owasp.org Open in urlscan Pro
2606:4700:10::ac43:a27 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://owasp.org/www-project-proactive-controls/
Submission: On October 17 via api (October 17th 2023, 11:53:06 pm UTC) from GB — Scanned from GB

Summary HTTP 35 Redirects Links 63 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 35 HTTP transactions. The main IP is 2606:4700:10::ac43:a27, located in United States and belongs to CLOUDFLARENET, US. The main domain is owasp.org. The Cisco Umbrella rank of the primary domain is 188642.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 4th 2023. Valid for: a year.

This is the only time owasp.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	2606:4700:10:... 2606:4700:10::ac43:a27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2606:50c0:800... 2606:50c0:8002::153	54113 (FASTLY) (FASTLY)
1	2606:4700:10:... 2606:4700:10::6816:b79	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3037::6815:2011	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	140.82.121.5 140.82.121.5	36459 (GITHUB) (GITHUB)
35	6

29 2606:4700:10::ac43:a27 (United States)

ASN13335 (CLOUDFLARENET, US)

owasp.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:50c0:8002::153 (United States)

ASN54113 (FASTLY, US)

buttons.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:b79 (United States)

ASN13335 (CLOUDFLARENET, US)

licensebuttons.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3037::6815:2011 (United States)

ASN13335 (CLOUDFLARENET, US)

img.shields.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 140.82.121.5 (Frankfurt am Main, Germany)

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-5-fra.github.com

api.github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	owasp.org owasp.org — Cisco Umbrella Rank: 188642	600 KB
2	shields.io img.shields.io — Cisco Umbrella Rank: 46465	3 KB
1	github.com api.github.com — Cisco Umbrella Rank: 4960	2 KB
1	licensebuttons.net licensebuttons.net — Cisco Umbrella Rank: 27666	2 KB
1	github.io buttons.github.io — Cisco Umbrella Rank: 65214	7 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	21 KB
35	6

	Domain	Requested by
29	owasp.org	owasp.org
2	img.shields.io	owasp.org
1	api.github.com	buttons.github.io
1	licensebuttons.net	owasp.org
1	buttons.github.io	owasp.org
1	www.google-analytics.com	owasp.org
35	6

This site contains links to these domains. Also see Links.

Domain
owasporg.atlassian.net
dc.globalappsec.org
lascon.org
owaspbenelux.eu
appsecpnw.org
members.owasp.org
owasp.us17.list-manage.com
www.youtube.com
creativecommons.org
twitter.com
github.com
www.linkedin.com
cheatsheetseries.owasp.org
www.coursera.org
hackercombat.com
techbeacon.com
binaryblogger.com
northeastphp2017.sched.com
www.appsecpodcast.org
appseceurope2017.sched.com
wwpi.com
assets.unisys.com
conference.phpnw.org.uk
www.thoughtworks.com
www.booz-allen.co.in
www.oreilly.com
www.owasp.org
www.qualys.com
www.datadoghq.com
www.backslash.security
detectify.com
soos.io
securityfirst.io
www.42crunch.com
www.f5.com
wallarm.com
www.facebook.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-04` - `2024-05-03`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.github.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-21` - `2024-03-20`	a year	crt.sh
shields.io GTS CA 1P5	`2023-09-04` - `2023-12-03`	3 months	crt.sh
*.github.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-16` - `2024-03-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://owasp.org/www-project-proactive-controls/
Frame ID: F2182C95E3AF76AC5C3224B3CBF46B01
Requests: 35 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OWASP Proactive Controls | OWASP Foundation

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

35
Requests

100 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

636 kB
Transfer

961 kB
Size

0
Cookies

63 Outgoing links

These are links going to different origins than the main page.

URL: https://owasporg.atlassian.net/servicedesk/customer/portal/7/create/70?src=-1419759666
Title: Start a New Project...

Search URL Search Domain Scan URL

URL: https://owasporg.atlassian.net/servicedesk/customer/portal/8/group/20/create/90?src=-1419759666
Title: Start a Local Chapter...

Search URL Search Domain Scan URL

URL: https://dc.globalappsec.org/
Title: OWASP Global AppSec DC 2023

Search URL Search Domain Scan URL

URL: https://lascon.org/
Title: OWASP LASCON 2023

Search URL Search Domain Scan URL

URL: https://owaspbenelux.eu/
Title: OWASP BeNeLux2023

Search URL Search Domain Scan URL

URL: https://appsecpnw.org/
Title: OWASP AppSec Days Pacific Northwest 2024

Search URL Search Domain Scan URL

URL: https://members.owasp.org/
Title: Membership Portal

Search URL Search Domain Scan URL

URL: https://owasp.us17.list-manage.com/subscribe?u=a8012c9e2e384bf8ea8d7deb7&id=22be76c892
Title: Subscribe to our Mailing List

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/OWASPGLOBAL/videos
Title: Video

Search URL Search Domain Scan URL

URL: https://creativecommons.org/licenses/by-sa/4.0/

Search URL Search Domain Scan URL

URL: https://twitter.com/OWASPControls

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/v3/OWASP_Top_10_Proactive_Controls_V3.docx
Title: project presentation

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/soareswallace1/
Title: Wallace Soares

Search URL Search Domain Scan URL

URL: https://cheatsheetseries.owasp.org/
Title: OWASP Cheat Sheet Series

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/v3/OWASP_Top_10_Proactive_Controls_V3.pdf
Title: PDF version

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/v3/OWASP_Top_Ten_Proactive_Controls_v3.pptx
Title: PPT download

Search URL Search Domain Scan URL

URL: https://www.coursera.org/directory/videos?courseId=V1k0pBtIEemZRAqH7m9oGA
Title: Identifying Security Vulnerabilities

Search URL Search Domain Scan URL

URL: https://hackercombat.com/implement-owasp-proactive-controls-to-work/
Title: Implement OWASP Proactive Controls to Work

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=Jdb3qweDc_Q
Title: Proactive Controls

Search URL Search Domain Scan URL

URL: https://techbeacon.com/security/put-owasp-top-10-proactive-controls-work
Title: Put OWASP Top 10 Proactive Controls to work

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=ldXe8f5yVq8
Title: The OWASP Top Ten Proactive Controls with Jim Manico

Search URL Search Domain Scan URL

URL: https://techbeacon.com/owasp-top-10-proactive-controls-2018-how-it-makes-your-code-more-secure
Title: OWASP Top 10 Proactive Controls 2018: How it makes your code more secure

Search URL Search Domain Scan URL

URL: https://binaryblogger.com/2018/09/17/owasp-top-10-proactive-controls-podcast-episodes/
Title: OWASP Top 10 Proactive Controls Podcast Episodes

Search URL Search Domain Scan URL

URL: https://techbeacon.com/developer-secure-code-starter-kit-resources
Title: Developer’s security guide: 50 online resources to shift left

Search URL Search Domain Scan URL

URL: https://northeastphp2017.sched.com/event/B6uo/owasp-top-10-proactive-controls-2016
Title: Northeast PHP Conference

Search URL Search Domain Scan URL

URL: https://www.appsecpodcast.org/2017/07/25/the-owasp-top-10-proactive-controls/
Title: OWASP Top 10 Proactive Controls

Search URL Search Domain Scan URL

URL: https://appseceurope2017.sched.com/event/A652/the-path-of-secure-software
Title: AppSec EU’17 - Belfast

Search URL Search Domain Scan URL

URL: http://wwpi.com/2017/02/14/managing-cloud-infrastructure-to-prevent-security-gaps/
Title: Managing Cloud Infrastructure to Prevent Security Gaps

Search URL Search Domain Scan URL

URL: http://assets.unisys.com/Documents/Global/POVPapers/POV_170062_ApplicationSecurityProgramProtectAgainstDataBreaches.pdf
Title: Application Security Program: Protect Against Data Breaches

Search URL Search Domain Scan URL

URL: http://conference.phpnw.org.uk/phpnw16/speakers/katy-anton/
Title: PHPNW16

Search URL Search Domain Scan URL

URL: https://www.thoughtworks.com/insights/blog/incorporating-security-best-practices-agile-teams
Title: Incorporating Security Best Practices into Agile Teams

Search URL Search Domain Scan URL

URL: http://www.booz-allen.co.in/content/dam/boozallen/documents/Viewpoints/2016/06/transformative-approach-to-secure-systems-delivery.pdf
Title: A Transformative Approach to Secure Systems Delivery

Search URL Search Domain Scan URL

URL: http://www.oreilly.com/webops-perf/free/devopssec.csp
Title: DevOpsSec - Securing Software through Continuous Delivery

Search URL Search Domain Scan URL

URL: https://www.owasp.org/images/a/a8/OWASPTop10ProactiveControls2016-Japanese.pdf
Title: Japanese Translation

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/v3/OWASP_Top_10_Proactive_Controls_V3-IT.pdf
Title: PDF Download

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/v3/OWASP_Top_10_Proactive_Controls_V3_Chinese.pdf
Title: PDF Download

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/v3/Owasp-top-10-proactive-controls-2018-russian.pdf
Title: PDF Download

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/v3/OWASP_TOP_10_Proactive_Controls_2018_V3_PL.pdf
Title: PDF Download

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/v3/OWASP_Top_10_Proactive_Controls_V3-AR.pdf
Title: PDF Download

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/v2/OWASPTop10ProactiveControls2016-Chinese.pdf
Title: PDF Download

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/v2/OWASPTop10ProactiveControls2016-SimplifiedChinese.pdf
Title: PDF Download

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/v2/OWASPTop10ProactiveControls2016-Japanese.pdf
Title: PDF Download

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/v2/OWASP_Proactive_Controls_2-Hebrew.pdf
Title: PDF Download

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/index.md
Title: Edit on GitHub

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/v3/OWASP-OPC-IEEEE-OTop10-OTMobTop10-ssdf.pdf
Title: Mapping to OWASP and IEEE Top 10

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/blob/master/v3/OWASP_TOP_10_Proactive_Controls_2018_V3_PT-BR.pdf
Title: Brazilian Portuguese

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-proactive-controls/
Title: OWASP Top 10 Proactive Controls

Search URL Search Domain Scan URL

URL: https://creativecommons.org/licenses/by-sa/3.0/us/
Title: Creative Commons ShareAlike 3 License

Search URL Search Domain Scan URL

URL: https://www.qualys.com/

Search URL Search Domain Scan URL

URL: https://www.datadoghq.com/

Search URL Search Domain Scan URL

URL: https://www.backslash.security/?utm_campaign=Launch&utm_source=owasp-sponsorship&utm_medium=banner&utm_content=homepage

Search URL Search Domain Scan URL

URL: https://detectify.com/

Search URL Search Domain Scan URL

URL: https://www.thoughtworks.com/

Search URL Search Domain Scan URL

URL: https://soos.io/

Search URL Search Domain Scan URL

URL: https://securityfirst.io/

Search URL Search Domain Scan URL

URL: http://www.42crunch.com/

Search URL Search Domain Scan URL

URL: https://www.f5.com/

Search URL Search Domain Scan URL

URL: https://wallarm.com/

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/OWASPFoundation

Search URL Search Domain Scan URL

URL: https://twitter.com/owasp

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/owasp/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/OWASPGLOBAL

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

35 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
owasp.org/www-project-proactive-controls/ 50 KB
16 KB 260ms
172ms Document
text/html 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a299144a551ff036f333bccecbe61e267ac8b81a3eac479de7709e8d476a9eef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
age: 0
cache-control: max-age=600
cf-cache-status: DYNAMIC
cf-ray: 817c752fbc54dd23-LHR
content-encoding: br
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
content-type: text/html; charset=utf-8
date: Tue, 17 Oct 2023 23:52:52 GMT
expires: Tue, 17 Oct 2023 23:48:22 GMT
last-modified: Fri, 25 Aug 2023 14:08:52 GMT
permissions-policy: geolocation=(self)
referrer-policy: same-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 1
x-content-type-options: nosniff
x-fastly-request-id: 826fc8ce382c1ef808acf072c84464da2b1d2c82
x-frame-options: SAMEORIGIN
x-github-request-id: CF06:6A31:10ECE8:11269E:652F1AEE
x-proxy-cache: MISS
x-served-by: cache-lcy-eglc8600067-LCY
x-timer: S1697586772.462235,VS0,VE111

GET
H2 200 js.cookie.js Show response
owasp.org/www--site-theme/assets/js/ 4 KB
2 KB 63ms
60ms Script
application/javascript 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/js.cookie.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

357c0ad66cf329f64d356786a5dd19700f8b4498b283db0922e374e68e544298

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 24e329467654ed681f2539306672cafc0bbb72d5
date: Tue, 17 Oct 2023 23:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Tue, 17 Oct 2023 22:43:20 GMT
x-served-by: cache-lcy-eglc8600072-LCY
referrer-policy: same-origin
last-modified: Thu, 12 Oct 2023 20:58:39 GMT
server: cloudflare
x-github-request-id: BF7A:7C27:BD23FB:BF3007:65285EA2
x-timer: S1697144483.218740,VS0,VE121
etag: W/"65285dff-fce"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 817c7530dd1edd23-LHR
x-cache-hits: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 145ms
45ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 17 Oct 2023 23:51:33 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 79
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 18 Oct 2023 01:51:33 GMT

GET
H2 200 styles.css
owasp.org/www--site-theme/assets/css/ 128 KB
25 KB 57ms
54ms Stylesheet
text/css 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/css/styles.css

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea313025ebfe6e5677fceab5f9bfa510ec1f4da1312358339f00b0d26f45a447

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 120f8d6db5ba5c258b9e134fc65e826a713312da
date: Tue, 17 Oct 2023 23:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: HIT
x-cache: HIT
expires: Tue, 17 Oct 2023 22:36:13 GMT
x-served-by: cache-lcy-eglc8600039-LCY
referrer-policy: same-origin
last-modified: Thu, 12 Oct 2023 20:58:46 GMT
server: cloudflare
x-github-request-id: 202A:A04C:BDC2B4:BFCDFA:65285E84
x-timer: S1697144483.219155,VS0,VE114
etag: W/"65285e06-1fe9b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 817c7530dd20dd23-LHR
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 jquery-3.4.1.min.js Show response
owasp.org/www--site-theme/assets/js/ 86 KB
31 KB 60ms
57ms Script
application/javascript 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/jquery-3.4.1.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 7ab6a1c130c9310f1e59bf8def91778af2b0fc31
date: Tue, 17 Oct 2023 23:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Tue, 17 Oct 2023 22:43:20 GMT
x-served-by: cache-lcy-eglc8600053-LCY
referrer-policy: same-origin
last-modified: Thu, 12 Oct 2023 20:58:39 GMT
server: cloudflare
x-github-request-id: 1A8E:C562:B9AAA4:BBC8EC:65285EA2
x-timer: S1697144483.349405,VS0,VE114
etag: W/"65285dff-15851"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 817c7530dd21dd23-LHR
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 util.js Show response
owasp.org/www--site-theme/assets/js/ 2 KB
3 KB 58ms
56ms Script
application/javascript 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/util.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbe2121765e2f3e921a42bcb9b0c78635b68cee1dccd1b1ec31089b9382ff514

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 3296cc47a2039ae205c0e8f194d673919509e7cf
date: Tue, 17 Oct 2023 23:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: HIT
x-cache: MISS
expires: Tue, 17 Oct 2023 22:42:06 GMT
x-served-by: cache-lcy-eglc8600058-LCY
referrer-policy: same-origin
last-modified: Thu, 12 Oct 2023 20:58:39 GMT
server: cloudflare
x-github-request-id: 97AA:1AB2:C3A04E:C5DC29:65285EA3
x-timer: S1697144484.555172,VS0,VE117
etag: W/"65285dff-89b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 817c7530dd22dd23-LHR
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 yaml.min.js Show response
owasp.org/www--site-theme/assets/js/ 42 KB
11 KB 63ms
61ms Script
application/javascript 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/yaml.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8ccdf0e45f181fc04f0d202779fff71aa76f27f0428a792e0e6f13fe1d0b085

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 2b4fcf1868b76228159fbd62e64f76bfbe5bb523
date: Tue, 17 Oct 2023 23:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: HIT
x-cache: HIT
expires: Tue, 17 Oct 2023 22:39:46 GMT
x-served-by: cache-lcy-eglc8600065-LCY
referrer-policy: same-origin
last-modified: Thu, 12 Oct 2023 20:58:39 GMT
server: cloudflare
x-github-request-id: C874:7C27:BE19DF:C02931:65285F7E
x-timer: S1697145176.421038,VS0,VE1
etag: W/"65285dff-a944"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 817c7530dd23dd23-LHR
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 luxon.min.js Show response
owasp.org/www--site-theme/assets/js/ 68 KB
23 KB 61ms
59ms Script
application/javascript 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/luxon.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f46950820ce4e5032d2519c3b0c2a73f48b64071b5efd95b7f52d3755f69d3ce

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 57401f752e3ea326b7ac85007f6b1de0a02b4d24
date: Tue, 17 Oct 2023 23:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Tue, 17 Oct 2023 22:43:20 GMT
x-served-by: cache-lcy-eglc8600064-LCY
referrer-policy: same-origin
last-modified: Thu, 12 Oct 2023 20:58:39 GMT
server: cloudflare
x-github-request-id: CBB0:D2B7:BD99B0:BFAF39:65285EA3
x-timer: S1697144484.761448,VS0,VE126
etag: W/"65285dff-111e3"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 817c7530dd24dd23-LHR
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 kjua.min.js Show response
owasp.org/www--site-theme/assets/js/ 28 KB
11 KB 59ms
57ms Script
application/javascript 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/kjua.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53d3b023092e049484c4e39ce6f50d1b8dd10074795e66da06e1140792a91d9a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 2607d5df92d424daab0f5fb9dca03192bc4238d9
date: Tue, 17 Oct 2023 23:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Tue, 17 Oct 2023 22:35:52 GMT
x-served-by: cache-lcy-eglc8600071-LCY
referrer-policy: same-origin
last-modified: Thu, 12 Oct 2023 20:58:39 GMT
server: cloudflare
x-github-request-id: 7622:F3E4:B9BBBB:BBD8FD:65285EA3
x-timer: S1697144484.820261,VS0,VE105
etag: W/"65285dff-6f0d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 817c7530dd25dd23-LHR
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 buttons.js Show response
buttons.github.io/ 19 KB
7 KB 81ms
27ms Script
application/javascript 2606:50c0:8002::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons.github.io/buttons.js
Requested by: Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 0738580e85e7fdef026f377d497b2791985a1b161bb9b573ed15798e1d91ea48

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 13727cfc036dcbfd05b5dc5a6e0e8fe1ecc68844
date: Tue, 17 Oct 2023 23:52:52 GMT
content-encoding: gzip
via: 1.1 varnish
x-cache-hits: 1
age: 423
x-cache: HIT
x-proxy-cache: MISS
content-length: 6828
x-served-by: cache-man4140-MAN
last-modified: Mon, 09 Oct 2023 15:23:10 GMT
server: GitHub.com
x-github-request-id: E110:D879:101BAF4:1057CF4:6524D11F
x-timer: S1697586773.781976,VS0,VE1
etag: W/"65241ade-4d5e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: interest-cohort=()
accept-ranges: bytes
expires: Tue, 10 Oct 2023 04:30:50 GMT

GET
H2 200 logo.png
owasp.org/assets/images/ 11 KB
13 KB 64ms
62ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/logo.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8902e5836a324eae0ab281a9be7d62683e025d503ce6778cce6768fb908c1089

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: f2899ff09ac52a22c695926243c47284e0cdb4d7
date: Tue, 17 Oct 2023 23:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Tue, 17 Oct 2023 22:34:46 GMT
content-length: 11091
x-served-by: cache-lcy-eglc8600043-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:53 GMT
server: cloudflare
x-github-request-id: EAC6:458A:121C862:1253E8A:652EA63B
x-timer: S1697556028.641460,VS0,VE115
etag: "652ea529-2b53"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c7530dd26dd23-LHR
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 88x31.png
licensebuttons.net/l/by-sa/4.0/ 1 KB
2 KB 124ms
39ms Image
image/png 2606:4700:10::6816:b79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://licensebuttons.net/l/by-sa/4.0/88x31.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:b79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c08e14ab3d42e97ef3a9134a75af83c2fbbc33acca238e4f9371ae58c696aee0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 23:52:52 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1012
cf-polished: origSize=5083
content-length: 1515
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Thu, 30 Apr 2020 21:59:13 GMT
server: cloudflare
etag: "5eab4a31-13db"
x-frame-options: deny
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 817c753168ed60f6-LHR

GET
H2 200 www-project-proactive-controls
img.shields.io/github/stars/OWASP/ 3 KB
2 KB 361ms
272ms Image
image/svg+xml 2606:4700:3037::6815:2011
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.shields.io/github/stars/OWASP/www-project-proactive-controls?label=Stars&style=social
Requested by: Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:2011 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 812f9764472aae35126307dd35703b549f428faa447c7f7da791d4c77baf4b54

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 23:52:53 GMT
via: 2 fly.io
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
fly-request-id: 01HD00WYSQZMAPCSF320PHT138-lhr
last-modified: Mon, 16 Oct 2023 21:16:22 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l8rygUMu2Vy05H6ejrSbwnFETKEWdnncokucGblGXv88NdlfdUDSAMKyqjS4gdX0e7zn3inWi7yImkEigaiokIlz2kGt9vh%2Fc5FOTVheUiS%2B%2B%2BEtreN3IaU7rZ9RXULh3TkxkTbStmCDgYWqcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=900, s-maxage=900
cf-ray: 817c7531d8be2502-LHR
expires: Wed, 18 Oct 2023 00:07:52 GMT

GET
H2 200 OWASPControls.svg
img.shields.io/twitter/follow/ 2 KB
1 KB 173ms
130ms Image
image/svg+xml 2606:4700:3037::6815:2011
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.shields.io/twitter/follow/OWASPControls.svg?style=social&label=Follow
Requested by: Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:2011 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb51822e7fd0689812661d84ef9d41d53b8019e0d07217446cdc4223b62a0dfd

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 23:52:52 GMT
via: 2 fly.io
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
fly-request-id: 01HD00WYSQHXQ57MGJPZ970WH0-lhr
last-modified: Mon, 16 Oct 2023 21:16:22 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2BQZRT6TlhiVax7BRIKPFdx3Z8Y3S6nZIc3chNtTXyub2tiTUDOQLDf4pjV7SDEs0lKAnD1IKd0p%2BgSeACXRhG4zj%2BX73JoYMhrotFNvxxM%2FqcZjmciCtAttIv5Dj4L4FMVPs18swnEvFSc4tA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400, s-maxage=86400
cf-ray: 817c7531d8bf2502-LHR
expires: Wed, 18 Oct 2023 23:52:52 GMT

GET
H2 200 email-decode.min.js Show response
owasp.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
817 B 34ms
34ms Script
application/javascript 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 23:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 09 Oct 2023 07:45:52 GMT
server: cloudflare
etag: W/"6523afb0-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 817c75318d96dd23-LHR
expires: Thu, 19 Oct 2023 23:52:52 GMT

GET
H2 200 fa-solid-900.woff2
owasp.org/assets/fontawesome/ 74 KB
74 KB 175ms
174ms Font
font/woff2 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/fontawesome/fa-solid-900.woff2

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://owasp.org/www--site-theme/assets/css/styles.css
Origin: https://owasp.org
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 588aaac8314c08c5406d121cd21c1107b9f9ac61
date: Tue, 17 Oct 2023 23:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Tue, 17 Oct 2023 22:36:13 GMT
content-length: 75440
x-served-by: cache-lcy-eglc8600066-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:53 GMT
server: cloudflare
x-github-request-id: 6FE8:11957:12F4917:132E537:652EA63C
x-timer: S1697556029.822450,VS0,VE121
etag: "652ea529-126b0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c75319d9add23-LHR
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 ubuntu-regular.woff2
owasp.org/assets/font/ 29 KB
31 KB 173ms
173ms Font
font/woff2 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/font/ubuntu-regular.woff2

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44beeee5122983409ccd274c152f020a953c769cfaf3bd13a31eb276abf5ec55

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://owasp.org/www--site-theme/assets/css/styles.css
Origin: https://owasp.org
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: d88fdc5db565cdfbb302ababcb8526dfc71d3ed8
date: Tue, 17 Oct 2023 23:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Tue, 17 Oct 2023 22:36:13 GMT
content-length: 29476
x-served-by: cache-lcy-eglc8600071-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:53 GMT
server: cloudflare
x-github-request-id: 77EC:5906:2C1687:2C8A9C:652EA63C
x-timer: S1697556029.819360,VS0,VE114
etag: "652ea529-7324"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c75319d9bdd23-LHR
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 ubuntu-medium.woff2
owasp.org/assets/font/ 28 KB
28 KB 165ms
165ms Font
font/woff2 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/font/ubuntu-medium.woff2

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8565a2bb056746aea663c4d9a0a4a85e431f07bb9d70533c6f025e44948fa458

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://owasp.org/www--site-theme/assets/css/styles.css
Origin: https://owasp.org
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: d5b8e7b6d7e352eda22058c628a89aedd44693fb
date: Tue, 17 Oct 2023 23:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Tue, 17 Oct 2023 22:36:13 GMT
content-length: 28576
x-served-by: cache-lcy-eglc8600068-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:53 GMT
server: cloudflare
x-github-request-id: 386C:309C:134D0AE:1386F23:652EA63C
x-timer: S1697556029.940826,VS0,VE123
etag: "652ea529-6fa0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c7531cdc6dd23-LHR
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 fa-brands-400.woff2
owasp.org/assets/fontawesome/ 73 KB
73 KB 56ms
56ms Font
font/woff2 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/fontawesome/fa-brands-400.woff2

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f49b8706547682e2c5ed6642a2f2dcbd287da458314b967c60d774aa7edb473

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://owasp.org/www--site-theme/assets/css/styles.css
Origin: https://owasp.org
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 2a0792527700578ff6e6cea1804a80fb1ce1377b
date: Tue, 17 Oct 2023 23:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: HIT
expires: Tue, 17 Oct 2023 22:36:13 GMT
content-length: 74508
x-served-by: cache-lcy-eglc8600052-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:53 GMT
server: cloudflare
x-github-request-id: DF5C:E278:12B958E:12F41FB:652EA64A
x-timer: S1697556187.257463,VS0,VE6
etag: "652ea529-1230c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c7531cdc7dd23-LHR
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 banner-data.yml Show response
owasp.org/www-project-proactive-controls/assets/sitedata/ 734 B
2 KB 164ms
164ms XHR
text/yaml 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www-project-proactive-controls/assets/sitedata/banner-data.yml

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ff87211a6a1e788fdea117ba81b8676bd41189423ebde72ed7fe19447acdf5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 0f1f6a882b6b9cb39c70ce9b27b869a8db2ea9d7
date: Tue, 17 Oct 2023 23:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 0
x-cache: HIT
expires: Tue, 17 Oct 2023 23:57:39 GMT
x-cache-hits: 0
x-served-by: cache-lcy-eglc8600066-LCY
referrer-policy: same-origin
last-modified: Fri, 25 Aug 2023 14:08:46 GMT
server: cloudflare
x-github-request-id: EF36:3A5F:3D111:3E12F:652F1D1B
x-timer: S1697586773.795334,VS0,VE105
etag: W/"64e8b5ee-2de"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/yaml
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: geolocation=(self)
cf-ray: 817c7531ddcbdd23-LHR
x-proxy-cache: MISS

GET
H2 200 popup-data.yml Show response
owasp.org/www-project-proactive-controls/assets/sitedata/ 1 KB
2 KB 158ms
158ms XHR
text/yaml 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www-project-proactive-controls/assets/sitedata/popup-data.yml

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef6559103903953e244a5ffee1101b36faff6d5bd378d44a4514944b643434de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 36e4ad64345bf8a289664a6be41c6d3098015e37
date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 0
x-cache: HIT
expires: Tue, 17 Oct 2023 23:57:39 GMT
x-cache-hits: 1
x-served-by: cache-lcy-eglc8600039-LCY
referrer-policy: same-origin
last-modified: Fri, 25 Aug 2023 14:08:46 GMT
server: cloudflare
x-github-request-id: AE82:3A5F:3D151:3E15B:652F1D1B
x-timer: S1697586773.969386,VS0,VE105
etag: W/"64e8b5ee-539"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/yaml
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: geolocation=(self)
cf-ray: 817c7532eecedd23-LHR
x-proxy-cache: MISS

GET
H2 200 menus.json Show response
owasp.org/www--site-theme/assets/sitedata/ 6 KB
2 KB 51ms
51ms XHR
application/json 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/sitedata/menus.json

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/jquery-3.4.1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b50cb3ee0bc285344927486e9494b9c032502d1093568e5eb3497aae8fbc5972

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://owasp.org/www-project-proactive-controls/
X-Requested-With: XMLHttpRequest
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: d632b22df63501aad5f4669390bee11a64bcbc61
date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 430
x-cache: HIT
x-proxy-cache: MISS
expires: Tue, 17 Oct 2023 22:35:31 GMT
x-served-by: cache-lcy-eglc8600037-LCY
referrer-policy: same-origin
last-modified: Thu, 12 Oct 2023 20:58:39 GMT
server: cloudflare
x-github-request-id: 4B80:F67E:C185CA:C396FE:652F09DA
x-timer: S1697586773.132591,VS0,VE1
etag: W/"65285dff-1842"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: geolocation=(self)
cf-ray: 817c7533ff77dd23-LHR
x-cache-hits: 1

GET
H2 200 events.yml Show response
owasp.org/assets/sitedata/ 3 KB
5 KB 60ms
60ms XHR
text/yaml 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/sitedata/events.yml

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa617265caef0f84f08cd160302c2c27568832435836e2dee0ec52e3567f9d17

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 405c9afde839198fb858dfb9b7364ee3fe0f3ab4
date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 104
x-cache: HIT
expires: Tue, 17 Oct 2023 22:34:02 GMT
x-cache-hits: 1
x-served-by: cache-lcy-eglc8600066-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:51 GMT
server: cloudflare
x-github-request-id: C5D0:9445:1B645B0:1BB46C8:652F09DB
x-timer: S1697586773.143199,VS0,VE1
etag: W/"652ea527-b8a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/yaml
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: geolocation=(self)
cf-ray: 817c7533ff7add23-LHR
x-origin-cache: HIT
x-proxy-cache: HIT

GET
H2 200 corp_members.yml Show response
owasp.org/assets/sitedata/ 121 KB
122 KB 176ms
176ms XHR
text/yaml 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/sitedata/corp_members.yml

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f31727e48cccfd32eda6d3a18beefef2c39d36f328b9182aec6e7aa2eb67c7a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 5dc4bc52e26a72edee290e078ec6d98a09b5e014
date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 0
x-cache: HIT
expires: Tue, 17 Oct 2023 22:35:31 GMT
x-cache-hits: 1
x-served-by: cache-lcy-eglc8600035-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:51 GMT
server: cloudflare
x-github-request-id: 459C:B688:1B455E2:1B95636:652F09DB
x-timer: S1697586773.206479,VS0,VE116
etag: W/"652ea527-1e577"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/yaml
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: geolocation=(self)
cf-ray: 817c75346fb0dd23-LHR
x-origin-cache: HIT
x-proxy-cache: MISS

GET
H2 200 qualys.png
owasp.org/assets/images/corp-member-logo/ 18 KB
18 KB 182ms
180ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/qualys.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b99660d51cd8a2850bf72971ae1547abc4a30991c6d50d0eeee18631b47fbc87

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 11b91ed7ecdad3523445a2c3970be491fbd3aa63
date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Tue, 17 Oct 2023 22:35:32 GMT
content-length: 17920
x-served-by: cache-lcy-eglc8600052-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:51 GMT
server: cloudflare
x-github-request-id: 2352:CCB7:12E93D6:132423B:652EA6DB
x-timer: S1697556188.873800,VS0,VE119
etag: "652ea527-4600"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c7535a8f2dd23-LHR
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 Datadog_logo.png
owasp.org/assets/images/corp-member-logo/ 17 KB
19 KB 168ms
166ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/Datadog_logo.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c4128ffe5e532cd9499d95a156894753335ba3277b71e99b0c7863ef221173c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 5bf8a2cc2b1b9b49f56a4cbc952906d557e3034d
date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: HIT
expires: Tue, 17 Oct 2023 22:43:12 GMT
content-length: 17558
x-served-by: cache-lcy-eglc8600073-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:51 GMT
server: cloudflare
x-github-request-id: 8834:CCB7:12E17CB:131C4E1:652EA685
x-timer: S1697556559.538290,VS0,VE1
etag: "652ea527-4496"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c7535a8f4dd23-LHR
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 Backslash-logo.png
owasp.org/assets/images/corp-member-logo/ 6 KB
6 KB 61ms
59ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/Backslash-logo.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c2fbf87029bd0ef0f1040027dcf7d19c9a425f93a584f9cadb55e1c077af7d1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 7cc5875f061dccc4f342af75362fb19c49d53f85
date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: HIT
expires: Tue, 17 Oct 2023 22:49:05 GMT
content-length: 6352
x-served-by: cache-lcy-eglc8600074-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:51 GMT
server: cloudflare
x-github-request-id: DF64:B5F9:1344C93:137FB54:652EA64B
x-timer: S1697556926.480432,VS0,VE6
etag: "652ea527-18d0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c7535a8f7dd23-LHR
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 detectify.png
owasp.org/assets/images/corp-member-logo/ 5 KB
5 KB 186ms
185ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/detectify.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c1fbeb0a04865111678b1dbf25f433cf33bd4a7c188e06c3831177815f95819

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 3b4572d3c0f094ae0199d6b36fc61aa32c9a6757
date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: HIT
expires: Wed, 18 Oct 2023 00:02:53 GMT
content-length: 4861
x-served-by: cache-lcy-eglc8600033-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:51 GMT
server: cloudflare
x-github-request-id: E038:E278:12BECE3:12F9A49:652EA687
x-timer: S1697556619.737497,VS0,VE3
etag: "652ea527-12fd"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c7535a8f8dd23-LHR
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 thoughtworks.png
owasp.org/assets/images/corp-member-logo/ 10 KB
11 KB 173ms
171ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/thoughtworks.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3ba8639cac126f88d3aa559b4636b9b9e2d277058c5da9cda5700c6283454e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 0d8303c8e39c4a8ed1a92e2679c320ae364757a3
date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: HIT
expires: Tue, 17 Oct 2023 23:10:55 GMT
content-length: 10642
x-served-by: cache-lcy-eglc8600029-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:51 GMT
server: cloudflare
x-github-request-id: 972C:89FE:4C736:4D617:652ED2D7
x-timer: S1697568287.093042,VS0,VE113
etag: "652ea527-2992"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c7535a8fadd23-LHR
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 SOOS_Logo_Dark.png
owasp.org/assets/images/corp-member-logo/ 13 KB
15 KB 66ms
65ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/SOOS_Logo_Dark.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28967e81853c09e1496e20199d4f3cbb51224bd3d1081338d91c19e4777d490b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 1188f6fcb73fe20d8a1ec5e6b6195e7ff8383cfd
date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: HIT
expires: Tue, 17 Oct 2023 22:36:14 GMT
content-length: 13673
x-served-by: cache-lcy-eglc8600039-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:51 GMT
server: cloudflare
x-github-request-id: C766:9EC9:12FA6BD:1335504:652EA66C
x-timer: S1697556619.732297,VS0,VE1
etag: "652ea527-3569"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c7535a8fbdd23-LHR
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 SecurityFirstLogo.png
owasp.org/assets/images/corp-member-logo/ 8 KB
8 KB 161ms
160ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/SecurityFirstLogo.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2da11c6216be6fdd1cb05a9099e69b73a28d032758e857a07f88cd94abc1e3f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: d5478c00736b5a2a0b6518c4a99ea6013f17dd92
date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: HIT
expires: Tue, 17 Oct 2023 23:23:14 GMT
content-length: 7857
x-served-by: cache-lcy-eglc8600023-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:51 GMT
server: cloudflare
x-github-request-id: 4196:309C:135CF99:1397087:652EA6E7
x-timer: S1697556781.602907,VS0,VE2
etag: "652ea527-1eb1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c7535a8fcdd23-LHR
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 42Crunch.png
owasp.org/assets/images/corp-member-logo/ 19 KB
19 KB 171ms
170ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/42Crunch.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8ee7b529e1420b2a0a432ecb5001fbc1ab9a2df9f9ef96d2b70fbc14cb7dff2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 6814986b1cc48b3afb4a04f8ee459bf0bc8620c9
date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: HIT
expires: Tue, 17 Oct 2023 22:51:06 GMT
content-length: 19082
x-served-by: cache-lcy-eglc8600052-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:51 GMT
server: cloudflare
x-github-request-id: 63A8:D447:1315AC6:134F8FD:652EA64B
x-timer: S1697556188.668377,VS0,VE114
etag: "652ea527-4a8a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c7535a8fddd23-LHR
x-cache-hits: 1

GET
H2 200 f5_logo.png
owasp.org/assets/images/corp-member-logo/ 23 KB
23 KB 73ms
72ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/f5_logo.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4de6f47161ded07dd11d72dd45306ea1a02e24108dc8c001225b2d934d74351a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 2500f8d05a101e510e49f5abd2f5c5ef207a016b
date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: HIT
expires: Tue, 17 Oct 2023 22:39:31 GMT
content-length: 23303
x-served-by: cache-lcy-eglc8600064-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:51 GMT
server: cloudflare
x-github-request-id: 1FB2:11957:13169C1:1350BB4:652EA7BF
x-timer: S1697557237.795768,VS0,VE2
etag: "652ea527-5b07"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c7535a8fedd23-LHR
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 wallarm.png
owasp.org/assets/images/corp-member-logo/ 2 KB
4 KB 179ms
178ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/wallarm.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-proactive-controls/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f3437ff8d5b6eb94987fc734a1b193fbad437b323bd754fac21e83cc252b76b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://owasp.org/www-project-proactive-controls/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-fastly-request-id: 4b407ef366521833d112ba7abd6e9c0ba2e1dafe
date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: HIT
expires: Wed, 18 Oct 2023 00:02:53 GMT
content-length: 2309
x-served-by: cache-lcy-eglc8600069-LCY
referrer-policy: same-origin
last-modified: Tue, 17 Oct 2023 15:15:51 GMT
server: cloudflare
x-github-request-id: B5E6:E42E:1324B54:135E0BB:652EA870
x-timer: S1697557139.534938,VS0,VE111
etag: "652ea527-905"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 817c7535a902dd23-LHR
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 www-project-proactive-controls Show response
api.github.com/repos/owasp/ 7 KB
2 KB 360ms
228ms XHR
application/json 140.82.121.5
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://api.github.com/repos/owasp/www-project-proactive-controls

Requested by

Host: buttons.github.io
URL: https://buttons.github.io/buttons.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.5 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-5-fra.github.com

Software

GitHub.com /

Resource Hash

8db06da0e69d9004076c08b01057f505f302110210c88f3007496f570bbac634

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 23:52:53 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'
content-encoding: gzip
x-ratelimit-used: 4
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
content-length: 1411
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Thu, 31 Aug 2023 20:39:01 GMT
server: GitHub.com
x-github-request-id: D772:11148:35FE6C:36AC01:652F1E55
etag: W/"e71384a1964682f7005044248c1623a251ef3240d04ca92af16f40a2d3aaeae0"
vary: Accept, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
cache-control: public, max-age=60, s-maxage=60
x-ratelimit-resource: core
x-ratelimit-reset: 1697589700
x-ratelimit-limit: 60
accept-ranges: bytes
x-ratelimit-remaining: 56

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org https://render.com https://.render.com https://okteto.com https://.okteto.com data: www.w3.org https://.bestpractices.dev https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.github.com
buttons.github.io
img.shields.io
licensebuttons.net
owasp.org
www.google-analytics.com
140.82.121.5
2606:4700:10::6816:b79
2606:4700:10::ac43:a27
2606:4700:3037::6815:2011
2606:50c0:8002::153
2a00:1450:4001:80e::200e
0738580e85e7fdef026f377d497b2791985a1b161bb9b573ed15798e1d91ea48
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0f31727e48cccfd32eda6d3a18beefef2c39d36f328b9182aec6e7aa2eb67c7a
1f3437ff8d5b6eb94987fc734a1b193fbad437b323bd754fac21e83cc252b76b
1f49b8706547682e2c5ed6642a2f2dcbd287da458314b967c60d774aa7edb473
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
28967e81853c09e1496e20199d4f3cbb51224bd3d1081338d91c19e4777d490b
357c0ad66cf329f64d356786a5dd19700f8b4498b283db0922e374e68e544298
44beeee5122983409ccd274c152f020a953c769cfaf3bd13a31eb276abf5ec55
4c4128ffe5e532cd9499d95a156894753335ba3277b71e99b0c7863ef221173c
4de6f47161ded07dd11d72dd45306ea1a02e24108dc8c001225b2d934d74351a
53d3b023092e049484c4e39ce6f50d1b8dd10074795e66da06e1140792a91d9a
7c2fbf87029bd0ef0f1040027dcf7d19c9a425f93a584f9cadb55e1c077af7d1
812f9764472aae35126307dd35703b549f428faa447c7f7da791d4c77baf4b54
8565a2bb056746aea663c4d9a0a4a85e431f07bb9d70533c6f025e44948fa458
8902e5836a324eae0ab281a9be7d62683e025d503ce6778cce6768fb908c1089
8c1fbeb0a04865111678b1dbf25f433cf33bd4a7c188e06c3831177815f95819
8db06da0e69d9004076c08b01057f505f302110210c88f3007496f570bbac634
a299144a551ff036f333bccecbe61e267ac8b81a3eac479de7709e8d476a9eef
b3ba8639cac126f88d3aa559b4636b9b9e2d277058c5da9cda5700c6283454e4
b50cb3ee0bc285344927486e9494b9c032502d1093568e5eb3497aae8fbc5972
b8ccdf0e45f181fc04f0d202779fff71aa76f27f0428a792e0e6f13fe1d0b085
b99660d51cd8a2850bf72971ae1547abc4a30991c6d50d0eeee18631b47fbc87
bb51822e7fd0689812661d84ef9d41d53b8019e0d07217446cdc4223b62a0dfd
c08e14ab3d42e97ef3a9134a75af83c2fbbc33acca238e4f9371ae58c696aee0
c2da11c6216be6fdd1cb05a9099e69b73a28d032758e857a07f88cd94abc1e3f
c8ee7b529e1420b2a0a432ecb5001fbc1ab9a2df9f9ef96d2b70fbc14cb7dff2
cbe2121765e2f3e921a42bcb9b0c78635b68cee1dccd1b1ec31089b9382ff514
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e7ff87211a6a1e788fdea117ba81b8676bd41189423ebde72ed7fe19447acdf5
ea313025ebfe6e5677fceab5f9bfa510ec1f4da1312358339f00b0d26f45a447
ef6559103903953e244a5ffee1101b36faff6d5bd378d44a4514944b643434de
f46950820ce4e5032d2519c3b0c2a73f48b64071b5efd95b7f52d3755f69d3ce
fa617265caef0f84f08cd160302c2c27568832435836e2dee0ec52e3567f9d17

owasp.org Open in urlscan Pro 2606:4700:10::ac43:a27 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

35 Requests

100 %HTTPS

83 %IPv6

6 Domains

6 Subdomains

6 IPs

2 Countries

636 kBTransfer

961 kBSize

0 Cookies

63 Outgoing links

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

owasp.org Open in urlscan Pro
2606:4700:10::ac43:a27 Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

100 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

636 kB
Transfer

961 kB
Size

0
Cookies

35 HTTP transactions
0 data transactions