Submitted URL: http://www.bahn.de/mobile
Effective URL: https://www.bahn.de/service/mobile
Submission Tags: falconsandbox
Submission: On July 03 via api from US — Scanned from DE

Summary

This website contacted 12 IPs in 2 countries across 5 domains to perform 44 HTTP transactions. The main IP is 23.215.21.47, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.bahn.de. The Cisco Umbrella rank of the primary domain is 30782.
TLS certificate: Issued by DigiCert Global CA G2 on March 1st 2023. Valid for: a year.
This is the only time www.bahn.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 18 23.215.21.47 16625 (AKAMAI-AS)
8 2a02:26f0:480... 20940 (AKAMAI-ASN1)
1 2a02:26f0:340... 20940 (AKAMAI-ASN1)
7 2600:9000:20e... 16509 (AMAZON-02)
1 23.37.32.235 16625 (AKAMAI-AS)
1 23.215.21.78 16625 (AKAMAI-AS)
2 81.200.197.91 34156 (BAHN-AS-BLN)
3 104.102.35.199 16625 (AKAMAI-AS)
2 2600:9000:211... 16509 (AMAZON-02)
2 52.205.98.13 14618 (AMAZON-AES)
1 54.210.37.103 14618 (AMAZON-AES)
44 12
Apex Domain
Subdomains
Transfer
20 bahn.de
www.bahn.de — Cisco Umbrella Rank: 30782
ps.bahn.de — Cisco Umbrella Rank: 136787
310 KB
15 static-bahn.de
assets.static-bahn.de — Cisco Umbrella Rank: 118686
cms.static-bahn.de — Cisco Umbrella Rank: 115532
406 KB
6 optimizely.com
cdn.optimizely.com — Cisco Umbrella Rank: 679
cdn3.optimizely.com — Cisco Umbrella Rank: 5114
a791773171.cdn.optimizely.com — Cisco Umbrella Rank: 122502
errors.client.optimizely.com — Cisco Umbrella Rank: 8854
logx.optimizely.com — Cisco Umbrella Rank: 1371
148 KB
3 img-bahn.de
www.img-bahn.de — Cisco Umbrella Rank: 43164
44 KB
2 m-pathy.com
cdn.m-pathy.com — Cisco Umbrella Rank: 122591
22 KB
44 5
Domain Requested by
18 www.bahn.de 2 redirects www.bahn.de
cms.static-bahn.de
8 assets.static-bahn.de www.bahn.de
7 cms.static-bahn.de www.bahn.de
cms.static-bahn.de
3 www.img-bahn.de ps.bahn.de
2 errors.client.optimizely.com cdn.optimizely.com
2 cdn.m-pathy.com cms.static-bahn.de
cdn.m-pathy.com
2 ps.bahn.de www.bahn.de
www.img-bahn.de
1 logx.optimizely.com cdn.optimizely.com
1 a791773171.cdn.optimizely.com cdn.optimizely.com
1 cdn3.optimizely.com cdn.optimizely.com
1 cdn.optimizely.com www.bahn.de
44 11
Subject Issuer Validity Valid
www.bahn.de
DigiCert Global CA G2
2023-03-01 -
2024-03-31
a year crt.sh
subsites.bahn.de
R3
2023-06-06 -
2023-09-04
3 months crt.sh
cdn.optimizely.com
DigiCert TLS RSA SHA256 2020 CA1
2022-10-30 -
2023-10-30
a year crt.sh
cms.static-bahn.de
Amazon RSA 2048 M01
2023-02-22 -
2023-11-21
9 months crt.sh
*.optimizely.com
DigiCert TLS RSA SHA256 2020 CA1
2022-10-30 -
2023-10-30
a year crt.sh
*.cdn.optimizely.com
GeoTrust RSA CA 2018
2023-02-26 -
2024-02-28
a year crt.sh
ps.bahn.de
R3
2023-06-02 -
2023-08-31
3 months crt.sh
www.img-bahn.de
GeoTrust TLS RSA CA G1
2023-03-01 -
2024-03-31
a year crt.sh
m-pathy.com
Amazon RSA 2048 M02
2023-02-13 -
2024-03-13
a year crt.sh
errors.client.optimizely.com
Amazon RSA 2048 M01
2023-06-04 -
2024-07-02
a year crt.sh
logx.optimizely.com
Amazon RSA 2048 M01
2023-06-24 -
2024-07-22
a year crt.sh

This page contains 4 frames:

Primary Page: https://www.bahn.de/service/mobile
Frame ID: B9D57092B5C757AE4DC7B78203FDFDDF
Requests: 47 HTTP requests in this frame

Frame: https://a791773171.cdn.optimizely.com/client_storage/a791773171.html
Frame ID: 8E535E67AD85A7B17BAE7F51B622F041
Requests: 1 HTTP requests in this frame

Frame: https://www.bahn.de/.resources/bahn-common/webresources/storage/index.html
Frame ID: 6362F1953048FE9010B8E44C04DCD08C
Requests: 1 HTTP requests in this frame

Frame: https://ps.bahn.de/common/content/html/lmiframe.html
Frame ID: 496CA919048B48867264B25D1387D271
Requests: 5 HTTP requests in this frame

Screenshot

Page Title

Die Apps der Deutschen Bahn im Ãœberblick

Page URL History Show full URLs

  1. http://www.bahn.de/mobile HTTP 301
    https://www.bahn.de/mobile HTTP 301
    https://www.bahn.de/service/mobile Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • optimizely\.com.*\.js

Page Statistics

44
Requests

100 %
HTTPS

36 %
IPv6

5
Domains

11
Subdomains

12
IPs

2
Countries

1055 kB
Transfer

2427 kB
Size

17
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.bahn.de/mobile HTTP 301
    https://www.bahn.de/mobile HTTP 301
    https://www.bahn.de/service/mobile Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request mobile
www.bahn.de/service/
Redirect Chain
  • http://www.bahn.de/mobile
  • https://www.bahn.de/mobile
  • https://www.bahn.de/service/mobile
32 KB
9 KB
Document
General
Full URL
https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
29034c4d2d216aca373da904048b86dca19efa66eba98acf689029355407cceb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=9
content-encoding
gzip
content-length
6608
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-type
text/html;charset=UTF-8
date
Mon, 03 Jul 2023 16:04:47 GMT
expires
Mon, 03 Jul 2023 16:04:56 GMT
last-modified
Mon, 03 Jul 2023 15:37:53 GMT
server-timing
intid;desc=780e71001726ca8f
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
sameorigin SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

cache-control
max-age=0
content-length
0
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
date
Mon, 03 Jul 2023 16:04:47 GMT
expires
Mon, 03 Jul 2023 16:04:47 GMT
location
https://www.bahn.de/service/mobile
server
AkamaiGHost
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
main.92512eba467d66637f03.css
www.bahn.de/.resources/bahn-common-light/webresources/css/
238 KB
143 KB
Stylesheet
General
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/main.92512eba467d66637f03.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
244e671ce9c1ad965f1a9f60322cd4dc55dc7ef6f50e29f19ddee8be35b8dca7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/service/mobile
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Wed, 28 Jun 2023 13:58:53 GMT
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-frame-options
sameorigin, SAMEORIGIN
vary
Accept-Encoding
content-type
text/css;charset=UTF-8
cache-control
public, max-age=31158412
server-timing
intid;desc=519851b11fc99b7d
content-length
143834
x-xss-protection
1; mode=block
expires
Fri, 28 Jun 2024 07:11:39 GMT
content-teaser.94b04fb0d5ce86713898.css
www.bahn.de/.resources/bahn-common-light/webresources/css/
4 KB
3 KB
Stylesheet
General
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/content-teaser.94b04fb0d5ce86713898.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6fbe7bb33882c33a34c825016963f3866be1b698c5e664edd8aa794a7336f23f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/service/mobile
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Fri, 16 Jun 2023 07:49:25 GMT
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-frame-options
sameorigin, SAMEORIGIN
vary
Accept-Encoding
content-type
text/css;charset=UTF-8
cache-control
public, max-age=30381220
server-timing
intid;desc=887cd2091987a6d5
content-length
1002
x-xss-protection
1; mode=block
expires
Wed, 19 Jun 2024 07:18:27 GMT
teaser-block.fe7d329b9b466c04bbb6.css
www.bahn.de/.resources/bahn-common-light/webresources/css/
2 KB
3 KB
Stylesheet
General
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/teaser-block.fe7d329b9b466c04bbb6.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
14ac55335191dc13490caac44ad962d9abdea9f444652919b8f2b5217fe0e729
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/service/mobile
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Fri, 16 Jun 2023 07:49:25 GMT
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-frame-options
sameorigin, SAMEORIGIN
vary
Accept-Encoding
content-type
text/css;charset=UTF-8
cache-control
public, max-age=30381372
server-timing
intid;desc=d3575aeb711fdc95
content-length
760
x-xss-protection
1; mode=block
expires
Wed, 19 Jun 2024 07:20:59 GMT
db-logo.svg
assets.static-bahn.de/dam/jcr:47b6ca20-95d9-4102-bc5a-6ebb5634f009/
828 B
2 KB
Image
General
Full URL
https://assets.static-bahn.de/dam/jcr:47b6ca20-95d9-4102-bc5a-6ebb5634f009/db-logo.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6283 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; connect-src 'self' https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.secure.force.com; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; connect-src 'self' https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.secure.force.com; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de;
x-content-type-options
nosniff
date
Mon, 03 Jul 2023 16:04:47 GMT
content-encoding
gzip
content-disposition
attachment; filename="db-logo.svg"
server-timing
intid;desc=e30526b8a8549c39
content-length
480
x-xss-protection
1; mode=block
last-modified
Wed, 23 Mar 2022 14:18:43 GMT
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
image/svg+xml;charset=UTF-8
access-control-allow-origin
https://www.bahn.de
cache-control
public, max-age=2592000
expires
Wed, 02 Aug 2023 16:04:47 GMT
breadcrumb.87386c800c3d2f061a16.css
www.bahn.de/.resources/bahn-common-light/webresources/css/
1 KB
3 KB
Stylesheet
General
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/css/breadcrumb.87386c800c3d2f061a16.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
97a4b50cf23c6f16bbef4d0fa7778d92415a2b347655d7e258ed50553f40e943
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/service/mobile
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Fri, 16 Jun 2023 07:49:25 GMT
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-frame-options
sameorigin, SAMEORIGIN
vary
Accept-Encoding
content-type
text/css;charset=UTF-8
cache-control
public, max-age=30381355
server-timing
intid;desc=b9890960302eed33
content-length
538
x-xss-protection
1; mode=block
expires
Wed, 19 Jun 2024 07:20:42 GMT
240484-319604.jpg
assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:0201889f-36ad-49c5-991f-85ead27cc70a/
2 KB
4 KB
Image
General
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:0201889f-36ad-49c5-991f-85ead27cc70a/240484-319604.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6283 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
64778b5c26d18b33b49ca999605b57c02233d5628140873ac59b2386dcd43acc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Mon, 15 May 2023 09:45:30 GMT
server
Akamai Image Manager
x-frame-options
sameorigin
content-type
image/avif
access-control-allow-origin
https://www.bahn.de
cache-control
private, no-transform, max-age=499144
content-length
1916
expires
Sun, 09 Jul 2023 10:43:51 GMT
STA%20App%20Icon_4zu2.png
assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:bd2fb658-bb54-49be-9639-fb0d3e41e830/
7 KB
9 KB
Image
General
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:bd2fb658-bb54-49be-9639-fb0d3e41e830/STA%20App%20Icon_4zu2.png
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6283 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
3928fe55939ab616f94a33ded85b669ab26ea671e53a61196ac63b433fd03c32
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Mon, 15 May 2023 09:51:46 GMT
server
Akamai Image Manager
x-frame-options
sameorigin
content-type
image/avif
access-control-allow-origin
https://www.bahn.de
cache-control
private, no-transform, max-age=601690
content-length
6946
expires
Mon, 10 Jul 2023 15:12:57 GMT
bahnbonus_app_logo_2000x1000.jpg
assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:f2841b35-015b-4caa-8211-98c9a27ff412/
2 KB
4 KB
Image
General
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:f2841b35-015b-4caa-8211-98c9a27ff412/bahnbonus_app_logo_2000x1000.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6283 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
0b090ef3de9395be55c51cd1df36f6aba2066bf467beea1e8639eb768fd41455
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Mon, 17 Apr 2023 19:03:51 GMT
server
Akamai Image Manager
x-frame-options
sameorigin
content-type
image/avif
access-control-allow-origin
https://www.bahn.de
cache-control
private, no-transform, max-age=521696
content-length
2145
expires
Sun, 09 Jul 2023 16:59:43 GMT
192650-260726.jpg
assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:4727cd8c-d125-45a6-8ea2-8dfb671df95c/
3 KB
5 KB
Image
General
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:4727cd8c-d125-45a6-8ea2-8dfb671df95c/192650-260726.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6283 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
de9ba47b71405c9fcec50bb71998201cc225c90f796a40e8f67b92c1fe5345eb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Tue, 18 Apr 2023 09:51:12 GMT
server
Akamai Image Manager
x-serial
1217
x-check-cacheable
YES
x-frame-options
sameorigin
content-type
image/avif
access-control-allow-origin
https://www.bahn.de
cache-control
private, no-transform, max-age=397770
content-length
3568
expires
Sat, 08 Jul 2023 06:34:17 GMT
192651-260727.jpg
assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:1696a432-32ff-4ecf-b07e-af47b6f1cc28/
4 KB
6 KB
Image
General
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:1696a432-32ff-4ecf-b07e-af47b6f1cc28/192651-260727.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6283 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
c9418c11a5cd3ac8df91d3c123c60055febb79ed49a63f4f5dd39f7ae8febe8e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Mon, 15 May 2023 09:57:36 GMT
server
Akamai Image Manager
x-frame-options
sameorigin
content-type
image/avif
access-control-allow-origin
https://www.bahn.de
cache-control
private, no-transform, max-age=604432
content-length
4400
expires
Mon, 10 Jul 2023 15:58:39 GMT
168905-225747.jpg
assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:c7b91e74-eac3-4fec-b8dd-bce2eea77642/
3 KB
4 KB
Image
General
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:c7b91e74-eac3-4fec-b8dd-bce2eea77642/168905-225747.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6283 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
e3989b129418112cfd9594b255d8ec6f7faa9eb0ab09607e1d1e62cd3fd01b8f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Mon, 15 May 2023 09:57:47 GMT
server
Akamai Image Manager
x-frame-options
sameorigin
content-type
image/avif
access-control-allow-origin
https://www.bahn.de
cache-control
private, no-transform, max-age=589674
content-length
2578
expires
Mon, 10 Jul 2023 11:52:41 GMT
Zugportal.de%20Vektorgrafik1.svg
assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:f0e18a29-2167-4cc6-9e2a-1472b795efcb/
4 KB
4 KB
Image
General
Full URL
https://assets.static-bahn.de/.imaging/focalpoint/560x280/dam/jcr:f0e18a29-2167-4cc6-9e2a-1472b795efcb/Zugportal.de%20Vektorgrafik1.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6283 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
947d50a6d49299e7815a7e61efa3d8c76255ee0f809e97174a8789431d4b26ce
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
x-content-type-options
nosniff
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Sat, 01 Jul 2023 06:03:58 GMT
content-encoding
gzip
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
image/svg+xml;charset=UTF-8
access-control-allow-origin
https://www.bahn.de
cache-control
public, max-age=2592000
server-timing
intid;desc=538fe5f3201deeed
content-length
1928
x-xss-protection
1; mode=block
expires
Wed, 02 Aug 2023 16:04:47 GMT
scripts.6379d19a505145496ecf.js
www.bahn.de/.resources/bahn-common-light/webresources/js/
269 KB
77 KB
Script
General
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts.6379d19a505145496ecf.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e329e312297f4c9674b3bdc6ca871a6fcc0a55a18574ab16a7a75a94725e14f8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/service/mobile
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Wed, 28 Jun 2023 13:58:41 GMT
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-frame-options
sameorigin, SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
public, max-age=31158432
server-timing
intid;desc=5fe83c861d33c979
content-length
76665
x-xss-protection
1; mode=block
expires
Fri, 28 Jun 2024 07:11:59 GMT
fSuggest_v1512-cms.min.js
www.bahn.de/.resources/bahn-common-light/webresources/assets/js/
25 KB
8 KB
Script
General
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/assets/js/fSuggest_v1512-cms.min.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d94894332082135766996807fe098b2f2a37b74f2f09bbc218578d9ff9981a53
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/service/mobile
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Tue, 02 May 2023 11:53:25 GMT
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-frame-options
sameorigin, SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
public, max-age=26898350
server-timing
intid;desc=716ae68b0fa56c71
content-length
5903
x-xss-protection
1; mode=block
expires
Thu, 09 May 2024 23:50:37 GMT
fSuggest_toptreffer.min.js
www.bahn.de/.resources/bahn-common-light/webresources/assets/js/
39 KB
9 KB
Script
General
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/assets/js/fSuggest_toptreffer.min.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4c9951d2e91bf613d354f4d2f20d69df0ae3bcfffcef1b5abded73f584a10730
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/service/mobile
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Thu, 13 Apr 2023 14:16:52 GMT
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-frame-options
sameorigin, SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
public, max-age=26980935
server-timing
intid;desc=d488d9441bdfa46d
content-length
7674
x-xss-protection
1; mode=block
expires
Fri, 10 May 2024 22:47:02 GMT
8033263973.js
cdn.optimizely.com/js/
518 KB
145 KB
Script
General
Full URL
https://cdn.optimizely.com/js/8033263973.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3400:196::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0894489837c1ef9233a5819908e6f81f0feccf94bec3f1610498c244e593b447
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
9JAqsuGLNkF9AsoqipYESgf2d.QowDXQ
content-encoding
gzip
date
Mon, 03 Jul 2023 16:04:47 GMT
strict-transport-security
max-age=15768000
x-amz-request-id
GC7787PXB007QSB8
x-amz-server-side-encryption
AES256
x-amz-meta-revision
24084
x-amz-replication-status
PENDING
server-timing
cdn-cache; desc=HIT, edge; dur=14, origin; dur=0, cdn;desc="AkamaiION";dur=0,rtt;desc="10";dur=0,cdnip;desc="2a02:26f0:3400:196::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0, ak_p; desc="469000_386095150_148344846_1457_2624_9_0_-";dur=1
content-length
147486
x-amz-id-2
0twlJI6oTKnZgzat9OlYsVuXiHaqoaWyPmAfoJIZ+onhdZZZ/VaJNqoajiDjiu3499ejdr9sWp0=
last-modified
Mon, 03 Jul 2023 06:55:22 GMT
server
AmazonS3
etag
"e57fe896996b57d1d01faa713df07e74"
vary
Accept-Encoding
access-control-max-age
86400
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
access-control-expose-headers
x-amz-meta-revision
cache-control
max-age=1200
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
truncated
/
336 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bbd5a134190030a84e4648653bace9063f9de7c02c7d0a87d93bc37bfa087018

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
428 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f8e2e1a340e5f7ec9d39d04a6192fa216bf444f848e45753e3b7f9ee44f2ce59

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
326 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7f8b2a14ddf993f121707740b9861710887208ee9dfba03b97b3245bc6084537

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
35 KB
35 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6565f827b8c4678937e4e26f98779af77304e1d87f3e81ebbafcc51b34cf7f9c

Request headers

Referer
Origin
https://www.bahn.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
application/x-font-woff2;charset=utf-8
truncated
/
45 KB
45 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8e04ee1aeda1980025084d1393df4f306c133bea1e4efb09747cbd73ec9af537

Request headers

Referer
Origin
https://www.bahn.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
application/x-font-woff2;charset=utf-8
truncated
/
47 KB
47 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ac850d458b1443353c2e4acf1dfbcc8ef559a4c3a54477156f89dba9d8ff5f09

Request headers

Referer
Origin
https://www.bahn.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
application/x-font-woff2;charset=utf-8
utag.js
cms.static-bahn.de/tms/bahn-cms-main/
221 KB
60 KB
Script
General
Full URL
https://cms.static-bahn.de/tms/bahn-cms-main/utag.js?v=1
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e1:1800:c:198:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
415f10db2fd9776bcaf0a169d9455d69a614b7b7e941e418ad5e556e0cd24f8f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 03 Jul 2023 10:16:51 GMT
x-amz-version-id
IEgVFYFDSk.reUgjyEftxCAe3I_HWiUz
content-encoding
gzip
last-modified
Mon, 03 Jul 2023 10:16:37 GMT
server
AmazonS3
via
1.1 a06b3af7aeb84a80d60dd16b849e62e0.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C2
etag
W/"b6dfcc041156bd77c9746141e7fdd223"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
age
20877
x-amz-cf-id
mvsn1UHXZEVo7pUxHR8NdUAvtEGKtZc05sYgwPfFs1dfXTmyzIWUfw==
truncated
/
336 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7184e7d993c950e2d1c3812b40d1a1f534d7a6c43994ec6922055975fdfddb18

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
336 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9bb64f773a49b48e32baf65f4717018bcff7cc567de18b7595ffe7e6b10f2aa4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
208 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a30e6d88034ba9769cf08be9b3069814dfaf577fde4ad1d887b54abc2cdae057

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
geo4.js
cdn3.optimizely.com/js/
306 B
788 B
Script
General
Full URL
https://cdn3.optimizely.com/js/geo4.js
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.37.32.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-32-235.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
032db0afc485fd2abe2235d1dc81e5395af57fc8ef0981d11013c4c72e7ba122

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id
F8W1XaLRNmnJXrMgZ6ZMuxtE6L376GC.
Date
Mon, 03 Jul 2023 16:04:47 GMT
Server
AmazonS3
x-amz-request-id
DVJHTHDR9P3YFV07
x-amz-server-side-encryption
AES256
ETag
"8777c006589ecabfa3d63a6b5bf24393"
Content-Type
application/javascript
Cache-Control
max-age=55999
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
306
x-amz-id-2
lFDaugG6s6YidIuugm+hsMZOkgtLz0yIE6dxWwdwOZC2UPhoA6xND7ORws/YAPvDBf+NR2xlKKM=
a791773171.html
a791773171.cdn.optimizely.com/client_storage/ Frame 8E53
1 KB
1 KB
Document
General
Full URL
https://a791773171.cdn.optimizely.com/client_storage/a791773171.html
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.215.21.78 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-78.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
1d9d7e07fadb6f47cb23ee8ccd1adad542c247154411a9f949e4432e14549bfc
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://www.bahn.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=120
content-encoding
gzip
content-length
764
content-type
text/html; charset=utf-8
date
Mon, 03 Jul 2023 16:04:47 GMT
etag
"ee6e8cfc73da1888ede723522c9bb1ae"
last-modified
Mon, 03 Jul 2023 06:55:03 GMT
server
AmazonS3
server-timing
cdn-cache; desc=HIT edge; dur=1 cdn;desc="AkamaiION";dur=0,rtt;desc="10";dur=0,cdnip;desc="23.215.21.78";dur=0,cdnmap;desc="a4343.a.akamaiedge.net";dur=0,proto;desc="h2";dur=0 ak_p; desc="469000_34664583_149069080_15_1188_10_0_-";dur=1
strict-transport-security
max-age=15768000
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,2
x-amz-id-2
K90z+i2fqgIJkKrDpIe1C9bgcM1ytWj10SJOjCBPJ5SLjgx69/gIdhWswN3SHdplcVzbRcPwmQ4=
x-amz-meta-pci_enabled
False
x-amz-replication-status
COMPLETED
x-amz-request-id
NAJF82N60YESFNBB
x-amz-server-side-encryption
AES256
x-amz-version-id
FGWNQ90Rfo2PWIApus8wK9uvsZoB5GA1
accordion.cdde61e5b38856da26f4.js
www.bahn.de/.resources/bahn-common-light/webresources/js/
4 KB
4 KB
Script
General
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/accordion.cdde61e5b38856da26f4.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts.6379d19a505145496ecf.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
333b49166e17f50a8a01c1655a4a5624984efd27ab7e2a36fed9bac8f41229de
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/service/mobile
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Wed, 28 Jun 2023 13:58:41 GMT
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-frame-options
sameorigin, SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
public, max-age=31158465
server-timing
intid;desc=94cb6fcd13737375
content-length
1680
x-xss-protection
1; mode=block
expires
Fri, 28 Jun 2024 07:12:32 GMT
vendors~faq-search-with-filter~loginButton~vue-disruption-news~vue-navigation-mobile~vue-overlay~vue~5e170399.d888662809068231daa0.js
www.bahn.de/.resources/bahn-common-light/webresources/js/
80 KB
30 KB
Script
General
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/vendors~faq-search-with-filter~loginButton~vue-disruption-news~vue-navigation-mobile~vue-overlay~vue~5e170399.d888662809068231daa0.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts.6379d19a505145496ecf.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
be6d5b3d5bdf1155f7586566ea98d9ffad1279b1fc01819a1c439a2dd1edcf1e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/service/mobile
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Wed, 28 Jun 2023 13:58:41 GMT
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-frame-options
sameorigin, SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
public, max-age=31158530
server-timing
intid;desc=7f9356a52c22a29f
content-length
28822
x-xss-protection
1; mode=block
expires
Fri, 28 Jun 2024 07:13:37 GMT
vue-popup.9b256aab89a48b6831ee.js
www.bahn.de/.resources/bahn-common-light/webresources/js/
5 KB
4 KB
Script
General
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/vue-popup.9b256aab89a48b6831ee.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts.6379d19a505145496ecf.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1e79229c7df2e03d6794a4f988a4992e3324b1111a46156ef37cb96a95307e0c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/service/mobile
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Wed, 28 Jun 2023 13:58:41 GMT
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-frame-options
sameorigin, SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
public, max-age=31158466
server-timing
intid;desc=8b5468763dda2b91
content-length
1984
x-xss-protection
1; mode=block
expires
Fri, 28 Jun 2024 07:12:33 GMT
content-teaser-dropdown.886710cb492556995361.js
www.bahn.de/.resources/bahn-common-light/webresources/js/
3 KB
3 KB
Script
General
Full URL
https://www.bahn.de/.resources/bahn-common-light/webresources/js/content-teaser-dropdown.886710cb492556995361.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts.6379d19a505145496ecf.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
38acdd87ab2fe42f1434b1af4bd86862954037d2a637cc01a91a0e814e92b4eb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/service/mobile
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 03 Jul 2023 16:04:47 GMT
last-modified
Wed, 28 Jun 2023 13:58:41 GMT
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-frame-options
sameorigin, SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
public, max-age=31158478
server-timing
intid;desc=439b77df78cc9d2b
content-length
1207
x-xss-protection
1; mode=block
expires
Fri, 28 Jun 2024 07:12:45 GMT
index.html
www.bahn.de/.resources/bahn-common/webresources/storage/ Frame 6362
2 KB
1 KB
Document
General
Full URL
https://www.bahn.de/.resources/bahn-common/webresources/storage/index.html
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts.6379d19a505145496ecf.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
197be260b9d7d1e294764119d0d174c910b9bf0d15a18ffb9db1df2680b975f3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'; frame-ancestors 'self' https:; img-src 'self' data:; object-src 'none';
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/service/mobile
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=300
content-encoding
gzip
content-length
762
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'; frame-ancestors 'self' https:; img-src 'self' data:; object-src 'none';
content-type
text/html;charset=UTF-8
date
Mon, 03 Jul 2023 16:04:47 GMT
expires
Mon, 03 Jul 2023 16:09:47 GMT
last-modified
Thu, 22 Jun 2023 08:41:08 GMT
server-timing
intid;desc=8121ad007c60c065
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
sameorigin SAMEORIGIN
x-xss-protection
1; mode=block
lmiframe.html
ps.bahn.de/common/content/html/ Frame 496C
2 KB
3 KB
Document
General
Full URL
https://ps.bahn.de/common/content/html/lmiframe.html
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts.6379d19a505145496ecf.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
81.200.197.91 Frankfurt am Main, Germany, ASN34156 (BAHN-AS-BLN, DE),
Reverse DNS
Software
/
Resource Hash
cc8fd7d0ac45eb34a7d792405c627c171b91815d673f51328e12c08d8bdef796
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bahn.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Length
2267
Content-Type
text/html; charset=UTF-8
Date
Mon, 03 Jul 2023 16:04:47 GMT
Last-Modified
Thu, 29 Jun 2023 10:06:09 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
desktop
www.bahn.de/.rest/navigation/
10 KB
4 KB
XHR
General
Full URL
https://www.bahn.de/.rest/navigation/desktop?root=39e687d3-45b7-4cc7-b3dc-9a3cff2abf33&loc=LEGACY&language=de&productSite=true&linkPrefix=
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/.resources/bahn-common-light/webresources/js/scripts.6379d19a505145496ecf.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d5f688e9f96e94cf0161a50d9e167926f9d9333918f198d7e605895e285c6f71
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/service/mobile
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 03 Jul 2023 16:04:47 GMT
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
x-frame-options
sameorigin, SAMEORIGIN
vary
Accept-Encoding
content-type
application/json;charset=UTF-8
cache-control
public, max-age=277
server-timing
intid;desc=a99a57051ccecce1, intid;desc=a99a57051ccecce1
content-length
1901
x-xss-protection
1; mode=block
expires
Mon, 03 Jul 2023 16:09:24 GMT
consent-layer-loader.js
cms.static-bahn.de/cms/consent-layer/js/
6 KB
3 KB
Script
General
Full URL
https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-loader.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e1:1800:c:198:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
baf4f927974c37dcdd31a3d3e54fc0fe8956cb2a84a68dd28a82224e05dcaacf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 03 Jul 2023 10:16:52 GMT
x-amz-version-id
FYYNNUQXuiyTzsHSSqt73kan0ItFUzWD
content-encoding
gzip
last-modified
Thu, 29 Jun 2023 07:49:20 GMT
server
AmazonS3
via
1.1 a06b3af7aeb84a80d60dd16b849e62e0.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C2
etag
W/"8e5e4299c4ebee5326386778307f7f89"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
age
20876
x-amz-cf-id
vKa5Vt1thxTbCdYWoYFHjVphYzgybh0qGZyPD3Jc-QDNqd9a_K8JYQ==
utag.3.js
cms.static-bahn.de/tms/bahn-cms-main/
60 KB
21 KB
Script
General
Full URL
https://cms.static-bahn.de/tms/bahn-cms-main/utag.3.js?utv=ut4.48.202303291515
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/tms/bahn-cms-main/utag.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e1:1800:c:198:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0cd5353a1fe0dc6b7b81bf31776c6a3fac1d661b0b6dd6591bdf4c57f5b8935a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 03 Jul 2023 10:16:52 GMT
x-amz-version-id
W36QyDarlz.KlJOTPKD2p_s4wlDT_a8O
content-encoding
gzip
last-modified
Mon, 03 Jul 2023 10:16:37 GMT
server
AmazonS3
via
1.1 a06b3af7aeb84a80d60dd16b849e62e0.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C2
etag
W/"11bc2d9bfe3b6de16f8659cd359dae95"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
age
20876
x-amz-cf-id
ysLPR9kJERz6YlQHjnmiNO5_fVGtTNGTNKgrs264Z1BRCQsaBKsDUw==
utag.12.js
cms.static-bahn.de/tms/bahn-cms-main/
2 KB
2 KB
Script
General
Full URL
https://cms.static-bahn.de/tms/bahn-cms-main/utag.12.js?utv=ut4.48.202302160750
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/tms/bahn-cms-main/utag.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e1:1800:c:198:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
14d13ea8269c189b142a3e7ff0be156e80436dd448d5f6da52b21ba227acbe1c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 03 Jul 2023 10:16:52 GMT
x-amz-version-id
TdbabaaRWIDZ64HwDZaHeDGlPBZSpK6J
content-encoding
gzip
last-modified
Mon, 03 Jul 2023 10:16:37 GMT
server
AmazonS3
via
1.1 a06b3af7aeb84a80d60dd16b849e62e0.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C2
etag
W/"9f18c32cc44f6e97eba905d24757cf65"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
age
20876
x-amz-cf-id
FrFP0FSA0XM5u4zalpyNdi6Sq_8NqK4vXvNwzVvTcswgOjr070t3nw==
consent-layer-standalone.300cc0362681cfdee901.js
cms.static-bahn.de/cms/consent-layer/js/
350 KB
261 KB
Script
General
Full URL
https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-standalone.300cc0362681cfdee901.js
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e1:1800:c:198:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a1cfbb679b97790b1f94ec2c95fdd2050069223e642f18e797503d6abf31ac87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 03 Jul 2023 10:16:52 GMT
x-amz-version-id
Xd9.I5sEaDhl1DtpnDH_Fza6HHWVoHCM
content-encoding
gzip
last-modified
Thu, 29 Jun 2023 07:49:20 GMT
server
AmazonS3
via
1.1 a06b3af7aeb84a80d60dd16b849e62e0.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C2
etag
W/"c466a6a8af259004dea26538181200ff"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
age
20876
x-amz-cf-id
hyXCwpYaU5XKhCpEPgwD3iz5l9TbtPrgzUh3RzSohNBSUIiPwcvOhg==
consent-layer.949d177b359eb7bd81ce.js
cms.static-bahn.de/cms/consent-layer/js/
43 KB
13 KB
Script
General
Full URL
https://cms.static-bahn.de/cms/consent-layer/js/consent-layer.949d177b359eb7bd81ce.js
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e1:1800:c:198:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
838c2d6d6d22074072583451bddae228041ebb6a3133b7892ca25eb26afbc6dd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 03 Jul 2023 10:16:52 GMT
x-amz-version-id
ofiX3_KcqdvbRFYeZx.BGB9M7sCxk38w
content-encoding
gzip
last-modified
Thu, 29 Jun 2023 07:49:20 GMT
server
AmazonS3
via
1.1 a06b3af7aeb84a80d60dd16b849e62e0.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C2
etag
W/"97dbb15aabbb408afd8171fc98657393"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
age
20875
x-amz-cf-id
SDs6hhHU5iUTvho8C2ciTQyOt-bwu1R6VeNUhPXvG3aeKDp1jY9hnw==
es6-promise.js
www.img-bahn.de/s3/prod/es//js/ Frame 496C
32 KB
7 KB
Script
General
Full URL
https://www.img-bahn.de/s3/prod/es//js/es6-promise.js
Requested by
Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.35.199 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-35-199.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
82e5a556f607b2cc1eda8e23198af2925599b002c5c64dc1ae401bd8f50c3708

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ps.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Mon, 03 Jul 2023 16:04:47 GMT
Content-Encoding
gzip
Last-Modified
Mon, 19 Jun 2023 06:11:35 GMT
Server
AmazonS3
x-amz-request-id
WZT8ZPZ8RJ66PWB3
ETag
"c833d9c873652af4a666772e9930b031"
x-amz-server-side-encryption
AES256
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6686
x-amz-id-2
ri2xKCIxFeRUMp531GzzQ/PnbZSmUV7Vfy/1ueONKdyEvv95l0yFCfIzkWhOdBcm6UYprMqRVcE=
Expires
Mon, 03 Jul 2023 16:19:47 GMT
common.js
www.img-bahn.de/s3/prod/es//js/ Frame 496C
98 KB
15 KB
Script
General
Full URL
https://www.img-bahn.de/s3/prod/es//js/common.js
Requested by
Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.35.199 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-35-199.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f23c52748752a96bd03ac7947b5af301adf32569925eb7508a73e4d7eefe503f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ps.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Mon, 03 Jul 2023 16:04:47 GMT
Content-Encoding
gzip
Last-Modified
Mon, 19 Jun 2023 06:11:34 GMT
Server
AmazonS3
x-amz-request-id
AT036JCEF1Y80Q11
ETag
"3c1e99b965b4357bc07c1e3735b1bfe6"
x-amz-server-side-encryption
AES256
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
14900
x-amz-id-2
MmKh1EZwlTokSpBo5GL4d1eg1p3ifd6U/vS9TisyMflMVkqO9ejzl+qetVdVZfzxGVDhnFJ0oRY=
Expires
Mon, 03 Jul 2023 16:19:47 GMT
softlogin.js
www.img-bahn.de/s3/prod/es//js/ Frame 496C
120 KB
21 KB
Script
General
Full URL
https://www.img-bahn.de/s3/prod/es//js/softlogin.js
Requested by
Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.35.199 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-35-199.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
2175c4afb1de7a1220ca79e885317c18895f9448663f6a2b1262f2a213e671d7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ps.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Mon, 03 Jul 2023 16:04:47 GMT
Content-Encoding
gzip
Last-Modified
Mon, 19 Jun 2023 06:11:35 GMT
Server
AmazonS3
x-amz-request-id
YX6EBSFXFMPH8W9R
ETag
"ba3e69d0defa4b073af24b462151943b"
x-amz-server-side-encryption
AES256
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
21463
x-amz-id-2
0/DYJh5Pob8yxcpvH1x3OkdGYeDw0aOuBIqBZPtrS9rrca2CQ9tXme7MWg1iscsSC4xUrOrTunI=
Expires
Mon, 03 Jul 2023 16:19:47 GMT
id
www.bahn.de/st/
48 B
737 B
XHR
General
Full URL
https://www.bahn.de/st/id?d_visid_ver=5.0.0&d_fieldgroup=A&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&mid=74183314294019761723930657922093165136&ts=1688400287922
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/tms/bahn-cms-main/utag.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
jag /
Resource Hash
161fecb3ebe5bffbeea2c13f5b97dddf55f4af9647a27ee5771a3f8ff2e8e4a9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/service/mobile
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 03 Jul 2023 16:04:47 GMT
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
server
jag
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy"
access-control-allow-origin
*
content-type
application/x-javascript;charset=utf-8
cache-control
private, no-cache, no-store, no-transform
content-length
48
x-xss-protection
1; mode=block
expires
Mon, 03 Jul 2023 16:04:47 GMT
a2987.js
cdn.m-pathy.com/js/
28 KB
7 KB
Script
General
Full URL
https://cdn.m-pathy.com/js/a2987.js
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/tms/bahn-cms-main/utag.12.js?utv=ut4.48.202302160750
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2113:1e00:18:46be:3a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
5d38b3e8386d2c25b3ae5a272c59337c6163955397355890040a3bddf5cb127f

Request headers

Referer
https://www.bahn.de/
Origin
https://www.bahn.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 03 Jul 2023 15:31:13 GMT
content-encoding
gzip
via
1.1 017f53dabba83d3e5e9416772ca309f6.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG3-C1
age
2015
x-cache
Hit from cloudfront
content-length
7158
last-modified
Fri, 30 Jun 2023 23:03:33 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"71b5-5ff60d372ff7a-gzip"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
bcRbxjbJdxlEKiZUf5Iep8IYVTrmxW33Gt0MBzQBQRaaNiCYvePYuQ==
expires
Mon, 03 Jul 2023 16:31:13 GMT
4.1848b8e532ed0143b46f.js
cms.static-bahn.de/cms/consent-layer/js/
35 KB
9 KB
Script
General
Full URL
https://cms.static-bahn.de/cms/consent-layer/js/4.1848b8e532ed0143b46f.js
Requested by
Host: cms.static-bahn.de
URL: https://cms.static-bahn.de/cms/consent-layer/js/consent-layer-loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e1:1800:c:198:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a1c8eb1600c141e30f4aa2ad92096e25da525bf2bd29017cf0ace0f7d81e615b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 03 Jul 2023 10:16:53 GMT
x-amz-version-id
ooUncCkpESVTfKUW1QBReNzOxje0MTmP
content-encoding
gzip
last-modified
Thu, 29 Jun 2023 07:49:20 GMT
server
AmazonS3
via
1.1 a06b3af7aeb84a80d60dd16b849e62e0.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C2
etag
W/"bdb0d1cbbf2bdebf8d0bb36a4cff18c6"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
age
20875
x-amz-cf-id
FbyJN4ONdfSMw5sH7sIroOz3lKdHhQRbzmpwfL8JjS7kGqkRb-C_GQ==
Texte
ps.bahn.de/webservices/rest/resource/ Frame 496C
1 KB
2 KB
XHR
General
Full URL
https://ps.bahn.de/webservices/rest/resource/Texte?r=a05fb445
Requested by
Host: www.img-bahn.de
URL: https://www.img-bahn.de/s3/prod/es//js/softlogin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
81.200.197.91 Frankfurt am Main, Germany, ASN34156 (BAHN-AS-BLN, DE),
Reverse DNS
Software
/
Resource Hash
60bd5eda808d876a78ad16448c09a4b81b79bc9420ba357e0619eedc4bf11160
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Mon, 03 Jul 2023 16:04:48 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
X-ORACLE-DMS-ECID
5ea698c3-0bfe-4ab3-9a29-baff49b03b95-003a3ebd
Content-Type
application/json
X-ORACLE-DMS-RID
0
Connection
keep-alive
Content-Length
1377
truncated
/
208 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9ba7319051bb586b77a46b5aa7a664f577f1e95a78be1129f12476deeef241c7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
516 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a60a6064ac1724bb0abd0c82cc440ed072cb972ec5262430b5b42c7c859d37d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml
loader.js
cdn.m-pathy.com/modules/4.22-189/
42 KB
15 KB
Script
General
Full URL
https://cdn.m-pathy.com/modules/4.22-189/loader.js
Requested by
Host: cdn.m-pathy.com
URL: https://cdn.m-pathy.com/js/a2987.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2113:1e00:18:46be:3a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
9680e489e44a0eb86a07ce5a293eb95584e51bf8cab2449a8d4a2c15b70f70b7

Request headers

Referer
https://www.bahn.de/
Origin
https://www.bahn.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 03 Jul 2023 15:21:39 GMT
content-encoding
gzip
via
1.1 017f53dabba83d3e5e9416772ca309f6.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG3-C1
age
2589
x-cache
Hit from cloudfront
content-length
14517
last-modified
Thu, 25 Nov 2021 13:30:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"a72e-5d19cf9d2d300-gzip"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=2419200
accept-ranges
bytes
x-amz-cf-id
lEBEyOZq8bROSJIsMqAIs5qC6lf0SbSJ25dgDx7p5CwK_sExvSNZ4Q==
expires
Mon, 31 Jul 2023 15:21:39 GMT
s31546050083382
www.bahn.de/st/b/ss/dbbahnprod/1/JS-2.20.0/
43 B
792 B
Image
General
Full URL
https://www.bahn.de/st/b/ss/dbbahnprod/1/JS-2.20.0/s31546050083382?AQB=1&ndh=1&pf=1&t=3%2F6%2F2023%2016%3A4%3A48%201%200&sdid=2BF12A61A7664CEB-50B433AB89E7BE2F&mid=74183314294019761723930657922093165136&ce=UTF-8&ns=deutschebahn&pageName=bahn-de_service_mobile&g=https%3A%2F%2Fwww.bahn.de%2Fservice%2Fmobile&cc=EUR&ch=Content&c4=Content&v4=Content&c22=D%3Dv75&v22=D%3Dv75&c24=D%3DpageName&v24=D%3DpageName&c69=logout&v69=logout&v74=D%3DpageName&c75=D%3Dv75&v75=https%3A%2F%2Fwww.bahn.de%2Fservice%2Fmobile&v112=service_mobile&v117=de&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&AQE=1
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/service/mobile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.21.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-47.deploy.static.akamaitechnologies.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bahn.de/service/mobile
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 03 Jul 2023 16:04:48 GMT
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
p3p
CP="This is not a P3P policy"
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 04 Jul 2023 16:04:48 GMT
server
jag
etag
3625812011523571712-4619702770332313037
x-frame-options
SAMEORIGIN
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
private, no-cache, no-store, no-transform
expires
Mon, 03 Jul 2023 16:04:48 GMT
log
errors.client.optimizely.com/ Frame
0
0
Preflight
General
Full URL
https://errors.client.optimizely.com/log
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.205.98.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-205-98-13.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.bahn.de
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Origin
https://www.bahn.de
Access-Control-Max-Age
1800
Allow
POST,OPTIONS
Connection
keep-alive
Content-Length
13
Content-Type
text/plain
Date
Mon, 03 Jul 2023 16:04:48 GMT
log
errors.client.optimizely.com/
0
237 B
XHR
General
Full URL
https://errors.client.optimizely.com/log
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.205.98.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-205-98-13.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bahn.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
application/json

Response headers

Access-Control-Allow-Origin
https://www.bahn.de
Access-Control-Expose-Headers
Date
Mon, 03 Jul 2023 16:04:48 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/plain
events
logx.optimizely.com/v1/
0
356 B
XHR
General
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.210.37.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-210-37-103.compute-1.amazonaws.com
Software
nginx/1.21.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bahn.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Mon, 03 Jul 2023 16:04:49 GMT
Server
nginx/1.21.0
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.bahn.de
Access-Control-Expose-Headers
X-Results-Data-Source
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-Request-Id
3dcd98fe-635a-4db0-bc95-4141dcd55100

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 boolean| credentialless object| onbeforetoggle object| onscrollend object| bahn object| skyframe object| consentLayer object| utag_data undefined| _ object| optimizely object| bahn_customer_id function| optimizely_url_contains function| optimizely_get_param function| optimizelyTracking number| startTime number| duration object| webpack_common_light function| clearImmediate function| setImmediate string| view object| digitalData function| DataLayerHelper object| softlogin string| gFSUGGEST number| gFSuggestInstanceCounter object| gFSuggestInstances string| FSuggestVersion string| FSuggestLastMod object| FSuggestFilter function| FSuggest function| reinitializeFSuggest function| checkForMatches object| SLs function| checkHWAIUsage boolean| bodySelect object| topCities object| cid boolean| utag_condload function| isInIframe object| utag function| e boolean| __tealium_twc_switch object| utag_cfg_ovrd object| teal object| helper function| ParseUserAgent object| adobe function| Visitor object| webpack_consent-layer string| globalAccount object| s number| inHeadTS function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_ActivityMap object| s_c_il number| s_c_in number| s_objectID number| s_giq object| Mpathy boolean| mpathy_loaded object| s_i_dbbahnprod

17 Cookies

Domain/Path Name / Value
.bahn.de/ Name: hl-optout
Value: 1
.bahn.de/ Name: ak_bmsc
Value: 51B4EAFF08F76B21113F39C74AD97F80~000000000000000000000000000000~YAAQkPAQAkEnDByJAQAALNd/HBRS0ICwbetftakG0JYG1+KIFu2A3TSC+5PGUsvYcctZPZbkOTs/E8xB1Wxv3i1cD68tN7lc7tfVH2rD7Nz1q7nEGh4026/89Ib2eWdZEMMi4Jhtrkgrm8QLPC2EWSR2gJDisweKxiDECnHM+pu9qm5hfDZuRpY0X/hy7uvxxNGrdFRJFOW//4NUfzAt1fjUQ22T+xq+gYxxafnJ3EQ2FY4ald/xbumeb37k3TajdG7fc4maHiWaTqcTOoFTpv1iOfvcUnvKF35nFCiZZmcnPVga7aHFdpQ2BB25WYaeVTxUFgKuu7MMlmu/Wt/Ljp6YkS2p1bQyrZjdKwWXzvwKBHfyT9EfFyej0lmPuzpLAZoK0w==
.bahn.de/ Name: optimizelyEndUserId
Value: oeu1688400287772r0.5321828187217383
.bahn.de/ Name: request_consent_v
Value: 3
.bahn.de/ Name: bm_sv
Value: B42222B19C5D69A11880ADA5DF361B8F~YAAQkPAQAr8nDByJAQAAfNh/HBRcoonJL0wtETwfVArGi+tjMclu6TKpdECqYD4WszkrvxPjl4F8C1536B77UYEedlC+41dqwBhA/JCRtpxNAJiRnLvDqIQU8uSBx4jbfAjUK2he3av8dFO+XdvbYKhtz9CGVSPPLBgxvl26K8ECJGar+4QxDLrhyewa3OIqwMiVUTvydVanpTyoD+r4p4mBdMEupo4Hx8f6/2+PAGHxXFUTzyd3TYBKHcLg~1
.bahn.de/ Name: utag_main
Value: v_id:01891c7fd877001ddb3553b214f603074002206c00b08$_sn:1$_se:1$_ss:1$_st:1688402087864$ses_id:1688400287864%3Bexp-session$_pn:1%3Bexp-session$vapi_domain:bahn.de
.bahn.de/ Name: s_ecid
Value: MCMID%7C74183314294019761723930657922093165136
.bahn.de/ Name: AMCVS_5FA50A5953FB37E50A4C98BC%40AdobeOrg
Value: 1
.bahn.de/ Name: AMCV_5FA50A5953FB37E50A4C98BC%40AdobeOrg
Value: 870038026%7CMCIDTS%7C19542%7CMCMID%7C74183314294019761723930657922093165136%7CMCAID%7CNONE%7CMCOPTOUT-1688407487s%7CNONE%7CvVersion%7C5.0.0
ps.bahn.de/ Name: AWSALB
Value: RwBBE5Bn69F3d7Qjkp0Od17yzhb8MxiBVa2KufpvKeb9fCCi/OgBX2p7OlFBkvgKFzwh4KWdVYuBqYECNabSZNHwPenphgVETdKsYlPsGT2VXufacwQ6en+cAbMX
ps.bahn.de/ Name: AWSALBCORS
Value: RwBBE5Bn69F3d7Qjkp0Od17yzhb8MxiBVa2KufpvKeb9fCCi/OgBX2p7OlFBkvgKFzwh4KWdVYuBqYECNabSZNHwPenphgVETdKsYlPsGT2VXufacwQ6en+cAbMX
ps.bahn.de/ Name: TS01d8da74
Value: 0121ca1b95337c446f02fba71c9fbbbd64dd053ba8a53ec5028fcc44736795d15fbc718c60e2ecc0eec9eefbf0ed702f5060fe5689325e15ae8956abadd4f6f4f867c9056685f704524dcebee9b1dc2d76ad509718
.bahn.de/ Name: s_cc
Value: true
.bahn.de/ Name: mpt_rate_comparator_3372
Value: 31.3803158684266|1690992288062
.bahn.de/ Name: mpt_followpage
Value: 0|1689609888063
.bahn.de/ Name: mpt_tracking_active_3372
Value: 0|1690992288064
.bahn.de/ Name: mpt_vid
Value: 168840028806590570|1751472288065

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de;
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a791773171.cdn.optimizely.com
assets.static-bahn.de
cdn.m-pathy.com
cdn.optimizely.com
cdn3.optimizely.com
cms.static-bahn.de
errors.client.optimizely.com
logx.optimizely.com
ps.bahn.de
www.bahn.de
www.img-bahn.de
104.102.35.199
23.215.21.47
23.215.21.78
23.37.32.235
2600:9000:20e1:1800:c:198:5740:93a1
2600:9000:2113:1e00:18:46be:3a80:93a1
2a02:26f0:3400:196::13b8
2a02:26f0:480:23::1726:6283
52.205.98.13
54.210.37.103
81.200.197.91
032db0afc485fd2abe2235d1dc81e5395af57fc8ef0981d11013c4c72e7ba122
0894489837c1ef9233a5819908e6f81f0feccf94bec3f1610498c244e593b447
0b090ef3de9395be55c51cd1df36f6aba2066bf467beea1e8639eb768fd41455
0cd5353a1fe0dc6b7b81bf31776c6a3fac1d661b0b6dd6591bdf4c57f5b8935a
14ac55335191dc13490caac44ad962d9abdea9f444652919b8f2b5217fe0e729
14d13ea8269c189b142a3e7ff0be156e80436dd448d5f6da52b21ba227acbe1c
161fecb3ebe5bffbeea2c13f5b97dddf55f4af9647a27ee5771a3f8ff2e8e4a9
197be260b9d7d1e294764119d0d174c910b9bf0d15a18ffb9db1df2680b975f3
1d9d7e07fadb6f47cb23ee8ccd1adad542c247154411a9f949e4432e14549bfc
1e79229c7df2e03d6794a4f988a4992e3324b1111a46156ef37cb96a95307e0c
2175c4afb1de7a1220ca79e885317c18895f9448663f6a2b1262f2a213e671d7
244e671ce9c1ad965f1a9f60322cd4dc55dc7ef6f50e29f19ddee8be35b8dca7
29034c4d2d216aca373da904048b86dca19efa66eba98acf689029355407cceb
333b49166e17f50a8a01c1655a4a5624984efd27ab7e2a36fed9bac8f41229de
38acdd87ab2fe42f1434b1af4bd86862954037d2a637cc01a91a0e814e92b4eb
3928fe55939ab616f94a33ded85b669ab26ea671e53a61196ac63b433fd03c32
415f10db2fd9776bcaf0a169d9455d69a614b7b7e941e418ad5e556e0cd24f8f
4c9951d2e91bf613d354f4d2f20d69df0ae3bcfffcef1b5abded73f584a10730
5d38b3e8386d2c25b3ae5a272c59337c6163955397355890040a3bddf5cb127f
60bd5eda808d876a78ad16448c09a4b81b79bc9420ba357e0619eedc4bf11160
64778b5c26d18b33b49ca999605b57c02233d5628140873ac59b2386dcd43acc
6565f827b8c4678937e4e26f98779af77304e1d87f3e81ebbafcc51b34cf7f9c
6fbe7bb33882c33a34c825016963f3866be1b698c5e664edd8aa794a7336f23f
7184e7d993c950e2d1c3812b40d1a1f534d7a6c43994ec6922055975fdfddb18
7f8b2a14ddf993f121707740b9861710887208ee9dfba03b97b3245bc6084537
82e5a556f607b2cc1eda8e23198af2925599b002c5c64dc1ae401bd8f50c3708
838c2d6d6d22074072583451bddae228041ebb6a3133b7892ca25eb26afbc6dd
8e04ee1aeda1980025084d1393df4f306c133bea1e4efb09747cbd73ec9af537
947d50a6d49299e7815a7e61efa3d8c76255ee0f809e97174a8789431d4b26ce
9680e489e44a0eb86a07ce5a293eb95584e51bf8cab2449a8d4a2c15b70f70b7
97a4b50cf23c6f16bbef4d0fa7778d92415a2b347655d7e258ed50553f40e943
9ba7319051bb586b77a46b5aa7a664f577f1e95a78be1129f12476deeef241c7
9bb64f773a49b48e32baf65f4717018bcff7cc567de18b7595ffe7e6b10f2aa4
a1c8eb1600c141e30f4aa2ad92096e25da525bf2bd29017cf0ace0f7d81e615b
a1cfbb679b97790b1f94ec2c95fdd2050069223e642f18e797503d6abf31ac87
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a30e6d88034ba9769cf08be9b3069814dfaf577fde4ad1d887b54abc2cdae057
a60a6064ac1724bb0abd0c82cc440ed072cb972ec5262430b5b42c7c859d37d1
ac850d458b1443353c2e4acf1dfbcc8ef559a4c3a54477156f89dba9d8ff5f09
baf4f927974c37dcdd31a3d3e54fc0fe8956cb2a84a68dd28a82224e05dcaacf
bbd5a134190030a84e4648653bace9063f9de7c02c7d0a87d93bc37bfa087018
be6d5b3d5bdf1155f7586566ea98d9ffad1279b1fc01819a1c439a2dd1edcf1e
c9418c11a5cd3ac8df91d3c123c60055febb79ed49a63f4f5dd39f7ae8febe8e
cc8fd7d0ac45eb34a7d792405c627c171b91815d673f51328e12c08d8bdef796
d5f688e9f96e94cf0161a50d9e167926f9d9333918f198d7e605895e285c6f71
d94894332082135766996807fe098b2f2a37b74f2f09bbc218578d9ff9981a53
da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe
de9ba47b71405c9fcec50bb71998201cc225c90f796a40e8f67b92c1fe5345eb
e329e312297f4c9674b3bdc6ca871a6fcc0a55a18574ab16a7a75a94725e14f8
e3989b129418112cfd9594b255d8ec6f7faa9eb0ab09607e1d1e62cd3fd01b8f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f23c52748752a96bd03ac7947b5af301adf32569925eb7508a73e4d7eefe503f
f8e2e1a340e5f7ec9d39d04a6192fa216bf444f848e45753e3b7f9ee44f2ce59