cartaocarrefour.servicesdigital.com.br Open in urlscan Pro
34.110.219.242  Public Scan

Submitted URL: https://cartaocarrefour.servicesdigital.com.br/
Effective URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Submission: On July 29 via automatic, source certstream-suspicious — Scanned from US

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 21 HTTP transactions. The main IP is 34.110.219.242, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is cartaocarrefour.servicesdigital.com.br.
TLS certificate: Issued by WR3 on July 28th 2024. Valid for: 3 months.
This is the only time cartaocarrefour.servicesdigital.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 14 34.110.219.242 396982 (GOOGLE-CL...)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2600:1408:c40... 20940 (AKAMAI-ASN1)
2 104.17.25.14 13335 (CLOUDFLAR...)
1 34.149.205.197 396982 (GOOGLE-CL...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
21 7
Apex Domain
Subdomains
Transfer
14 servicesdigital.com.br
cartaocarrefour.servicesdigital.com.br
169 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336
84 KB
2 typekit.net
use.typekit.net — Cisco Umbrella Rank: 1178
p.typekit.net — Cisco Umbrella Rank: 1499
1 KB
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
269 B
1 google.com
analytics.google.com — Cisco Umbrella Rank: 238
1 fenixdigital.services
cdn.fenixdigital.services
8 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
102 KB
21 7
Domain Requested by
14 cartaocarrefour.servicesdigital.com.br 1 redirects cartaocarrefour.servicesdigital.com.br
2 cdnjs.cloudflare.com cartaocarrefour.servicesdigital.com.br
1 stats.g.doubleclick.net www.googletagmanager.com
1 analytics.google.com www.googletagmanager.com
1 p.typekit.net use.typekit.net
1 cdn.fenixdigital.services cartaocarrefour.servicesdigital.com.br
1 use.typekit.net cartaocarrefour.servicesdigital.com.br
1 www.googletagmanager.com cartaocarrefour.servicesdigital.com.br
21 8

This site contains no links.

Subject Issuer Validity Valid
cartaocarrefour.servicesdigital.com.br
WR3
2024-07-28 -
2024-10-26
3 months crt.sh
*.google-analytics.com
WR2
2024-07-01 -
2024-09-23
3 months crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-02-01 -
2025-03-03
a year crt.sh
cdnjs.cloudflare.com
E1
2024-06-02 -
2024-08-31
3 months crt.sh
*.fenixdigital.services
GoGetSSL RSA DV CA
2023-10-25 -
2024-10-25
a year crt.sh
*.google.com
WR2
2024-07-01 -
2024-09-23
3 months crt.sh
*.g.doubleclick.net
WR2
2024-07-01 -
2024-09-23
3 months crt.sh

This page contains 1 frames:

Primary Page: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Frame ID: 2B3C8C44EB93D681195DCAA30CCC4929
Requests: 21 HTTP requests in this frame

Screenshot

Page Title

Acesso Restrito | Services Digital

Page URL History Show full URLs

  1. https://cartaocarrefour.servicesdigital.com.br/ HTTP 302
    https://cartaocarrefour.servicesdigital.com.br/restrict-access Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • <link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Page Statistics

21
Requests

100 %
HTTPS

57 %
IPv6

7
Domains

8
Subdomains

7
IPs

2
Countries

363 kB
Transfer

960 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cartaocarrefour.servicesdigital.com.br/ HTTP 302
    https://cartaocarrefour.servicesdigital.com.br/restrict-access Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request restrict-access
cartaocarrefour.servicesdigital.com.br/
Redirect Chain
  • https://cartaocarrefour.servicesdigital.com.br/
  • https://cartaocarrefour.servicesdigital.com.br/restrict-access
11 KB
4 KB
Document
General
Full URL
https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.110.219.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.219.110.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
9b4f739d9f5feeeca407cfde43413f86c9b121182ee24abac5b3c49c85c4c40a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
POST,GET
access-control-allow-origin
https://cartaocarrefour.servicesdigital.com.br
allow
GET, POST, PUT, DELETE, HEAD
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
4016
content-security-policy
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
content-type
text/html; charset=utf8
date
Mon, 29 Jul 2024 07:56:39 GMT
expect-ct
enforce, max-age=7776000, report-uri="https://cartaocarrefour.servicesdigital.com.br/"
expires
Tue, 29 Jul 2025 03:00:00 GMT
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
pragma
no-cache
referrer-policy
same-origin
server
Google Frontend
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 google
x-cloud-trace-context
8c95bad40c64f2ff0451e11a93fb7d4f
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

allow
GET, POST, PUT, DELETE, HEAD
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
content-length
259
content-security-policy
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
content-type
text/html; charset=UTF-8
date
Mon, 29 Jul 2024 07:56:39 GMT
expect-ct
enforce, max-age=7776000, report-uri="https://cartaocarrefour.servicesdigital.com.br/"
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
location
https://cartaocarrefour.servicesdigital.com.br/restrict-access
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
js
www.googletagmanager.com/gtag/
306 KB
102 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-VXS7NX076P
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a8f1aed5b6570b88b02ed5a5386e31f015ab5455e4e9f9632158eb3a1e0dd4bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:40 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
103571
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 29 Jul 2024 07:56:40 GMT
jby1ido.css
use.typekit.net/
3 KB
904 B
Stylesheet
General
Full URL
https://use.typekit.net/jby1ido.css
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:29::17da:da44 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
e8ea6292077a6692aa2dd34bcb06c5ba344d02c907d2ea32828d2eea9f1a1dc0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Mon, 29 Jul 2024 07:56:40 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
681
estilomobile-v1.css
cartaocarrefour.servicesdigital.com.br/css/
36 KB
9 KB
Stylesheet
General
Full URL
https://cartaocarrefour.servicesdigital.com.br/css/estilomobile-v1.css
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.110.219.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.219.110.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
ddbb1deb4d77c02fc72ba2e5f2871de9961d30b9882c9e31584113498d54aca3
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cartaocarrefour.servicesdigital.com.br/restrict-access
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:39 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8686
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 19 Jul 2024 19:41:14 GMT
server
Google Frontend
etag
"9077-61d9ee0cf8a80-gzip"
expect-ct
enforce, max-age=7776000, report-uri="https://cartaocarrefour.servicesdigital.com.br/"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
allow
GET, POST, PUT, DELETE, HEAD
x-cloud-trace-context
77c238e45b4aeae71a3332b6b10d0e81
cache-control
no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
estilopc-v1.css
cartaocarrefour.servicesdigital.com.br/css/
17 KB
3 KB
Stylesheet
General
Full URL
https://cartaocarrefour.servicesdigital.com.br/css/estilopc-v1.css
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.110.219.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.219.110.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
ea214a9cff65f25860a244d930ea7bceb9ccaf79992acce0ecd4a6a76c6c0e6c
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cartaocarrefour.servicesdigital.com.br/restrict-access
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:39 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3367
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 19 Jul 2024 19:41:14 GMT
server
Google Frontend
etag
"42bb-61d9ee0cf8a80-gzip"
expect-ct
enforce, max-age=7776000, report-uri="https://cartaocarrefour.servicesdigital.com.br/"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
allow
GET, POST, PUT, DELETE, HEAD
x-cloud-trace-context
8db01b3d21e439e81bdf451652bde3da
cache-control
no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
privacity.css
cartaocarrefour.servicesdigital.com.br/css/
3 KB
950 B
Stylesheet
General
Full URL
https://cartaocarrefour.servicesdigital.com.br/css/privacity.css
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.110.219.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.219.110.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
31706dc365383ec22164b515330fbd04276d88ea58ecf8ce7bb17fa315647c64
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cartaocarrefour.servicesdigital.com.br/restrict-access
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:39 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
918
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 19 Jul 2024 19:41:14 GMT
server
Google Frontend
etag
"dca-61d9ee0cf8a80-gzip"
expect-ct
enforce, max-age=7776000, report-uri="https://cartaocarrefour.servicesdigital.com.br/"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
allow
GET, POST, PUT, DELETE, HEAD
x-cloud-trace-context
66478a007dc86262b23c2a4977c3388d
cache-control
no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
jquery.js
cartaocarrefour.servicesdigital.com.br/js/
104 KB
32 KB
Script
General
Full URL
https://cartaocarrefour.servicesdigital.com.br/js/jquery.js
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.110.219.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.219.110.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
490a1210a7b0ff4fe866481af2cd8c472715bb30056623386fdcbd07f001db2e
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cartaocarrefour.servicesdigital.com.br/restrict-access
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:39 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32762
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 19 Jul 2024 19:41:14 GMT
server
Google Frontend
etag
"19f1a-61d9ee0cf8a80-gzip"
expect-ct
enforce, max-age=7776000, report-uri="https://cartaocarrefour.servicesdigital.com.br/"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
allow
GET, POST, PUT, DELETE, HEAD
x-cloud-trace-context
c7c8616f0737d636682302f0cc313736
cache-control
no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
jquery.mask.js
cartaocarrefour.servicesdigital.com.br/js/
22 KB
6 KB
Script
General
Full URL
https://cartaocarrefour.servicesdigital.com.br/js/jquery.mask.js
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.110.219.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.219.110.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
d2f934fda32ffb480a9e281d4986c60dcd3657d761b294f83d82a7782326cec8
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cartaocarrefour.servicesdigital.com.br/restrict-access
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:39 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5806
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 19 Jul 2024 19:41:14 GMT
server
Google Frontend
etag
"5928-61d9ee0cf8a80-gzip"
expect-ct
enforce, max-age=7776000, report-uri="https://cartaocarrefour.servicesdigital.com.br/"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
allow
GET, POST, PUT, DELETE, HEAD
x-cloud-trace-context
224cde7b209d7380447295e25f59b9ca
cache-control
no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
main-v1.js
cartaocarrefour.servicesdigital.com.br/js/
4 KB
1 KB
Script
General
Full URL
https://cartaocarrefour.servicesdigital.com.br/js/main-v1.js
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.110.219.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.219.110.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
59816a39375d5b3580927ac6cbcda22b6a773bdbaf3e49f68b48488c74c0ea69
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cartaocarrefour.servicesdigital.com.br/restrict-access
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:40 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1069
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 19 Jul 2024 19:41:14 GMT
server
Google Frontend
etag
"1028-61d9ee0cf8a80-gzip"
expect-ct
enforce, max-age=7776000, report-uri="https://cartaocarrefour.servicesdigital.com.br/"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
allow
GET, POST, PUT, DELETE, HEAD
x-cloud-trace-context
457a10d47005c4c228b2aebc9155c8cd
cache-control
no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/
87 KB
28 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:40 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
11316545
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27938
last-modified
Tue, 02 Mar 2021 18:58:36 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"603e8adc-15d9d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bqWabHcmvArRBYL3jJNEbJtSNcqzs2SsKOimOjoVJkyyD8TOLzn1vyaKmbtAc0Aa8GXYues4xcczPlmYnizmlmbj5a3XyAgEv6GzECE55Wmhoy0wNt7I6B4b%2BGSvfDQcb3m54gCS"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8aab8dc25d6f6429-SJC
expires
Sat, 19 Jul 2025 07:56:40 GMT
jquery-ui.min.js
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/
248 KB
56 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:40 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1377980
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57137
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-3dee5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2dYMc16tanTuTvFAeLKFCQN4eW%2FMwp%2BSWR2nN74Vug%2BjxDfNpFdG%2FRydDJyI8sS1CeFbP3Sh9%2B6%2FKIpJJBi53ZAUZq%2BcdhU8hvCsqNvH3QHcenQ17bNLlH%2BIWk6eHhb3CnxB0abX"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8aab8dc25d706429-SJC
expires
Sat, 19 Jul 2025 07:56:40 GMT
fenix-client-sdk-1.3.0.min.js
cdn.fenixdigital.services/client/sdk/
7 KB
8 KB
Script
General
Full URL
https://cdn.fenixdigital.services/client/sdk/fenix-client-sdk-1.3.0.min.js
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.205.197 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
197.205.149.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
869163e2ad62304c797c5eae130eb0667febc9ce61fac5c342fb82d64e9935b8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN always
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:37:19 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
age
1161
x-guploader-uploadid
AHxI1nM2jfbImAakC9iH3z2A6fnTW1KB8U7MhivdS-WIjUlfCN0gbZz6HdPSHWCIFhuuv05_qPvo9SR-6g
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7629
x-xss-protection
1; mode=block
last-modified
Tue, 03 Oct 2023 19:44:57 GMT
server
UploadServer
etag
"85ab633da2807f4d28296c677b83b2df"
x-frame-options
SAMEORIGIN always
x-goog-generation
1696362297761354
x-goog-hash
crc32c=v4zgAA==, md5=hatjPaKAf00oKWxne4Oy3w==
content-type
text/javascript
cache-control
public,max-age=3600
x-goog-stored-content-length
7629
accept-ranges
bytes
icon-error.svg
cartaocarrefour.servicesdigital.com.br/img/
1013 B
1 KB
Image
General
Full URL
https://cartaocarrefour.servicesdigital.com.br/img/icon-error.svg
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.110.219.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.219.110.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
4e4514ee0b28157daf7e75ecf5350266d1a567c25a467d227fa20b0a1cf4d897
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cartaocarrefour.servicesdigital.com.br/restrict-access
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:40 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1013
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 19 Jul 2024 19:41:14 GMT
server
Google Frontend
etag
"3f5-61d9ee0cf8a80"
expect-ct
enforce, max-age=7776000, report-uri="https://cartaocarrefour.servicesdigital.com.br/"
x-frame-options
SAMEORIGIN
allow
GET, POST, PUT, DELETE, HEAD
content-type
image/svg+xml
x-cloud-trace-context
3829bf53f6d4d26f04b6973203d6f17a
cache-control
no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
icon-back.svg
cartaocarrefour.servicesdigital.com.br/img/
747 B
777 B
Image
General
Full URL
https://cartaocarrefour.servicesdigital.com.br/img/icon-back.svg
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.110.219.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.219.110.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
cc2557dd9c32a5aca166c66ebde04a3812b4890a1814e210f9ae8f15a6a7197f
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cartaocarrefour.servicesdigital.com.br/restrict-access
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:40 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
747
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 19 Jul 2024 19:41:14 GMT
server
Google Frontend
etag
"2eb-61d9ee0cf8a80"
expect-ct
enforce, max-age=7776000, report-uri="https://cartaocarrefour.servicesdigital.com.br/"
x-frame-options
SAMEORIGIN
allow
GET, POST, PUT, DELETE, HEAD
content-type
image/svg+xml
x-cloud-trace-context
88c44886437df154539c9106801b183c
cache-control
no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
logo_carrefour.svg
cartaocarrefour.servicesdigital.com.br/img/
13 KB
13 KB
Image
General
Full URL
https://cartaocarrefour.servicesdigital.com.br/img/logo_carrefour.svg
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/restrict-access
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.110.219.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.219.110.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
00dff9682c37bca691cc7650f3f031323ea5abd9d280561740c9419e45046a9a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cartaocarrefour.servicesdigital.com.br/restrict-access
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:40 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13034
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 19 Jul 2024 19:41:14 GMT
server
Google Frontend
etag
"32ea-61d9ee0cf8a80"
expect-ct
enforce, max-age=7776000, report-uri="https://cartaocarrefour.servicesdigital.com.br/"
x-frame-options
SAMEORIGIN
allow
GET, POST, PUT, DELETE, HEAD
content-type
image/svg+xml
x-cloud-trace-context
7458cec89dfe73c5d8aedd9ab46ca2ed
cache-control
no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
p.css
p.typekit.net/
5 B
172 B
Stylesheet
General
Full URL
https://p.typekit.net/p.css?s=1&k=jby1ido&ht=tk&f=139.173.175&a=18194819&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/jby1ido.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:29::17da:da44 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:40 GMT
last-modified
Sun, 02 Jun 2024 13:17:35 GMT
server
nginx
etag
"665c70ef-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-VXS7NX076P&gtm=45je47o0v9102014027za200&_p=1722239799705&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=95250753&cid=1645181460.1722239800&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1722239800&sct=1&seg=0&dl=https%3A%2F%2Fcartaocarrefour.servicesdigital.com.br%2Frestrict-access&dt=Acesso%20Restrito%20%7C%20Services%20Digital&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1553
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VXS7NX076P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c07::71 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 29 Jul 2024 07:56:40 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cartaocarrefour.servicesdigital.com.br
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
269 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-VXS7NX076P&cid=1645181460.1722239800&gtm=45je47o0v9102014027za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VXS7NX076P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 29 Jul 2024 07:56:40 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cartaocarrefour.servicesdigital.com.br
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
proximanova-regular.otf
cartaocarrefour.servicesdigital.com.br/fonts/
97 KB
97 KB
Font
General
Full URL
https://cartaocarrefour.servicesdigital.com.br/fonts/proximanova-regular.otf
Requested by
Host: cartaocarrefour.servicesdigital.com.br
URL: https://cartaocarrefour.servicesdigital.com.br/css/estilomobile-v1.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.110.219.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.219.110.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
451c2d5af11dc352cbfa0216eb68e31560eaf4b6be2e54e9f2bfce21dad3295f
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cartaocarrefour.servicesdigital.com.br/css/estilomobile-v1.css
Origin
https://cartaocarrefour.servicesdigital.com.br
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:40 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
98816
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 19 Jul 2024 19:41:14 GMT
server
Google Frontend
etag
"18200-61d9ee0cf8a80"
expect-ct
enforce, max-age=7776000, report-uri="https://cartaocarrefour.servicesdigital.com.br/"
x-frame-options
SAMEORIGIN
allow
GET, POST, PUT, DELETE, HEAD
content-type
font/otf
x-cloud-trace-context
3551558250736a5c57f66685505f0fb8
cache-control
no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
favicon.png
cartaocarrefour.servicesdigital.com.br/img/
618 B
648 B
Other
General
Full URL
https://cartaocarrefour.servicesdigital.com.br/img/favicon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.110.219.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.219.110.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
5fa4235d57d72a555c9fe4acdbb9feede3d22213ce21582b5a2b859600acfdb9
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cartaocarrefour.servicesdigital.com.br/restrict-access
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:41 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
618
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 19 Jul 2024 19:41:14 GMT
server
Google Frontend
etag
"26a-61d9ee0cf8a80"
expect-ct
enforce, max-age=7776000, report-uri="https://cartaocarrefour.servicesdigital.com.br/"
x-frame-options
SAMEORIGIN
allow
GET, POST, PUT, DELETE, HEAD
content-type
image/png
x-cloud-trace-context
0c3aca6f2f4851d9b99495ba1b43b180
cache-control
no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
favicon.png
cartaocarrefour.servicesdigital.com.br/img/
618 B
648 B
Other
General
Full URL
https://cartaocarrefour.servicesdigital.com.br/img/favicon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.110.219.242 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.219.110.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
5fa4235d57d72a555c9fe4acdbb9feede3d22213ce21582b5a2b859600acfdb9
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cartaocarrefour.servicesdigital.com.br/restrict-access
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 07:56:41 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
618
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 19 Jul 2024 19:41:14 GMT
server
Google Frontend
etag
"26a-61d9ee0cf8a80"
expect-ct
enforce, max-age=7776000, report-uri="https://cartaocarrefour.servicesdigital.com.br/"
x-frame-options
SAMEORIGIN
allow
GET, POST, PUT, DELETE, HEAD
content-type
image/png
x-cloud-trace-context
71435575abb9036b03575da7871fb524
cache-control
no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayer function| gtag object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal function| $ function| jQuery function| receiveFileName function| receiveVoucherName function| testaCPF function| isEmail function| validMessage

3 Cookies

Domain/Path Name / Value
cartaocarrefour.servicesdigital.com.br/ Name: PHPSESSID
Value: 53dbac503d023dfa63618f945248e5f6
.servicesdigital.com.br/ Name: _ga
Value: GA1.1.1645181460.1722239800
.servicesdigital.com.br/ Name: _ga_VXS7NX076P
Value: GS1.1.1722239800.1.0.1722239800.60.0.0

1 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: accelerometer, camera, geolocation, gyroscope, magnetometer, microphone, payment, usb. Values defined in Permissions-Policy header will be used.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.gstatic.com/recaptcha https://www.google.com/recaptcha; connect-src https: wss:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
cartaocarrefour.servicesdigital.com.br
cdn.fenixdigital.services
cdnjs.cloudflare.com
p.typekit.net
stats.g.doubleclick.net
use.typekit.net
www.googletagmanager.com
104.17.25.14
2600:1408:c400:29::17da:da44
2607:f8b0:4004:c07::71
2607:f8b0:4004:c08::61
2607:f8b0:4004:c1d::9d
34.110.219.242
34.149.205.197
00dff9682c37bca691cc7650f3f031323ea5abd9d280561740c9419e45046a9a
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3
31706dc365383ec22164b515330fbd04276d88ea58ecf8ce7bb17fa315647c64
451c2d5af11dc352cbfa0216eb68e31560eaf4b6be2e54e9f2bfce21dad3295f
490a1210a7b0ff4fe866481af2cd8c472715bb30056623386fdcbd07f001db2e
4e4514ee0b28157daf7e75ecf5350266d1a567c25a467d227fa20b0a1cf4d897
59816a39375d5b3580927ac6cbcda22b6a773bdbaf3e49f68b48488c74c0ea69
5fa4235d57d72a555c9fe4acdbb9feede3d22213ce21582b5a2b859600acfdb9
869163e2ad62304c797c5eae130eb0667febc9ce61fac5c342fb82d64e9935b8
9b4f739d9f5feeeca407cfde43413f86c9b121182ee24abac5b3c49c85c4c40a
a8f1aed5b6570b88b02ed5a5386e31f015ab5455e4e9f9632158eb3a1e0dd4bd
cc2557dd9c32a5aca166c66ebde04a3812b4890a1814e210f9ae8f15a6a7197f
d2f934fda32ffb480a9e281d4986c60dcd3657d761b294f83d82a7782326cec8
ddbb1deb4d77c02fc72ba2e5f2871de9961d30b9882c9e31584113498d54aca3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8ea6292077a6692aa2dd34bcb06c5ba344d02c907d2ea32828d2eea9f1a1dc0
ea214a9cff65f25860a244d930ea7bceb9ccaf79992acce0ecd4a6a76c6c0e6c
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e