urlscan.io logo urlscan.io
SecurityTrails logo

app.giftbit.com Open in urlscan Pro
2606:4700:10::ac43:1b2e  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://app.giftbit.com/
Effective URL: https://app.giftbit.com/app/
Submission: On April 18 via manual from HK — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 2 countries across 7 domains to perform 27 HTTP transactions. The main IP is 2606:4700:10::ac43:1b2e, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.giftbit.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 26th 2022. Valid for: a year.
This is the only time app.giftbit.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 16 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2600:1f18:24e... 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
2 35.201.112.186 396982 (GOOGLE-CL...)
1 34.120.195.249 396982 (GOOGLE-CL...)
1 35.186.194.58 15169 (GOOGLE)
1 13.224.189.74 16509 (AMAZON-02)
2 18.66.147.49 16509 (AMAZON-02)
27 9
16    2606:4700:10::ac43:1b2e (United States)

ASN13335 (CLOUDFLARENET, US)
app.giftbit.com
2    2600:1f18:24e6:b901:8fc4:3d00:af0f:3ce0 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
csp-report.browser-intake-datadoghq.com
1    2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com
edge.fullstory.com
1    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o511518.ingest.sentry.io
1    35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com
rs.fullstory.com
1    13.224.189.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-74.fra2.r.cloudfront.net
widget.intercom.io
2    18.66.147.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-49.fra60.r.cloudfront.net
js.intercomcdn.com
Apex Domain
Subdomains		 Transfer
16 giftbit.com
app.giftbit.com
809 KB
3 fullstory.com
edge.fullstory.com — Cisco Umbrella Rank: 3131
rs.fullstory.com — Cisco Umbrella Rank: 3007
69 KB
2 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 5316
206 KB
2 browser-intake-datadoghq.com
csp-report.browser-intake-datadoghq.com — Cisco Umbrella Rank: 109131
1 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 3763
4 KB
1 sentry.io
o511518.ingest.sentry.io
301 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114
45 KB
27 7
Domain Requested by
16 app.giftbit.com 2 redirects app.giftbit.com
2 js.intercomcdn.com widget.intercom.io
2 edge.fullstory.com app.giftbit.com
2 csp-report.browser-intake-datadoghq.com app.giftbit.com
1 widget.intercom.io app.giftbit.com
1 rs.fullstory.com app.giftbit.com
1 o511518.ingest.sentry.io app.giftbit.com
1 www.googletagmanager.com app.giftbit.com
27 8

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-26 -
2023-05-26		 a year crt.sh
*.browser-intake-datadoghq.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-21 -
2023-07-22		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-03-28 -
2023-06-20		 3 months crt.sh
edge.fullstory.com
GTS CA 1D4		 2023-03-31 -
2023-06-30		 3 months crt.sh
*.ingest.sentry.io
R3		 2023-04-17 -
2023-07-16		 3 months crt.sh
rs.fullstory.com
GTS CA 1D4		 2023-03-23 -
2023-06-21		 3 months crt.sh
*.intercom.com
Amazon RSA 2048 M02		 2023-02-14 -
2024-03-14		 a year crt.sh
*.intercomcdn.com
Amazon RSA 2048 M01		 2023-02-21 -
2024-01-29		 a year crt.sh

This page contains 5 frames:

Primary Page: https://app.giftbit.com/app/
Frame ID: 68390D4CC611A0BEA5957441F491FB2F
Requests: 21 HTTP requests in this frame

Frame: https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
Frame ID: 93115F2663C69AA1473737ECC9B2EFE3
Requests: 1 HTTP requests in this frame

Frame: https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
Frame ID: EC3922B96C0D493D7CF0E01B1E2E1925
Requests: 1 HTTP requests in this frame

Frame: https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
Frame ID: 9E3FBC030EA5901365C38C75C738A3D6
Requests: 1 HTTP requests in this frame

Frame: https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
Frame ID: E7778C05FC58D2E2BA95EB846E3E761B
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Giftbit - Login

Page URL History Show full URLs

  1. http://app.giftbit.com/ HTTP 301
    https://app.giftbit.com/ HTTP 302
    https://app.giftbit.com/app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Page Statistics

27
Requests

89 %
HTTPS

38 %
IPv6

7
Domains

8
Subdomains

9
IPs

2
Countries

1127 kB
Transfer

3498 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://app.giftbit.com/ HTTP 301
    https://app.giftbit.com/ HTTP 302
    https://app.giftbit.com/app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
app.giftbit.com/app/
Redirect Chain
  • http://app.giftbit.com/
  • https://app.giftbit.com/
  • https://app.giftbit.com/app/
4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a6061d3888ba98e6886c453a20163eb76253c4ed609538477b27b1b0fb56f64
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
cf-cache-status
DYNAMIC
cf-ray
7b9ab774ac273a8b-FRA
content-encoding
gzip
content-language
de-DE
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
content-type
text/html;charset=UTF-8
date
Tue, 18 Apr 2023 06:05:32 GMT
expect-ct
max-age=86400, enforce
p3p
CP="Giftbit"
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
x-amz-cf-id
FFpcgBT6rmC7XTmME3orHuWbH1ylkpuO_-iiR85SaVjMvV4AHDONgw==
x-amz-cf-pop
EWR53-P1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache="set-cookie"
cf-cache-status
DYNAMIC
cf-ray
7b9ab77148e43a8b-FRA
content-length
0
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
date
Tue, 18 Apr 2023 06:05:32 GMT
expect-ct
max-age=86400, enforce
location
https://app.giftbit.com/app/
p3p
CP="Giftbit"
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
x-amz-cf-id
oXchJYqyxgi4EcmoH0pDBsSDbQbQHuZ2JXvPxSPFidb172g8U0GLfQ==
x-amz-cf-pop
EWR53-P1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
coreReactModule-8f98cbe41df56e47ead2c094f7b64092.js
app.giftbit.com/assets/ 		1 MB
400 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/coreReactModule-8f98cbe41df56e47ead2c094f7b64092.js
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f98f8c050e75e396ae21205837c3f9661f1b2d94dc8ef89be6c124baa72fb910
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 06:05:33 GMT
content-encoding
gzip
via
1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
FRA60-P3
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-cache
Miss from cloudfront
content-length
407150
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 06 Apr 2023 14:53:56 GMT
server
cloudflare
etag
"coreReactModule-8f98cbe41df56e47ead2c094f7b64092.js"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
7b9ab7770e783a8b-FRA
x-amz-cf-id
Q1HO59koMDalkW378wQHRcLSLMjvYgkNx5Hltuh--6W2cA0tndcYRw==
appLayoutModule-908c20ac5ab265106b7b6cf18878c927.css
app.giftbit.com/assets/ 		53 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/appLayoutModule-908c20ac5ab265106b7b6cf18878c927.css
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9bf97eb12183874007f61ffccdd5606e00a788925d06072e4ed15d2bf13edabc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 06:05:33 GMT
content-encoding
gzip
via
1.1 45abe1833dce03139cbfcdfadefbc17a.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
EWR53-P1
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-cache
Miss from cloudfront
content-length
10089
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 06 Apr 2023 14:53:56 GMT
server
cloudflare
etag
"appLayoutModule-908c20ac5ab265106b7b6cf18878c927.css"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
7b9ab7770e793a8b-FRA
x-amz-cf-id
85VlRl7kcRAYR1Jbr9TuoZwwSr4QYJppwzcwzSp7mZrgPuAdw_I7gg==
webapp-d6fefc5bacb2f64e7d9fc4d3843fb03a.css
app.giftbit.com/assets/ 		12 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/webapp-d6fefc5bacb2f64e7d9fc4d3843fb03a.css
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5dd2613f8f7dbbdb6120801de1c08b3d1bc5e4b1d1c7a8bcf99d8faca15ccf7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 06:05:33 GMT
content-encoding
gzip
via
1.1 957a0e737a088bdc07cb5cc9dcc9e826.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
EWR53-P1
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-cache
Miss from cloudfront
content-length
3145
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 06 Apr 2023 14:53:56 GMT
server
cloudflare
etag
"webapp-d6fefc5bacb2f64e7d9fc4d3843fb03a.css"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
7b9ab7770e7a3a8b-FRA
x-amz-cf-id
6nzDrKAZ6eT7tY4xq1QuH_AtBLTHxpLCFcEioVi6Ch7AzYRH065x9Q==
webapp-fb3d8b1a043cd0eb24ba19b1d9349239.js
app.giftbit.com/assets/ 		234 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/webapp-fb3d8b1a043cd0eb24ba19b1d9349239.js
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe388c53fc930e4747aacc08bca9273b4700af1a52e27b02f24a941d881dd261
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 06:05:33 GMT
content-encoding
gzip
via
1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
FRA60-P3
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-cache
Miss from cloudfront
content-length
50651
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 06 Apr 2023 14:53:50 GMT
server
cloudflare
etag
"webapp-fb3d8b1a043cd0eb24ba19b1d9349239.js"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
7b9ab7770e7c3a8b-FRA
x-amz-cf-id
5wtlfN8v4YXtfKc8ssHRKjrjaVf_EFrkmyXR_HJwAoZdr-4bfnw8ug==
logs
csp-report.browser-intake-datadoghq.com/api/v2/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b901:8fc4:3d00:af0f:3ce0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://app.giftbit.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/csp-report

Response headers
gtm.js
www.googletagmanager.com/ 		119 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WJBCHRZ
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f69043b2361b6d51d67a8b59ed107e665ca499b8d34a5ce57c572b853280fc45
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 06:05:33 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
45642
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 18 Apr 2023 06:05:33 GMT
fs.js
edge.fullstory.com/s/ 		245 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/fs.js
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/assets/coreReactModule-8f98cbe41df56e47ead2c094f7b64092.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
0d28752a236cc8c5b7d31203acba05532fa226d5621a2f36559955624d6df08c

Request headers

Referer
https://app.giftbit.com/
Origin
https://app.giftbit.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 05:39:13 GMT
content-encoding
br
age
1581
x-guploader-uploadid
ADPycduPYNeRxcGqrYHqjIw8d-84RhwTAO9sFcNAtG-IJGDx2wbB8oMKKVBSmAIDYd07pyayZ7gpAJE1jn-MDY18zUyU7Q
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
67265
last-modified
Wed, 12 Apr 2023 16:14:16 GMT
server
UploadServer
etag
"12079f08bea21f160ca85167932365d0"
vary
Accept-Encoding
x-goog-generation
1681316056047714
x-goog-hash
crc32c=23gfpg==, md5=EgefCL6iHxYMqFFnkyNl0A==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600,no-transform
x-goog-stored-content-length
67265
accept-ranges
bytes
content-type
application/javascript
expires
Tue, 18 Apr 2023 06:39:13 GMT
logs
csp-report.browser-intake-datadoghq.com/api/v2/ Frame 9311 		0
0
logs
csp-report.browser-intake-datadoghq.com/api/v2/ Frame EC39 		0
0
/
o511518.ingest.sentry.io/api/5736982/envelope/ 		2 B
301 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o511518.ingest.sentry.io/api/5736982/envelope/?sentry_key=1a18050297014396adba8e45d52fc8ea&sentry_version=7&sentry_client=sentry.javascript.react%2F7.31.1
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.giftbit.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 18 Apr 2023 06:05:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
getIntercomInformationCall
app.giftbit.com/intercom/ 		20 B
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/intercom/getIntercomInformationCall?dateTag=1681797934169
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/assets/coreReactModule-8f98cbe41df56e47ead2c094f7b64092.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3e450dcf650c1f9d8f1fe6609bfd1bf080eec348509d21d116f35ebccf18503
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.giftbit.com/app/auth/login
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
X-KIIND-AJAX
true, true
Content-Type
application/json, application/json

Response headers

date
Tue, 18 Apr 2023 06:05:34 GMT
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
content-encoding
gzip
x-permitted-cross-domain-policies
none
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-amz-cf-pop
EWR53-P1
x-content-type-options
nosniff
x-cache
Miss from cloudfront
p3p
CP="Giftbit"
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
expect-ct
max-age=86400, enforce
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
SAMEORIGIN
content-type
application/json;charset=UTF-8
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
cf-ray
7b9ab78098d43a8b-FRA
x-amz-cf-id
_MEUP1q0xgnCTZvHvDT7FPM482FKW8jg-iE534aaUsxyeKL1_RB41g==
9947-003d576cdd1ea1f84fe5.js
app.giftbit.com/assets/js/chunks/ 		27 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/js/chunks/9947-003d576cdd1ea1f84fe5.js
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/assets/webapp-fb3d8b1a043cd0eb24ba19b1d9349239.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c326fc0bf1079c9b11f0a4faaa63ee8a107d8e51b08f0012c8d748b8ea974238
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/app/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 06:05:34 GMT
content-encoding
gzip
via
1.1 35c803afef083002d824403342d4c62e.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
EWR53-P1
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-cache
Miss from cloudfront
content-length
10124
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 06 Apr 2023 14:53:52 GMT
server
cloudflare
etag
"js/chunks/9947-003d576cdd1ea1f84fe5-49476adb6268c58e90dbfb08cb394082.js"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
7b9ab78098e13a8b-FRA
x-amz-cf-id
I7rBY3IjduM9ucIOMsZOiWWGiOjpNp7VzFPLJuMbFzCRCQIe4Bmt7Q==
7550-5cf3f610fa3b36c81ad0.js
app.giftbit.com/assets/js/chunks/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/js/chunks/7550-5cf3f610fa3b36c81ad0.js
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/assets/webapp-fb3d8b1a043cd0eb24ba19b1d9349239.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afcde8424de4088f577db978caf743a1e32c11b7e849f203d53465410500d93a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/app/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 06:05:34 GMT
content-encoding
gzip
via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
FRA60-P3
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-cache
Miss from cloudfront
content-length
2770
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 06 Apr 2023 14:53:52 GMT
server
cloudflare
etag
"js/chunks/7550-5cf3f610fa3b36c81ad0-38b7866bb3eb0e2e53bf30c68f2fbaea.js"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
7b9ab78098e23a8b-FRA
x-amz-cf-id
NAWN1v-6YG1sTXZQAbZPqbRSl3asA-lz35jcOpNKyLWyEgt2YgO2iQ==
2740-4f986320fba6ef1ddf9e.css
app.giftbit.com/assets/js/chunks/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/js/chunks/2740-4f986320fba6ef1ddf9e.css
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/assets/webapp-fb3d8b1a043cd0eb24ba19b1d9349239.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75d313fb40527164fc31668ef63f24aab6535ebab026135bf4f36e3b4b01bab2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/app/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 06:05:34 GMT
content-encoding
gzip
via
1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
FRA60-P3
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-cache
Miss from cloudfront
content-length
722
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 06 Apr 2023 14:53:52 GMT
server
cloudflare
etag
"js/chunks/2740-4f986320fba6ef1ddf9e-6b8237a467c5a7a86342b68a2d626e5e.css"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=14400
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
7b9ab780a8e43a8b-FRA
x-amz-cf-id
WIJ50fDjnxRhcNShwzXPLWAHRwJXS1JL4GJRxh-5oiPdsFrCdMqvkw==
2740-4f986320fba6ef1ddf9e.js
app.giftbit.com/assets/js/chunks/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/js/chunks/2740-4f986320fba6ef1ddf9e.js
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/assets/webapp-fb3d8b1a043cd0eb24ba19b1d9349239.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4fe79e473edc4b2980009e789d37f828f2dd864bae9e6746385cd359f61971c7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/app/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 06:05:34 GMT
content-encoding
gzip
via
1.1 957a0e737a088bdc07cb5cc9dcc9e826.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
EWR53-P1
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-cache
Miss from cloudfront
content-length
4402
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 06 Apr 2023 14:53:52 GMT
server
cloudflare
etag
"js/chunks/2740-4f986320fba6ef1ddf9e-06ceb71811332ccf7619f030ec660a86.js"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
7b9ab780a8e53a8b-FRA
x-amz-cf-id
_dzoqOuEAYDp9Cl1pvjTTNEk7DGR8JHC7QaITPy_SPyjTJGR9ot2uw==
pptelegraf-regular.otf
app.giftbit.com/assets/fonts/pptelegraf/ 		45 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/fonts/pptelegraf/pptelegraf-regular.otf
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/assets/appLayoutModule-908c20ac5ab265106b7b6cf18878c927.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62694e6c2d2f33d8a8eadb8cd20888131da9789f53d7a816b3351df8bfe9e333
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.giftbit.com/assets/appLayoutModule-908c20ac5ab265106b7b6cf18878c927.css
Origin
https://app.giftbit.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 06:05:34 GMT
content-encoding
gzip
via
1.1 7fd88bab22735486702d23ba4e028d86.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
FRA60-P3
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-cache
Miss from cloudfront
content-length
29713
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 06 Apr 2023 14:54:00 GMT
server
cloudflare
etag
"fonts/pptelegraf/pptelegraf-regular-430c2db77eaf4401ecdc2532f2a01508.otf"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
font/otf
cache-control
max-age=14400
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
7b9ab780b8f73a8b-FRA
x-amz-cf-id
BUsHC3ABlWdgDNIdC8Jfs28jYQ7Lkv-u6KtoV_rCoaMxg0tvrR8eGA==
logs
csp-report.browser-intake-datadoghq.com/api/v2/ Frame 9E3F 		0
0
web
edge.fullstory.com/s/settings/o-1B7V37-na1/v1/ 		7 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/settings/o-1B7V37-na1/v1/web
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/assets/coreReactModule-8f98cbe41df56e47ead2c094f7b64092.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
5a970ae44fc4398974349614303b8e95a7df18586b73a6317f921fb59c37b2ec

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 06:05:34 GMT
content-encoding
gzip
age
0
x-guploader-uploadid
ADPycduUa1135v1Do0TsPxKFNXgW1D96mWFDgkYanmlKbcMANfgAxur7cjkRbjLQHzzL7rl359EAccPFFhqZaTmtWOf0tg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1849
last-modified
Tue, 18 Apr 2023 06:03:24 GMT
server
UploadServer
etag
"454c3ce5e2d70605567ed3f54fa4f15a"
x-goog-generation
1681719804464755
x-goog-hash
crc32c=lLJBBA==, md5=RUw85eLXBgVWftP1T6TxWg==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public,max-age=900,no-transform
x-goog-stored-content-length
1849
accept-ranges
bytes
content-type
application/json
expires
Tue, 18 Apr 2023 06:20:34 GMT
page
rs.fullstory.com/rec/ 		83 B
290 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/page
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/assets/coreReactModule-8f98cbe41df56e47ead2c094f7b64092.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
c04ec0a90e5ded6ccde519985a51d2d18aef1b84da0faabfd78e3f3292ab0916
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://app.giftbit.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 18 Apr 2023 06:05:34 GMT
via
1.1 google
x-content-type-options
nosniff
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://app.giftbit.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
83
pptelegraf-bold.otf
app.giftbit.com/assets/fonts/pptelegraf/ 		47 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/fonts/pptelegraf/pptelegraf-bold.otf
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/assets/appLayoutModule-908c20ac5ab265106b7b6cf18878c927.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8fa6629c63029c1990879661b5d3a0ff9904942e2f61cf22d2f562aa8c7a15f7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.giftbit.com/assets/appLayoutModule-908c20ac5ab265106b7b6cf18878c927.css
Origin
https://app.giftbit.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 06:05:35 GMT
content-encoding
gzip
via
1.1 7395d1816622756cd6753f5e1281200c.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
FRA60-P3
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-cache
Miss from cloudfront
content-length
31042
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 06 Apr 2023 14:54:00 GMT
server
cloudflare
etag
"fonts/pptelegraf/pptelegraf-bold-fa955f0074f4f1523f93e2c66c3f638b.otf"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
font/otf
cache-control
max-age=14400
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
7b9ab7850d773a8b-FRA
x-amz-cf-id
wzl7BL99jVvti_5qcoFOQOgE6p1yBZC_-crM00z4hmAgiRBswT9BSw==
pptelegraf-semibold.otf
app.giftbit.com/assets/fonts/pptelegraf/ 		47 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/fonts/pptelegraf/pptelegraf-semibold.otf
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/assets/appLayoutModule-908c20ac5ab265106b7b6cf18878c927.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b283c89b9c59323f31a0c31e2b7150e008e938bc8a2d900815c73aa4ac4ab546
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.giftbit.com/assets/appLayoutModule-908c20ac5ab265106b7b6cf18878c927.css
Origin
https://app.giftbit.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 06:05:35 GMT
content-encoding
gzip
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
FRA60-P3
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-cache
Miss from cloudfront
content-length
31102
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 06 Apr 2023 14:54:00 GMT
server
cloudflare
etag
"fonts/pptelegraf/pptelegraf-semibold-5bc94528bf49f69a947e6837b0a6a47e.otf"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
font/otf
cache-control
max-age=14400
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
7b9ab7850d7c3a8b-FRA
x-amz-cf-id
F3s4MxrZecwCoM4XSG6C51RIPpfIgOb6_shGgoBi3FsU2CinDpAt7w==
conveyor.svg
app.giftbit.com/assets/js/assets/images/images/giftbot/ 		548 KB
217 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.giftbit.com/assets/js/assets/images/images/giftbot/conveyor.svg
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/app/auth/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
970e2408a668ce87d153cdafc4379c5dd450b2e889c6d2f09a55b53ab4b89e0c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/app/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 06:05:35 GMT
content-encoding
gzip
via
1.1 4b6e1bc9480bffb0b8980e408fffa59e.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
EWR53-P1
content-security-policy
upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-cache
Miss from cloudfront
content-length
219375
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 06 Apr 2023 14:53:58 GMT
server
cloudflare
etag
"js/assets/images/images/giftbot/conveyor-ca14d29f24a5a959f37f53ec84af39dc.svg"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=14400
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
7b9ab7852db53a8b-FRA
x-amz-cf-id
46g2A1VUnyhFk_14rym0wAxm7AuBXoufJesemPkavV8GjHjKfofhFg==
/
widget.intercom.io/widget/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.intercom.io/widget/
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/assets/coreReactModule-8f98cbe41df56e47ead2c094f7b64092.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-74.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4e8eb89dd23ceece5f34dd810d20622b976a9f5a823a90c63ed175c009de432f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
vvOCI3LB1wMdM_AY0EMWyKiE_Tc7wH5V
content-encoding
gzip
via
1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront)
date
Tue, 18 Apr 2023 05:51:00 GMT
x-amz-cf-pop
FRA2-C1
age
962
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
3268
last-modified
Mon, 17 Apr 2023 16:26:43 GMT
server
AmazonS3
etag
"6dfc92d4aef499fe55b7d9ac6a3d6849"
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=900, s-maxage=900, public
accept-ranges
bytes
x-amz-cf-id
fE5TIG70HOIZpib1BhppqaWTVavEg878qfBpWz3a7zt4VnOxt3ddvw==
logs
csp-report.browser-intake-datadoghq.com/api/v2/ Frame E777 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b901:8fc4:3d00:af0f:3ce0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/csp-report

Response headers
frame-modern.30282a62.js
js.intercomcdn.com/ Frame E777 		503 KB
133 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.30282a62.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-49.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
659107309197d2d285eed1b7478c699e280c204561659f743108f8247c12caf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
tFbwpl1fKopQzj2cwmZOmVvkLnSi2x4Y
content-encoding
gzip
via
1.1 307395f1eb3989f15e6f525475291c86.cloudfront.net (CloudFront)
date
Tue, 18 Apr 2023 05:11:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P4
age
3239
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
135007
last-modified
Mon, 17 Apr 2023 16:24:16 GMT
server
AmazonS3
etag
"a35a557320503b36b15a960fd37a536b"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
oyBZqLFRYN76RCW46W-uRCz1HxXmEm0pmKXBLaQpGZX0QletpK2ZNQ==
vendor-modern.f8ed2212.js
js.intercomcdn.com/ Frame E777 		237 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.f8ed2212.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-49.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05b9f6778c130e94a36cb562772478993531cd4f10b3c24bfa367b639d7215d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
gTDBE5XqbA7aMHO9ee8M7_WxjH.dPjNK
content-encoding
gzip
via
1.1 307395f1eb3989f15e6f525475291c86.cloudfront.net (CloudFront)
date
Tue, 18 Apr 2023 04:07:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P4
age
7082
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
74621
last-modified
Mon, 17 Apr 2023 10:04:28 GMT
server
AmazonS3
etag
"c13491833880c757c5f55d192ac003e9"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
xuTu9C3ucQTnC61KwKDcpAcsvG5DsBrjFC9v-wB97NXA4jGiyCbldg==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
csp-report.browser-intake-datadoghq.com
URL
https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
Domain
csp-report.browser-intake-datadoghq.com
URL
https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
Domain
csp-report.browser-intake-datadoghq.com
URL
https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless function| gtag object| dataLayer object| google_tag_manager object| google_tag_data object| process object| webpackChunkgiftbitReact object| __gb_embd object| SENTRY_RELEASE object| SENTRY_RELEASES function| _ object| __SENTRY__ object| reduxStore string| _fs_host string| _fs_script string| _fs_org string| _fs_namespace function| FS boolean| _fs_initialized function| Intercom string| _fs_loaded function| _fs_shutdown function| __intercomAssignLocation function| __intercomReloadLocation

3 Cookies

Domain/Path Name / Value
app.giftbit.com/ Name: JSESSIONID
Value: 790AC2F502D0903549597D2643FBDD97
app.giftbit.com/ Name: AWSELB
Value: 05C149731E8342ADD97BF0294984575C7D4B203B5FBE19D66C74ADF2C651D478EDD3B2A1AD4A937BB7EA197F73AEEBE83613A0C192D65F3ED5962EED5D19F22C64B2AC77E7
app.giftbit.com/ Name: AWSELBCORS
Value: 05C149731E8342ADD97BF0294984575C7D4B203B5FBE19D66C74ADF2C651D478EDD3B2A1AD4A937BB7EA197F73AEEBE83613A0C192D65F3ED5962EED5D19F22C64B2AC77E7

10 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'layout-animations'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'legacy-image-formats'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'oversized-images'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'speaker-selection'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'unoptimized-images'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'unsized-media'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com ; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com ; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.giftbit.com
csp-report.browser-intake-datadoghq.com
edge.fullstory.com
js.intercomcdn.com
o511518.ingest.sentry.io
rs.fullstory.com
widget.intercom.io
www.googletagmanager.com
csp-report.browser-intake-datadoghq.com
13.224.189.74
18.66.147.49
2600:1f18:24e6:b901:8fc4:3d00:af0f:3ce0
2606:4700:10::ac43:1b2e
2a00:1450:4001:80e::2008
34.120.195.249
35.186.194.58
35.201.112.186
05b9f6778c130e94a36cb562772478993531cd4f10b3c24bfa367b639d7215d0
0d28752a236cc8c5b7d31203acba05532fa226d5621a2f36559955624d6df08c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4e8eb89dd23ceece5f34dd810d20622b976a9f5a823a90c63ed175c009de432f
4fe79e473edc4b2980009e789d37f828f2dd864bae9e6746385cd359f61971c7
5a6061d3888ba98e6886c453a20163eb76253c4ed609538477b27b1b0fb56f64
5a970ae44fc4398974349614303b8e95a7df18586b73a6317f921fb59c37b2ec
62694e6c2d2f33d8a8eadb8cd20888131da9789f53d7a816b3351df8bfe9e333
659107309197d2d285eed1b7478c699e280c204561659f743108f8247c12caf7
75d313fb40527164fc31668ef63f24aab6535ebab026135bf4f36e3b4b01bab2
8fa6629c63029c1990879661b5d3a0ff9904942e2f61cf22d2f562aa8c7a15f7
970e2408a668ce87d153cdafc4379c5dd450b2e889c6d2f09a55b53ab4b89e0c
9bf97eb12183874007f61ffccdd5606e00a788925d06072e4ed15d2bf13edabc
afcde8424de4088f577db978caf743a1e32c11b7e849f203d53465410500d93a
b283c89b9c59323f31a0c31e2b7150e008e938bc8a2d900815c73aa4ac4ab546
b5dd2613f8f7dbbdb6120801de1c08b3d1bc5e4b1d1c7a8bcf99d8faca15ccf7
c04ec0a90e5ded6ccde519985a51d2d18aef1b84da0faabfd78e3f3292ab0916
c326fc0bf1079c9b11f0a4faaa63ee8a107d8e51b08f0012c8d748b8ea974238
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f3e450dcf650c1f9d8f1fe6609bfd1bf080eec348509d21d116f35ebccf18503
f69043b2361b6d51d67a8b59ed107e665ca499b8d34a5ce57c572b853280fc45
f98f8c050e75e396ae21205837c3f9661f1b2d94dc8ef89be6c124baa72fb910
fe388c53fc930e4747aacc08bca9273b4700af1a52e27b02f24a941d881dd261