urlscan.io logo urlscan.io
SecurityTrails logo

assure.plansante.com Open in urlscan Pro
2a01:c911:140::b  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://affdemat.mutuellebleue.fr/
Effective URL: https://assure.plansante.com/assures/auth
Submission: On November 09 via automatic, source certstream-suspicious — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 5 countries across 7 domains to perform 43 HTTP transactions. The main IP is 2a01:c911:140::b, located in France and belongs to France Telecom - Orange, FR. The main domain is assure.plansante.com.
TLS certificate: Issued by QuoVadis Global SSL ICA G3 on September 4th 2023. Valid for: a year.
This is the only time assure.plansante.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 194.206.243.245 3215 (France Te...)
19 2a01:c911:140::b 3215 (France Te...)
1 90.85.55.198 3215 (France Te...)
3 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
3 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 35.195.172.110 396982 (GOOGLE-CL...)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 20.105.232.11 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
43 12
1    194.206.243.245 (Paris, France)

ASN3215 (France Telecom - Orange, FR)
affdemat.mutuellebleue.fr
19    2a01:c911:140::b (France)

ASN3215 (France Telecom - Orange, FR)
assure.plansante.com
1    90.85.55.198 (Bussy-Saint-Georges, France)

ASN3215 (France Telecom - Orange, FR)
assets.plansante.com
3    2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
4    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
3    2a06:98c1:3120::9 (United States)

ASN13335 (CLOUDFLARENET, US)
script.tolk.ai
1    35.195.172.110 (Brussels, Belgium)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 110.172.195.35.bc.googleusercontent.com
bot-management-api.tolk.ai
4    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2a00:1450:4001:829::201b (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
storage.googleapis.com
2    20.105.232.11 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
directline.botframework.com
1    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
Apex Domain
Subdomains		 Transfer
20 plansante.com
assure.plansante.com
assets.plansante.com
273 KB
8 gstatic.com
www.gstatic.com
fonts.gstatic.com
503 KB
6 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
storage.googleapis.com — Cisco Umbrella Rank: 409
ajax.googleapis.com — Cisco Umbrella Rank: 364
41 KB
4 tolk.ai
script.tolk.ai — Cisco Umbrella Rank: 641249
bot-management-api.tolk.ai — Cisco Umbrella Rank: 781002
353 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 2
35 KB
2 botframework.com
directline.botframework.com — Cisco Umbrella Rank: 26390
2 KB
1 mutuellebleue.fr
affdemat.mutuellebleue.fr
2 KB
43 7
Domain Requested by
19 assure.plansante.com assure.plansante.com
4 fonts.gstatic.com www.google.com
fonts.googleapis.com
4 www.gstatic.com www.google.com
www.gstatic.com
3 storage.googleapis.com script.tolk.ai
3 script.tolk.ai assure.plansante.com
script.tolk.ai
3 www.google.com assure.plansante.com
www.gstatic.com
www.google.com
2 directline.botframework.com script.tolk.ai
2 fonts.googleapis.com client
1 ajax.googleapis.com storage.googleapis.com
1 bot-management-api.tolk.ai script.tolk.ai
1 assets.plansante.com assure.plansante.com
1 affdemat.mutuellebleue.fr 1 redirects
43 12

This site contains no links.

Subject Issuer Validity Valid
assure.plansante.com
QuoVadis Global SSL ICA G3		 2023-09-04 -
2024-09-04		 a year crt.sh
assets.plansante.com
QuoVadis Global SSL ICA G3		 2023-04-07 -
2024-04-07		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
script.tolk.ai
E1		 2023-10-25 -
2024-01-23		 3 months crt.sh
tcf.tolk.ai
R3		 2023-10-28 -
2024-01-26		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
storage.googleapis.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
ssl.roles.botframework.com
DigiCert SHA2 Secure Server CA		 2023-10-12 -
2024-10-12		 a year crt.sh

This page contains 3 frames:

Primary Page: https://assure.plansante.com/assures/auth
Frame ID: 406083EFFD30CF6BBB2F219E5CC1B94C
Requests: 25 HTTP requests in this frame

Frame: https://script.tolk.ai/webchat-latest?no-cache=1699524517452
Frame ID: CFA4DDCCB67347689B541BCBAED3A3F1
Requests: 11 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSFt4mAAAAAHMBvgJDsOZsRSo9Ri65wboDHJiZ&co=aHR0cHM6Ly9hc3N1cmUucGxhbnNhbnRlLmNvbTo0NDM.&hl=fr&v=fGZmEzpfeSeqDJiApS_XZ4Y2&size=invisible&cb=jumk93kxo4f7
Frame ID: D0C64F9A1F2145B28CFC3603D900D7C7
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Connexion

Page URL History Show full URLs

  1. https://affdemat.mutuellebleue.fr/ HTTP 302
    https://assure.plansante.com/assures/auth Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

43
Requests

100 %
HTTPS

67 %
IPv6

7
Domains

12
Subdomains

12
IPs

5
Countries

1208 kB
Transfer

3089 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://affdemat.mutuellebleue.fr/ HTTP 302
    https://assure.plansante.com/assures/auth Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

43 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request auth
assure.plansante.com/assures/
Redirect Chain
  • https://affdemat.mutuellebleue.fr/
  • https://assure.plansante.com/assures/auth
13 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
3fbb610ae1fd424737c36f1542a0a330ce29b256c9e9426b8ce94e025990782f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
3194
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Type
text/html; charset=UTF-8
Cross-Origin-Embedder-Policy
unsafe-none
Cross-Origin-Opener-Policy
same-origin
Cross-Origin-Resource-Policy
same-origin
Date
Thu, 09 Nov 2023 10:08:36 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
P3P
CP="{}"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Reporting-Endpoints
csp-endpoint="https://assure.plansante.com/csp_report"
Server
Apache
Strict-Transport-Security
max-age=15768000
Vary
Accept-Encoding
X-Content-Type-Options
nosniff nosniff
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
default-src 'self'; object-src 'none'; base-uri 'none'; connect-src 'self'; font-src 'self'; form-action *; img-src 'self' data: https://assets.plansante.com; script-src 'self'; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'none'; report-uri /csp_report
Content-Type
text/html; charset=UTF-8
Cross-Origin-Embedder-Policy
require-corp
Cross-Origin-Opener-Policy
same-origin
Cross-Origin-Resource-Policy
same-origin
Date
Thu, 09 Nov 2023 10:08:34 GMT
Expect-CT
max-age=86400, enforce, report-uri=/csp_report
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Location
https://assure.plansante.com/assures/auth
Pragma
no-cache
Referrer-Policy
no-referrer, strict-origin-when-cross-origin
Server
Apache
Strict-Transport-Security
max-age=15768000 max-age=15768000; includeSubDomains
X-Content-Type-Options
nosniff nosniff
X-Frame-Options
SAMEORIGIN deny
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block
77eca374bfed30fff6bc8d73ba2dbd4d4ebf1a29138811dc05a96844bab3f5a3.css
assure.plansante.com/css/ 		129 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/css/77eca374bfed30fff6bc8d73ba2dbd4d4ebf1a29138811dc05a96844bab3f5a3.css?1699522230
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
327157d70af133777503cbfe25345219b54f0b3004f1006de159ac0afb409d30
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
21772
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:26 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"204b8-609b4da99aea0-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
logo-plansante.png
assets.plansante.com/images/assures/logos_env/logos_blanc/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.plansante.com/images/assures/logos_env/logos_blanc/logo-plansante.png
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
90.85.55.198 Bussy-Saint-Georges, France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
353e1b67f1e1d1a7cafdd822fe1fd63f3107eb597860fc3129561167dae718f7
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:06:56 GMT
Strict-Transport-Security
max-age=15768000;includeSubDomains
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
3428
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 01 Sep 2017 13:20:28 GMT
Server
Apache
ETag
"d64-558209fe0d15c"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
PUT, GET, POST, DELETE, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
must-revalidate, proxy-revalidate, private, max-age=300, s-maxage=300
Accept-Ranges
bytes
Access-Control-Allow-Headers
origin, x-requested-with, content-type
Keep-Alive
timeout=5, max=100
feature-detection.min.js
assure.plansante.com/js/main/ 		942 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/main/feature-detection.min.js?1699522230
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
3bcc482c4555b3232400c1a8e8ceffc67c84cde8c2c79709459c5ea29e0285f3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
307
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:04 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"3ae-609b4d947caa0-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
system.min.js
assure.plansante.com/js/vendor/ 		10 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/vendor/system.min.js?1699522230
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
1b643ca238b021c4703dbf16b184b4e29bfc6b4391cd9cd5c2e1bb020071cbc9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
3566
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:12 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"260d-609b4d9c353a0-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
jquery.min.js
assure.plansante.com/js/vendor/ 		89 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/vendor/jquery.min.js?1699522230
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
fe51d9f2289050f2dfd75a5ed03a5d12e78cb1606ce513c0d9ad3d2dd685efb1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
31281
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:09 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"1623d-609b4d99a4000-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
bootstrap.min.js
assure.plansante.com/js/vendor/ 		58 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/vendor/bootstrap.min.js?1699522230
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
354146db13359a6eb9c6bbb5c0411e24c3b392b35b06e2e4c16e891f1e5b42d3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
15436
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:07 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"e696-609b4d97b7d00-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
helpers.min.js
assure.plansante.com/js/ 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/helpers.min.js?1699522230
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
9be3b06a05dfdeed30ab1d2cff357375dca02867dc26795e33e46adeca4d9d82
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
2232
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:04 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"151c-609b4d945b760-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
polyfills.min.js
assure.plansante.com/js/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/polyfills.min.js?1699522230
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
bcebcad2580907cf201fe6dd3c1ae4b210e1ff26cef07760d62d859714b70693
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
4787
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:05 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"445b-609b4d95fd6e0-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
bootstrap-datepicker.min.js
assure.plansante.com/js/vendor/ 		34 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/vendor/bootstrap-datepicker.min.js?1699522230
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
e791dda34f4502e5257c3f1d051c8ff440af91a11645a070b0a0e0c6c7d341bc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
10044
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:06 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"861f-609b4d96aa480-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
bootstrap-datepicker.fr.min.js
assure.plansante.com/js/vendor/ 		519 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/vendor/bootstrap-datepicker.fr.min.js?1699522230
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
6526b5a850eff3a98a0940b5e517f7e4c0ccaf5fecb60781386b87a95ea6cc56
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
290
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:06 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"207-609b4d963edc0-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Content-Language
fr
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
jquery.form.min.js
assure.plansante.com/js/vendor/ 		15 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/vendor/jquery.form.min.js?1699522230
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
d21856339e599938a40a2836d6b42b46e2c48a5060c93d20884e757a1684c9b0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
5858
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:08 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"3c3d-609b4d9872560-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
plupload.full.min.js
assure.plansante.com/js/vendor/ 		136 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/vendor/plupload.full.min.js?1699522230
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
cee8d579e4e1c12797791dcf920fba198af03a189b07d9f5298add8aebf6e882
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
41025
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:11 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"220a9-609b4d9b5c6e0-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
axios.min.js
assure.plansante.com/js/vendor/ 		13 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/vendor/axios.min.js?1699522230
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
3980234d14be5938db9da8696a7f146b7cf738a3567cccfe226abb81796063a1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
4646
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:06 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"35d5-609b4d963edc0-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
healthcareNetworksKalixia.min.js
assure.plansante.com/js/main/ 		759 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/main/healthcareNetworksKalixia.min.js?1699522230
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
31b67c9796774932b8c5966e58c8194deffeae9e5cd897111acfc2fae6c38951
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
417
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:04 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"2f7-609b4d947f980-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
auth.min.js
assure.plansante.com/js/ 		1010 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/auth.min.js?1699522230
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
87ef89eb483d62c1b887f0600deeafc3bf5a837e91f59e3044b4fb7f50e369c1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
431
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:04 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"3f2-609b4d9423cc0-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
recaptchaV3.min.js
assure.plansante.com/js/main/ 		125 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/main/recaptchaV3.min.js
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
3d0cc7e32ffeee328ee15d4b19e4425b158b3b340f07e7a872b86aff1dc0d580
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/assures/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
128
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:04 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"7d-609b4d94b35a0-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
api.js
www.google.com/recaptcha/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
6f9b8131d433011af25abaa14fb8261ee14cc3cea3dd0368fc6d522adc8f1521
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 10:08:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Thu, 09 Nov 2023 10:08:37 GMT
fa-solid-900.woff2
assure.plansante.com/fonts/ 		74 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/fonts/fa-solid-900.woff2
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/css/77eca374bfed30fff6bc8d73ba2dbd4d4ebf1a29138811dc05a96844bab3f5a3.css?1699522230
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
8d86fae5265d97fb99e40108128776ef137a0f05e4147895820add73c26c05b1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assure.plansante.com/css/77eca374bfed30fff6bc8d73ba2dbd4d4ebf1a29138811dc05a96844bab3f5a3.css?1699522230
Origin
https://assure.plansante.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
75356
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:28:39 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"1265c-609b4d4334120"
X-Frame-Options
SAMEORIGIN
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
recaptcha__fr.js
www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/ 		471 KB
188 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/recaptcha__fr.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
caed1a1efc15b47bd8de1788a8edd68557440b9c8afb5f8c54767db8f0d152d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://assure.plansante.com/
Origin
https://assure.plansante.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 17:21:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
233203
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
192384
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 03:03:27 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 05 Nov 2024 17:21:54 GMT
truncated
/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2437ddf45aa84303d14cc4569941c1ae58e8accca92216349c1332794015c6f

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type
image/gif
checkUnreadMessagesCount.1699522212492.min.js
assure.plansante.com/js/modules/shared/ 		2 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/modules/shared/checkUnreadMessagesCount.1699522212492.min.js
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/js/vendor/system.min.js?1699522230
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
c49b31f3a30b86d710a8335440bf29164eaa82a1d6bf98ac8bfdfb10e5ebf096
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assure.plansante.com/assures/auth
Origin
https://assure.plansante.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
1124
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:12 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"8e7-609b4d9c38280-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
iframe-latest.js
script.tolk.ai/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.tolk.ai/iframe-latest.js
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/assures/auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83c98343de77198f5848d4c93094e79721c2464dc227c025ee59310a8925b043
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 10:08:37 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
6969
etag
W/"c92097eceada14e542383741190a22b3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9B1R22%2BHZChwdqdV0ghYm62rYByQjIYD1DoQsunROaQ98lYmgVTDaz2y1lUr3ur0hNEEgXLZ%2B9SqIz%2Fsi91VIdfM5ofpzciSgm%2FUJoBwIyNKol1pwQ749FDPOpDIhr%2BpjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800, must-revalidate
cf-ray
82354169e88e0485-CDG
updateUnreadMessagesCount.1699522212492.min.js
assure.plansante.com/js/modules/pages/messages/ 		682 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assure.plansante.com/js/modules/pages/messages/updateUnreadMessagesCount.1699522212492.min.js
Requested by
Host: assure.plansante.com
URL: https://assure.plansante.com/js/vendor/system.min.js?1699522230
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:c911:140::b , France, ASN3215 (France Telecom - Orange, FR),
Reverse DNS
Software
Apache /
Resource Hash
652973d0f17929583b385b9634801549ab63f8c3afdb3b832c988b3020591dd2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assure.plansante.com/assures/auth
Origin
https://assure.plansante.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Thu, 09 Nov 2023 10:08:37 GMT
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
unsafe-none
P3P
CP="{}"
Cross-Origin-Resource-Policy
same-origin
Connection
Keep-Alive
Content-Length
437
X-XSS-Protection
1; mode=block
Reporting-Endpoints
csp-endpoint="(null)://(null)/csp_report"
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 09 Nov 2023 09:30:12 GMT
Server
Apache
Cross-Origin-Opener-Policy
same-origin
ETag
"2aa-609b4d9c38280-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
webchat-latest
script.tolk.ai/ Frame CFA4 		575 B
707 B 		Document
General
Check archive.org
Download Go to
Full URL
https://script.tolk.ai/webchat-latest?no-cache=1699524517452
Requested by
Host: script.tolk.ai
URL: https://script.tolk.ai/iframe-latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1712f81da3515e699713e5cbc3f7a9f0d6f5c8f5009650f8fcf47a0a0b1118f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://assure.plansante.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8235416a390f0485-CDG
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 09 Nov 2023 10:08:37 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pNhv0YDLqB6jnneUWcJbNrmD6UxOtfLE6eSgIq7Rvbpr6PG%2FlkmpnQPeC3l5KbzX6F2eTz4ocyPYjf41zo2VMaSt9bQ8fe4A9X7oeqF37%2FzBAOEu6UJIok0jEnUjflV973zpqDO38sPHsGav1g%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
anchor
www.google.com/recaptcha/api2/ Frame D0C6 		58 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSFt4mAAAAAHMBvgJDsOZsRSo9Ri65wboDHJiZ&co=aHR0cHM6Ly9hc3N1cmUucGxhbnNhbnRlLmNvbTo0NDM.&hl=fr&v=fGZmEzpfeSeqDJiApS_XZ4Y2&size=invisible&cb=jumk93kxo4f7
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/recaptcha__fr.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
35853da8903ccadec375251e50d45975dbd7b02e26b6adb646bf50ba904c0ff6
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-O6nKpRQScDGk11wEuZWzMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assure.plansante.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-O6nKpRQScDGk11wEuZWzMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 09 Nov 2023 10:08:37 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
webchat-latest.js
script.tolk.ai/ Frame CFA4 		1 MB
347 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.tolk.ai/webchat-latest.js
Requested by
Host: script.tolk.ai
URL: https://script.tolk.ai/webchat-latest?no-cache=1699524517452
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
927eeea95e99981f06976b9703c8cd3b21942ed7f9a4cee41bc059748049d58b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://script.tolk.ai/webchat-latest?no-cache=1699524517452
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 10:08:37 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
6816
etag
W/"dfa853e098f8625f69e4654be5db9470"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FwYFUw%2FTfPRWn20ASHJMkqcWhk9feTdcs2WumF4%2FkILWPpveRL8nC5IP2D49mu7KmirCcnQD%2BqElnDzuB4hCtGr7WFye%2Fp9FrnCChVwotIXedvgGcqUDOcLMngs5Bt1sPpVwBxpqAEouvHvYkA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800, must-revalidate
cf-ray
8235416b5aff0485-CDG
styles__ltr.css
www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/ Frame D0C6 		55 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSFt4mAAAAAHMBvgJDsOZsRSo9Ri65wboDHJiZ&co=aHR0cHM6Ly9hc3N1cmUucGxhbnNhbnRlLmNvbTo0NDM.&hl=fr&v=fGZmEzpfeSeqDJiApS_XZ4Y2&size=invisible&cb=jumk93kxo4f7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 09:34:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2021
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24606
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 03:03:27 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 08 Nov 2024 09:34:56 GMT
recaptcha__fr.js
www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/ Frame D0C6 		471 KB
188 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/recaptcha__fr.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSFt4mAAAAAHMBvgJDsOZsRSo9Ri65wboDHJiZ&co=aHR0cHM6Ly9hc3N1cmUucGxhbnNhbnRlLmNvbTo0NDM.&hl=fr&v=fGZmEzpfeSeqDJiApS_XZ4Y2&size=invisible&cb=jumk93kxo4f7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
caed1a1efc15b47bd8de1788a8edd68557440b9c8afb5f8c54767db8f0d152d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 17:21:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
233203
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
192384
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 03:03:27 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 05 Nov 2024 17:21:54 GMT
QUMRcDA6UDxR
bot-management-api.tolk.ai/v1/webchats/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bot-management-api.tolk.ai/v1/webchats/QUMRcDA6UDxR?currentUrl=https%3A%2F%2Fassure.plansante.com%2Fassures%2Fauth&targetLanguage=en-US
Requested by
Host: script.tolk.ai
URL: https://script.tolk.ai/iframe-latest.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.195.172.110 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
110.172.195.35.bc.googleusercontent.com
Software
/
Resource Hash
89431a58f2b82a10546424cd794ff9bc79dd66167914a38adcaf48bbd3e65aff
Security Headers
Name Value
Content-Security-Policy default-src *.tolk.ai 'self' font-src fonts.gstatic.com fonts.googleapis.com 'unsafe-inline';
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://assure.plansante.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 10:08:38 GMT
content-security-policy
default-src *.tolk.ai 'self' font-src fonts.gstatic.com fonts.googleapis.com 'unsafe-inline';
x-content-type-options
nosniff
referrer-policy
same-origin
strict-transport-security
max-age=15724800; includeSubDomains
etag
W/"425-KpEtm23P6pC0TuuiRVeo15bRCbQ"
expect-ct
max-age=86400, enforce
x-frame-options
deny
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
no-store
permissions-policy
geolocation=();midi=();sync-xhr=();microphone=();camera=();magnetometer=();gyroscope=();fullscreen=(self);payment=()
access-control-allow-headers
Authorization, Origin, X-Requested-With, Content-Type, Accept
content-length
1061
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame D0C6 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 02 Nov 2023 15:15:26 GMT
x-content-type-options
nosniff
age
586392
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Thu, 09 Nov 2023 15:15:26 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame D0C6 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSFt4mAAAAAHMBvgJDsOZsRSo9Ri65wboDHJiZ&co=aHR0cHM6Ly9hc3N1cmUucGxhbnNhbnRlLmNvbTo0NDM.&hl=fr&v=fGZmEzpfeSeqDJiApS_XZ4Y2&size=invisible&cb=jumk93kxo4f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sat, 04 Nov 2023 02:58:03 GMT
x-content-type-options
nosniff
age
457835
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 03 Nov 2024 02:58:03 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame D0C6 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSFt4mAAAAAHMBvgJDsOZsRSo9Ri65wboDHJiZ&co=aHR0cHM6Ly9hc3N1cmUucGxhbnNhbnRlLmNvbTo0NDM.&hl=fr&v=fGZmEzpfeSeqDJiApS_XZ4Y2&size=invisible&cb=jumk93kxo4f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 02 Nov 2023 18:06:30 GMT
x-content-type-options
nosniff
age
576128
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 01 Nov 2024 18:06:30 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame D0C6 		102 B
135 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=fr&v=fGZmEzpfeSeqDJiApS_XZ4Y2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSFt4mAAAAAHMBvgJDsOZsRSo9Ri65wboDHJiZ&co=aHR0cHM6Ly9hc3N1cmUucGxhbnNhbnRlLmNvbTo0NDM.&hl=fr&v=fGZmEzpfeSeqDJiApS_XZ4Y2&size=invisible&cb=jumk93kxo4f7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d202ca70c12b4c42e25d6679616fa619b7b6ee8590dd1c30e0740de272e67385
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSFt4mAAAAAHMBvgJDsOZsRSo9Ri65wboDHJiZ&co=aHR0cHM6Ly9hc3N1cmUucGxhbnNhbnRlLmNvbTo0NDM.&hl=fr&v=fGZmEzpfeSeqDJiApS_XZ4Y2&size=invisible&cb=jumk93kxo4f7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 10:08:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Thu, 09 Nov 2023 10:08:38 GMT
css
fonts.googleapis.com/ Frame CFA4 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Rubik:400,500,700
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5527216bb7bb15e6692983953c40ca4b30d0db73870315d04b11ed4aa50b721a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://script.tolk.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 09 Nov 2023 10:08:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 09 Nov 2023 10:04:25 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 09 Nov 2023 10:08:38 GMT
CookiesConsent.js
storage.googleapis.com/tolkai/GFP/ Frame CFA4 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/tolkai/GFP/CookiesConsent.js?v=0.1?cache=1699524000000
Requested by
Host: script.tolk.ai
URL: https://script.tolk.ai/webchat-latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
b2d049e6b5783841fc95b58dfb2867882936142d7a261ca83ca644cffe982e83

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://script.tolk.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 10:07:34 GMT
age
64
x-guploader-uploadid
ABPtcPr339xCod3ZNI4gnYIO3kv66TzKiGYaClsz_klr0sOdJdRR1V777TgZ0yck5zsYb-ywA_k
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2225
last-modified
Mon, 17 Oct 2022 15:37:05 GMT
server
UploadServer
etag
"cb303a99a189324edddf58b6ae802351"
x-goog-generation
1666021025893441
x-goog-hash
crc32c=PLPB0g==, md5=yzA6maGJMk7d31i2roAjUQ==
content-type
text/javascript
cache-control
public, max-age=3600
x-goog-stored-content-length
2225
accept-ranges
bytes
expires
Thu, 09 Nov 2023 11:07:34 GMT
GFP-CookiesBot.css
storage.googleapis.com/tolkai/GFP/ Frame CFA4 		165 B
632 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/tolkai/GFP/GFP-CookiesBot.css?v=0.1&cache=1699524000000
Requested by
Host: script.tolk.ai
URL: https://script.tolk.ai/webchat-latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
15cfaeb346d9b1cf63df4091c0eae887c1f0778cff77588aaf0cdd9d7abd587f

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://script.tolk.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 10:07:34 GMT
age
64
x-guploader-uploadid
ABPtcPpT7gJgOFO0Ex6JH6atodzwguqKVYbtA-iAVlOH8fnJYnd7tjmuOQZ27T38JA76rjXA-KU
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
165
last-modified
Mon, 27 Jun 2022 14:35:17 GMT
server
UploadServer
etag
"770e6c25c734581322c30f72b2431b17"
x-goog-generation
1656340517666294
x-goog-hash
crc32c=awalZA==, md5=dw5sJcc0WBMiww9yskMbFw==
content-type
text/css
cache-control
public, max-age=3600
x-goog-stored-content-length
165
accept-ranges
bytes
expires
Thu, 09 Nov 2023 11:07:34 GMT
conversations
directline.botframework.com/v3/directline/ Frame CFA4 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://directline.botframework.com/v3/directline/conversations
Requested by
Host: script.tolk.ai
URL: https://script.tolk.ai/webchat-latest.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.105.232.11 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
31b2a017f2ad7a20522381fb7853bc3bc6904682ee3dabac098bebd4eb3b00f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://script.tolk.ai/
accept-language
fr-FR,fr;q=0.9
authorization
Bearer t4D45Zm5Rw4.MZL3R-mIFZ80CJfvoJe8IFxfrzXbcweiBUOcFA2Q49A
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 09 Nov 2023 10:08:37 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-ms-request-id
437f4330324c85ed8ffdbbb56410580d
access-control-expose-headers
Retry-After
cache-control
no-cache
arr-disable-session-affinity
true
content-length
1806
x-xss-protection
1; mode=block
expires
-1
conversations
directline.botframework.com/v3/directline/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://directline.botframework.com/v3/directline/conversations
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.105.232.11 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
POST
Origin
https://script.tolk.ai
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-headers
authorization
access-control-allow-origin
*
access-control-max-age
600
arr-disable-session-affinity
true
cache-control
no-cache
content-length
0
date
Thu, 09 Nov 2023 10:08:37 GMT
expires
-1
pragma
no-cache
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-xss-protection
1; mode=block
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.1.0/ Frame CFA4 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/tolkai/GFP/CookiesConsent.js?v=0.1?cache=1699524000000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://script.tolk.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 02 Nov 2023 23:22:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
557156
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30211
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 01 Nov 2024 23:22:42 GMT
css
fonts.googleapis.com/ Frame CFA4 		6 KB
722 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Rubik:400,500,700
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5527216bb7bb15e6692983953c40ca4b30d0db73870315d04b11ed4aa50b721a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://script.tolk.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 09 Nov 2023 10:08:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 09 Nov 2023 08:32:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 09 Nov 2023 10:08:38 GMT
icon-white.png
storage.googleapis.com/tolk_front_static_files/bots/ Frame CFA4 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.googleapis.com/tolk_front_static_files/bots/icon-white.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
e449b72fccb73fbcae744ef4ef09d87a593e4e809491b3f631b08d5478ede38a

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://script.tolk.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 09:54:29 GMT
age
849
x-guploader-uploadid
ABPtcPpJ4bVopMOIMr9cdxJiq068xQsYMMTIdOHwonr4rN4vCvcgHn6XRMrJBORtOvmdpp2x6-A56txvmA
x-goog-storage-class
REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6437
last-modified
Thu, 21 Oct 2021 09:47:45 GMT
server
UploadServer
etag
"d5a6b3a7a866335d66188678b846c20e"
x-goog-generation
1634809665391514
x-goog-hash
crc32c=vsuRIw==, md5=1aazp6hmM11mGIZ4uEbCDg==
content-type
image/png
cache-control
public, max-age=3600
x-goog-stored-content-length
6437
accept-ranges
bytes
expires
Thu, 09 Nov 2023 10:54:29 GMT
iJWKBXyIfDnIV7nBrXw.woff2
fonts.gstatic.com/s/rubik/v28/ Frame CFA4 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Rubik:400,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47374cb7d373f9a8450e1237c80bc5fe68c61fbf0cdf958df7a298143b7dd445
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://script.tolk.ai
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 22:38:08 GMT
x-content-type-options
nosniff
age
473430
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35448
x-xss-protection
0
last-modified
Thu, 29 Jun 2023 16:14:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Nov 2024 22:38:08 GMT
iJWKBXyIfDnIV7nBrXw.woff2
fonts.gstatic.com/s/rubik/v28/ Frame CFA4 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Rubik:400,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47374cb7d373f9a8450e1237c80bc5fe68c61fbf0cdf958df7a298143b7dd445
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://script.tolk.ai
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 22:38:08 GMT
x-content-type-options
nosniff
age
473430
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35448
x-xss-protection
0
last-modified
Thu, 29 Jun 2023 16:14:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Nov 2024 22:38:08 GMT

Verdicts & Comments Add Verdict or Comment

72 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| documentPictureInPicture object| oElement undefined| oScript undefined| _oScript undefined| _oScript2 undefined| _oScript3 undefined| _oScript4 function| _typeof object| System function| $ function| jQuery object| bootstrap function| _classCallCheck function| _defineProperties function| _createClass function| _defineProperty function| Loader function| arraysIntersect function| cleanURL function| getQueryParameter function| getQueryString function| hasClass function| initialiseDatepicker function| openModal function| overrideSubmittedValues function| registerListenerOnCollection function| removeCollection function| setSelectOptions function| toggleDisplay function| triggerClick function| flexibility object| moxie object| plupload function| axios function| initialize function| getHooks function| getConstants function| preventFormSubmission function| recaptchaSubmitCallback object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client string| display object| script string| tcfbot object| TcfWbchtParams object| form object| identifierElement object| submitButton boolean| formIsSent string| IFRAME_CONTAINER_ID string| tcfApiBaseUrl function| createStyleSheet function| createIframeForWidget object| iframe object| iframeWindow function| load string| TARGET_ORIGIN function| sendConfigToBot function| sendWindowDimensions function| getBrowserLanguage function| setStylesFromBotState object| SDKEventsNames object| botEvents function| addSDKEventListener function| listenBotSDK object| botSDK object| closure_lm_686475

5 Cookies

Domain/Path Name / Value
affdemat.mutuellebleue.fr/ Name: cookies-affdemat
Value: 226akmm6c0v0gge9u1cgfhb9co
affdemat.mutuellebleue.fr/ Name: BIGipServerPRDGFPWEBAS_443
Value: !lBjjoVsgPvLsNuqdjY3pK/pegpQmFDPsNKKqjtHmA6J8kFFgfBRrA99pR0OQ6I/S/mJFYe8Trpu5zA==
assure.plansante.com/ Name: session
Value: ksfnfq11i8a9jbb8566n4cfq1t
assure.plansante.com/ Name: BIGipServerPRDGFPWEBAS_443
Value: !Aoxc+uZGYAR0COCdjY3pK/pegpQmFKu6e+YKuQ4yzeNCRTFFm4Vs9m4SP5LS7suU42wOXTmAYxXluw==
assure.plansante.com/ Name: TSe61ffd0d027
Value: 08c4b02b8aab20003cafd35df7b15c03e99ab5f81d653f52ca7624bd7f2974ef1a42c9699f55064808b5a03b21113000a9ecd1fa5c8d126ad5abacba2fbcbb48a5d12cc16c76f50d6aea89611eb1edde367307e7e0ca859b4638218c1883cdfc

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; object-src 'self' blob:; base-uri 'none'; connect-src 'self' https://bot-management-api.tolk.ai/ blob:; font-src 'self'; form-action *; img-src 'self' blob: data: https://assets.plansante.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline'; manifest-src 'self'; frame-ancestors 'self'; child-src https://script.tolk.ai/ https://www.google.com/ https://www.youtube.com/ blob:; frame-src 'self' blob: https://www.google.com/ https://script.tolk.ai/ https://www.youtube.com/; worker-src 'self' blob:; report-uri /csp_report; report-to csp-endpoint;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

affdemat.mutuellebleue.fr
ajax.googleapis.com
assets.plansante.com
assure.plansante.com
bot-management-api.tolk.ai
directline.botframework.com
fonts.googleapis.com
fonts.gstatic.com
script.tolk.ai
storage.googleapis.com
www.google.com
www.gstatic.com
194.206.243.245
20.105.232.11
2a00:1450:4001:80f::2004
2a00:1450:4001:81c::200a
2a00:1450:4001:827::200a
2a00:1450:4001:829::201b
2a00:1450:4001:82b::2003
2a00:1450:4001:831::2003
2a01:c911:140::b
2a06:98c1:3120::9
35.195.172.110
90.85.55.198
15cfaeb346d9b1cf63df4091c0eae887c1f0778cff77588aaf0cdd9d7abd587f
1b643ca238b021c4703dbf16b184b4e29bfc6b4391cd9cd5c2e1bb020071cbc9
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
31b2a017f2ad7a20522381fb7853bc3bc6904682ee3dabac098bebd4eb3b00f1
31b67c9796774932b8c5966e58c8194deffeae9e5cd897111acfc2fae6c38951
327157d70af133777503cbfe25345219b54f0b3004f1006de159ac0afb409d30
353e1b67f1e1d1a7cafdd822fe1fd63f3107eb597860fc3129561167dae718f7
354146db13359a6eb9c6bbb5c0411e24c3b392b35b06e2e4c16e891f1e5b42d3
35853da8903ccadec375251e50d45975dbd7b02e26b6adb646bf50ba904c0ff6
3980234d14be5938db9da8696a7f146b7cf738a3567cccfe226abb81796063a1
3bcc482c4555b3232400c1a8e8ceffc67c84cde8c2c79709459c5ea29e0285f3
3d0cc7e32ffeee328ee15d4b19e4425b158b3b340f07e7a872b86aff1dc0d580
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3fbb610ae1fd424737c36f1542a0a330ce29b256c9e9426b8ce94e025990782f
47374cb7d373f9a8450e1237c80bc5fe68c61fbf0cdf958df7a298143b7dd445
5527216bb7bb15e6692983953c40ca4b30d0db73870315d04b11ed4aa50b721a
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
6526b5a850eff3a98a0940b5e517f7e4c0ccaf5fecb60781386b87a95ea6cc56
652973d0f17929583b385b9634801549ab63f8c3afdb3b832c988b3020591dd2
6f9b8131d433011af25abaa14fb8261ee14cc3cea3dd0368fc6d522adc8f1521
702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
83c98343de77198f5848d4c93094e79721c2464dc227c025ee59310a8925b043
87ef89eb483d62c1b887f0600deeafc3bf5a837e91f59e3044b4fb7f50e369c1
89431a58f2b82a10546424cd794ff9bc79dd66167914a38adcaf48bbd3e65aff
8d86fae5265d97fb99e40108128776ef137a0f05e4147895820add73c26c05b1
927eeea95e99981f06976b9703c8cd3b21942ed7f9a4cee41bc059748049d58b
9be3b06a05dfdeed30ab1d2cff357375dca02867dc26795e33e46adeca4d9d82
b2d049e6b5783841fc95b58dfb2867882936142d7a261ca83ca644cffe982e83
bcebcad2580907cf201fe6dd3c1ae4b210e1ff26cef07760d62d859714b70693
c49b31f3a30b86d710a8335440bf29164eaa82a1d6bf98ac8bfdfb10e5ebf096
caed1a1efc15b47bd8de1788a8edd68557440b9c8afb5f8c54767db8f0d152d9
cee8d579e4e1c12797791dcf920fba198af03a189b07d9f5298add8aebf6e882
d202ca70c12b4c42e25d6679616fa619b7b6ee8590dd1c30e0740de272e67385
d21856339e599938a40a2836d6b42b46e2c48a5060c93d20884e757a1684c9b0
d2437ddf45aa84303d14cc4569941c1ae58e8accca92216349c1332794015c6f
e449b72fccb73fbcae744ef4ef09d87a593e4e809491b3f631b08d5478ede38a
e791dda34f4502e5257c3f1d051c8ff440af91a11645a070b0a0e0c6c7d341bc
f1712f81da3515e699713e5cbc3f7a9f0d6f5c8f5009650f8fcf47a0a0b1118f
fe51d9f2289050f2dfd75a5ed03a5d12e78cb1606ce513c0d9ad3d2dd685efb1