1b7ad-12d68"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
font/woff2
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
77160
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
Primary Request login.html
generali.insillion.com/
Redirect Chain
  • https://generali.insillion.com/login.html?x=1&_src=https%3A%2F%2Fgenerali.insillion.com%2F
  • https://generali.insillion.com/login.html?x=1&
21 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/login.html?x=1&
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/res/js/in.js?v=1.24.2-rc.16
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
6d58bb2a9f1a5013a431330f2867949dc6aac7a4afa606ce286088ea9c8eec7e
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://generali.insillion.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Content-Type
text/html
Date
Sat, 05 Oct 2024 11:59:17 GMT
ETag
W/"66d1b7ad-523e"
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Referrer-Policy
same-origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin deny
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
Insillion
X-XSS-Protection
1; mode=block

Redirect headers

Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
Connection
keep-alive
Content-Length
162
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Content-Type
text/html
Date
Sat, 05 Oct 2024 11:59:17 GMT
Expect-CT
max-age=86400
Location
https://generali.insillion.com/login.html?x=1&
Referrer-Policy
same-origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin deny
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
Insillion
X-XSS-Protection
1; mode=block
insall.min.css
generali.insillion.com/res/ 		221 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/insall.min.css
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/login.html?x=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
f998aad874446532da29612019ee4034f20674695e2c36dff80286ce2d48a04c
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/login.html?x=1&

Response headers

Content-Encoding
gzip
ETag
"66d1b7ad-8f95"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
text/css
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
36757
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
js
generali.insillion.com/api/v1/analytics/ 		73 B
979 B 		Script
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/api/v1/analytics/js
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/login.html?x=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
27c19dd1a23c426ac66216f5a7fc137160aa9e770cfa93e439720f3f07fc6acc
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self'
Strict-Transport-Security max-age=5184000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/login.html?x=1&

Response headers

Access-Control-Max-Age
86400
Access-Control-Expose-Headers
set-in-auth-token
ETag
W/"49-PyQYO2v5Ai2KcP80Z0Dg8uxcayw"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
application/javascript; charset=utf-8
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=5184000; includeSubDomains; preload
Content-Security-Policy
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self'
Access-Control-Allow-Credentials
true
Referrer-Policy
same-origin
Content-Length
73
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
x-content-type
application/javascript
in.css
generali.insillion.com/res/css/ 		45 KB
46 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/css/in.css
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/login.html?x=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
fd4bfbb8d061faa588060fc701f4212049efe134a9cb0fbd87ceea12a4415d51
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/login.html?x=1&

Response headers

ETag
"66d1b7ad-b419"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
text/css
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
46105
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
insall.min.js
generali.insillion.com/res/ 		3 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/insall.min.js
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/login.html?x=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
8bee0c0a644f770a5f6a026b802215961a4ce8b027717033d90e56aeeb64bc09
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/login.html?x=1&

Response headers

Content-Encoding
gzip
ETag
"66d1b7ad-13517b"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
application/javascript
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
1266043
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
sha.js
generali.insillion.com/res/js/ 		17 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/js/sha.js
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/login.html?x=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
5dc385324511a1129b7754fcacf506d3ceb1c07cd7b252dd78d132ba937ac351
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/login.html?x=1&

Response headers

Content-Encoding
gzip
ETag
W/"66d1b7ad-4451"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
application/javascript
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Frame-Options
sameorigin, deny
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
in.js
generali.insillion.com/res/js/ 		232 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/js/in.js
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/login.html?x=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
9163d8f9164f29796becf9bd4080cd689d08d9b0e2a98ec76132edd4ba8304d1
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/login.html?x=1&

Response headers

Content-Encoding
gzip
ETag
W/"66e809e1-39fcc"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
application/javascript
Last-Modified
Mon, 16 Sep 2024 10:35:13 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Frame-Options
sameorigin, deny
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
logo.png
generali.insillion.com/res/img/custom/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://generali.insillion.com/res/img/custom/logo.png
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/login.html?x=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
0625be92fdce28dab7c6da2fcdb70ff5b95198b1aa0364c90577aac14dde9c27
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/login.html?x=1&

Response headers

ETag
"66d1b7ad-357e"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
image/png
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
13694
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
facebook.png
generali.insillion.com/res/img/others/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://generali.insillion.com/res/img/others/facebook.png
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/login.html?x=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
c8a328c23f25cd7aa5364204ffb80ff19efdbdd9e4772a51e2c7d28d4e3121a3
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/login.html?x=1&

Response headers

ETag
"66d1b7ad-1af6"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
image/png
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
6902
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
google.png
generali.insillion.com/res/img/others/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://generali.insillion.com/res/img/others/google.png
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/login.html?x=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
c9124989ddb6a4c54ac930450171639ba9526c8f7ed9d2fdc548345fb3401d67
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/login.html?x=1&

Response headers

ETag
"66d1b7ad-90c"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
image/png
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
2316
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
github.png
generali.insillion.com/res/img/others/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://generali.insillion.com/res/img/others/github.png
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/login.html?x=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
a59ed1e750a07e604425e77aa3b5e57e55f76b7fd914675cbf67922abae8dbc7
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/login.html?x=1&

Response headers

ETag
"66d1b7ad-ac5"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
image/png
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
2757
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
fontawesome-webfont.woff2
generali.insillion.com/res/fonts/ 		75 KB
0 		Font
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/res/insall-1.24.2-rc.16.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://generali.insillion.com
Referer
https://generali.insillion.com/res/insall.min.css

Response headers

ETag
"66d1b7ad-12d68"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:17 GMT
Content-Type
font/woff2
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
77160
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
login-background3.jpg
generali.insillion.com/res/img/custom/ 		85 KB
86 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://generali.insillion.com/res/img/custom/login-background3.jpg
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/login.html?x=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
158d59bf887a15cae98cdbaf56f42730d185aa33683238950f4b908389e5b505
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/login.html?x=1&

Response headers

ETag
"66d1b7ad-1528a"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:18 GMT
Content-Type
image/jpeg
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
86666
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
Montserrat-Regular.ttf
generali.insillion.com/res/fonts/ 		257 KB
164 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/fonts/Montserrat-Regular.ttf
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/res/css/in.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
81ebc3916b524007b756d91d9df13c7673ec401161f2cad161662d08dcf1cc72
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://generali.insillion.com
Referer
https://generali.insillion.com/res/css/in.css

Response headers

ETag
"66d1b7ad-40418"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:18 GMT
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Content-Type
font/ttf
X-Frame-Options
sameorigin, deny
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
263192
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
Montserrat-SemiBold.ttf
generali.insillion.com/res/fonts/ 		255 KB
256 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/res/fonts/Montserrat-SemiBold.ttf
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/res/css/in.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
bab583d38d105dac9141b287fb2b7763b6d8b0bae97e745faaccedb40a579c29
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://generali.insillion.com
Referer
https://generali.insillion.com/res/css/in.css

Response headers

ETag
"66d1b7ad-3fb48"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:18 GMT
Content-Type
font/ttf
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
260936
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
version
generali.insillion.com/api/v1/auth/ 		12 B
1016 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/api/v1/auth/version
Requested by
Host: generali.insillion.com
URL: https://generali.insillion.com/res/insall.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
97030416a5d3bfd52a6015da37ecc9f64372c727c17ae8c3d70c29da883fbff5
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self'
Strict-Transport-Security max-age=5184000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://generali.insillion.com/login.html?x=1&
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*/*

Response headers

Access-Control-Max-Age
86400
Access-Control-Expose-Headers
Date
ETag
W/"c-kkQPL5m/+ZmJjcts69P7EHiIQ3k"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:18 GMT
Content-Type
text/plain; charset=utf-8
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=5184000; includeSubDomains; preload
Content-Security-Policy
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self'
Connection
keep-alive
Access-Control-Allow-Credentials
true
Referrer-Policy
same-origin
Content-Length
12
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx
x-content-type
text/plain
favicon.ico
generali.insillion.com/ 		3 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://generali.insillion.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.225.69.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-69-191.compute-1.amazonaws.com
Software
nginx / Insillion
Resource Hash
f992e92ad1611af116f010c74b38b3d76abbc22d032c6d97f2ed9d236cc2b53c
Security Headers
Name Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://generali.insillion.com/login.html?x=1&

Response headers

ETag
"66d1b7ad-cbe"
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
X-Content-Type-Options
nosniff
Date
Sat, 05 Oct 2024 11:59:18 GMT
Content-Type
image/vnd.microsoft.icon
Last-Modified
Fri, 30 Aug 2024 12:14:37 GMT
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Cache-Control, Accept, in-auth-token
X-Frame-Options
sameorigin, deny
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Connection
keep-alive
Referrer-Policy
same-origin
Accept-Ranges
bytes
Content-Length
3262
X-XSS-Protection
1; mode=block
X-Powered-By
Insillion
Server
nginx

Verdicts & Comments Add Verdict or Comment

84 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| spajs object| SSF function| make_ssf function| $ function| jQuery function| moment function| Navigo function| _ function| Vue object| __core-js_shared__ object| VueSelect function| setImmediate function| clearImmediate function| JSZip function| saveAs object| pdfMake function| createPdf function| DataTable function| SearchIndex function| Bloodhound object| d3 function| jsSHA object| routes function| _vlog function| showErrorPopup function| navigo_loader function| initNavigo function| init_security function| str2ab function| getSpkiDer function| _base64 function| __encode_aes_key function| __encrypt_url function| __encrypt_pdata function| __decrypt_response function| navigo_import_wf_js function| navigo_load_js function| navigo_add_css_to_head function| moduleLoaderSeq function| localDate function| localTime function| localTimeNow function| animElement function| animParentElement function| startAction function| endAction function| qs function| cookie function| secure function| setInsToken function| logout function| loadAuth function| authenticate function| xhttp function| xget function| xpost function| xput function| xupld function| xdel function| makeElementVisible object| regExValidators function| in_validator function| niceNum function| axisTicks function| mergeObjects function| cssHeight function| cssWidth function| trySize function| fillTextToElementWidth function| itoast function| itoast_green function| inotify function| urlBase64ToUint8Array function| trtv function| ias object| insmixin object| antiClickjack function| a2hex function| writeUInt32BE function| sha512Hmac function| pbkdf2 string| _src object| app function| md5

0 Cookies

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://generali.insillion.com/login.html?x=1&
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * 'self' blob: data: https:; connect-src * 'self' blob: data: https:; img-src * 'self' data: https:; style-src * 'unsafe-inline'; script-src generali.insillion.com 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin deny
X-Xss-Protection 1; mode=block