Submitted URL: https://secure2.xmdmed.com/
Effective URL: https://secure.xmdmed.com/
Submission: On January 12 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 208.123.82.3, located in Austin, United States and belongs to DATABANK-ZCOLO, US. The main domain is secure.xmdmed.com.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on September 28th 2023. Valid for: a year.
This is the only time secure.xmdmed.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 208.123.82.4 27325 (DATABANK-...)
7 208.123.82.3 27325 (DATABANK-...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
10 2
Apex Domain
Subdomains
Transfer
8 xmdmed.com
secure2.xmdmed.com
secure.xmdmed.com
216 KB
3 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 811
cloudflareinsights.com — Cisco Umbrella Rank: 794
7 KB
10 2
Domain Requested by
7 secure.xmdmed.com secure.xmdmed.com
2 cloudflareinsights.com static.cloudflareinsights.com
1 static.cloudflareinsights.com secure.xmdmed.com
1 secure2.xmdmed.com 1 redirects
10 4
Subject Issuer Validity Valid
secure.xmdmed.com
GeoTrust TLS RSA CA G1
2023-09-28 -
2024-10-28
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-04-10 -
2024-04-09
a year crt.sh

This page contains 1 frames:

Primary Page: https://secure.xmdmed.com/
Frame ID: E3E1CFB06577797CB57B904F1BF466C8
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

XMD | Employee Portal

Page URL History Show full URLs

  1. https://secure2.xmdmed.com/ HTTP 302
    https://secure.xmdmed.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

4
Subdomains

2
IPs

1
Countries

222 kB
Transfer

404 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://secure2.xmdmed.com/ HTTP 302
    https://secure.xmdmed.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
secure.xmdmed.com/
Redirect Chain
  • https://secure2.xmdmed.com/
  • https://secure.xmdmed.com/
7 KB
5 KB
Document
General
Full URL
https://secure.xmdmed.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.123.82.3 Austin, United States, ASN27325 (DATABANK-ZCOLO, US),
Reverse DNS
net208-123-82-3.static-customer.corenap.com
Software
Apache /
Resource Hash
fcf75d0926f9c15741c68197f20e6d342409b890a84ce4cf8770b6c3540a141d
Security Headers
Name Value
Content-Security-Policy img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
2167
Content-Security-Policy
img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
Content-Type
text/html; charset=UTF-8
Date
Fri, 12 Jan 2024 23:39:29 GMT
Expires
0
Keep-Alive
timeout=5, max=200
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=631138519; includeSubDomains
Vary
Accept-Encoding
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-WebKit-CSP
default-src 'self' data: 'unsafe-inline' blob: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' *.cloudflareinsights.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
max-age=604800, public
Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'self' ; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline';
Content-Type
text/html; charset=UTF-8
Date
Fri, 12 Jan 2024 23:39:29 GMT
Keep-Alive
timeout=5, max=100
Location
https://secure.xmdmed.com/
Server
Apache/2.4.57 (Debian)
Strict-Transport-Security
max-age=631138519; includeSubDomains
X-Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-WebKit-CSP
default-src 'self'
X-XSS-Protection
1; mode=block
bootstrap.min.css
secure.xmdmed.com/bootstrap/css/
120 KB
22 KB
Stylesheet
General
Full URL
https://secure.xmdmed.com/bootstrap/css/bootstrap.min.css
Requested by
Host: secure.xmdmed.com
URL: https://secure.xmdmed.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.123.82.3 Austin, United States, ASN27325 (DATABANK-ZCOLO, US),
Reverse DNS
net208-123-82-3.static-customer.corenap.com
Software
Apache /
Resource Hash
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
Security Headers
Name Value
Content-Security-Policy img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.xmdmed.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

X-Content-Security-Policy
default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
Date
Fri, 12 Jan 2024 23:39:29 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
Strict-Transport-Security
max-age=631138519; includeSubDomains
Connection
Keep-Alive
Content-Length
19883
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Sat, 04 Nov 2017 01:46:22 GMT
Server
Apache
ETag
"1deac-55d1e6372083b-gzip"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Cache-Control
no-cache, no-store, must-revalidate
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=199
X-WebKit-CSP
default-src 'self' data: 'unsafe-inline' blob: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' *.cloudflareinsights.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
Expires
0
ie-emulation-modes-warning.js
secure.xmdmed.com/bootstrap/js/
2 KB
4 KB
Script
General
Full URL
https://secure.xmdmed.com/bootstrap/js/ie-emulation-modes-warning.js
Requested by
Host: secure.xmdmed.com
URL: https://secure.xmdmed.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.123.82.3 Austin, United States, ASN27325 (DATABANK-ZCOLO, US),
Reverse DNS
net208-123-82-3.static-customer.corenap.com
Software
Apache /
Resource Hash
6d7c9f6ece6c8ae31d4ac7728f3db3813364d31b8e2ca8ee816bc57d20d46aea
Security Headers
Name Value
Content-Security-Policy img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.xmdmed.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

X-Content-Security-Policy
default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
Date
Fri, 12 Jan 2024 23:39:29 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
Strict-Transport-Security
max-age=631138519; includeSubDomains
Connection
Keep-Alive
Content-Length
1042
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Sat, 04 Nov 2017 01:46:22 GMT
Server
Apache
ETag
"852-55d1e637217db-gzip"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/javascript
Cache-Control
no-cache, no-store, must-revalidate
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=200
X-WebKit-CSP
default-src 'self' data: 'unsafe-inline' blob: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' *.cloudflareinsights.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
Expires
0
XMDLogo_2020.png
secure.xmdmed.com/img/
116 KB
119 KB
Image
General
Full URL
https://secure.xmdmed.com/img/XMDLogo_2020.png
Requested by
Host: secure.xmdmed.com
URL: https://secure.xmdmed.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.123.82.3 Austin, United States, ASN27325 (DATABANK-ZCOLO, US),
Reverse DNS
net208-123-82-3.static-customer.corenap.com
Software
Apache /
Resource Hash
bb7ca6cda7f3446c319a4221ebba3b2b3a4ca8e68d358026c283c5d3292af647
Security Headers
Name Value
Content-Security-Policy img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.xmdmed.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Expires
0
Date
Fri, 12 Jan 2024 23:39:30 GMT
Content-Security-Policy
img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=631138519; includeSubDomains
Connection
Keep-Alive
Content-Length
119059
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Sun, 18 Jun 2023 13:35:35 GMT
Server
Apache
ETag
"1d113-5fe677e28e19d"
X-Frame-Options
DENY
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=199
X-WebKit-CSP
default-src 'self' data: 'unsafe-inline' blob: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' *.cloudflareinsights.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
jquery-3.4.1.min.js
secure.xmdmed.com/js/
86 KB
33 KB
Script
General
Full URL
https://secure.xmdmed.com/js/jquery-3.4.1.min.js
Requested by
Host: secure.xmdmed.com
URL: https://secure.xmdmed.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.123.82.3 Austin, United States, ASN27325 (DATABANK-ZCOLO, US),
Reverse DNS
net208-123-82-3.static-customer.corenap.com
Software
Apache /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
Content-Security-Policy img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.xmdmed.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

X-Content-Security-Policy
default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
Date
Fri, 12 Jan 2024 23:39:29 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
Strict-Transport-Security
max-age=631138519; includeSubDomains
Connection
Keep-Alive
Content-Length
30677
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Sat, 08 Feb 2020 20:47:38 GMT
Server
Apache
ETag
"15851-59e169dd8f46f-gzip"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/javascript
Cache-Control
no-cache, no-store, must-revalidate
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=200
X-WebKit-CSP
default-src 'self' data: 'unsafe-inline' blob: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' *.cloudflareinsights.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
Expires
0
bootstrap.min.js
secure.xmdmed.com/bootstrap/js/
36 KB
12 KB
Script
General
Full URL
https://secure.xmdmed.com/bootstrap/js/bootstrap.min.js
Requested by
Host: secure.xmdmed.com
URL: https://secure.xmdmed.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.123.82.3 Austin, United States, ASN27325 (DATABANK-ZCOLO, US),
Reverse DNS
net208-123-82-3.static-customer.corenap.com
Software
Apache /
Resource Hash
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327
Security Headers
Name Value
Content-Security-Policy img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.xmdmed.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

X-Content-Security-Policy
default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
Date
Fri, 12 Jan 2024 23:39:29 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
Strict-Transport-Security
max-age=631138519; includeSubDomains
Connection
Keep-Alive
Content-Length
9745
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Sat, 04 Nov 2017 01:46:22 GMT
Server
Apache
ETag
"8fd0-55d1e637217db-gzip"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/javascript
Cache-Control
no-cache, no-store, must-revalidate
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=200
X-WebKit-CSP
default-src 'self' data: 'unsafe-inline' blob: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' *.cloudflareinsights.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
Expires
0
beacon.min.js
static.cloudflareinsights.com/
20 KB
7 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js
Requested by
Host: secure.xmdmed.com
URL: https://secure.xmdmed.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.xmdmed.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 23:39:30 GMT
content-encoding
gzip
last-modified
Tue, 10 Oct 2023 21:38:13 GMT
server
cloudflare
etag
W/"2023.10.0"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
84493d39086b3611-FRA
glyphicons-halflings-regular.woff2
secure.xmdmed.com/bootstrap/fonts/
18 KB
20 KB
Font
General
Full URL
https://secure.xmdmed.com/bootstrap/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: secure.xmdmed.com
URL: https://secure.xmdmed.com/bootstrap/css/bootstrap.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.123.82.3 Austin, United States, ASN27325 (DATABANK-ZCOLO, US),
Reverse DNS
net208-123-82-3.static-customer.corenap.com
Software
Apache /
Resource Hash
7882b1fe56ec16311aed154afc1578601c4fad824da307100cbd641b35bec919
Security Headers
Name Value
Content-Security-Policy img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secure.xmdmed.com/bootstrap/css/bootstrap.min.css
Origin
https://secure.xmdmed.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Expires
0
Date
Fri, 12 Jan 2024 23:39:30 GMT
Content-Security-Policy
img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=631138519; includeSubDomains
Connection
Keep-Alive
Content-Length
18028
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Sat, 04 Nov 2017 01:46:22 GMT
Server
Apache
ETag
"466c-55d1e637217db"
X-Frame-Options
DENY
Cache-Control
no-cache, no-store, must-revalidate
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=198
X-WebKit-CSP
default-src 'self' data: 'unsafe-inline' blob: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' *.cloudflareinsights.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
rum
cloudflareinsights.com/cdn-cgi/
0
0
Preflight
General
Full URL
https://cloudflareinsights.com/cdn-cgi/rum
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://secure.xmdmed.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://secure.xmdmed.com
access-control-max-age
86400
cf-ray
84493d3c5d24929f-FRA
content-encoding
gzip
content-type
text/plain
date
Fri, 12 Jan 2024 23:39:30 GMT
server
cloudflare
vary
Origin
x-content-type-options
nosniff
x-frame-options
DENY
rum
cloudflareinsights.com/cdn-cgi/
0
37 B
XHR
General
Full URL
https://cloudflareinsights.com/cdn-cgi/rum
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://secure.xmdmed.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
content-type
application/json

Response headers

date
Fri, 12 Jan 2024 23:39:30 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://secure.xmdmed.com
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
84493d3c6d2e929f-FRA

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| validateForm function| $ function| jQuery object| __cfBeacon

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy img-src 'self' https://*.formsite.com https://chart.apis.google.com https://assets.grammarly.com https://xmd-images.s3.amazonaws.com https://s3-external-1.amazonaws.com https://media.twiliocdn.com https://api.twilio.com https://*.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://*.zendesk.com https://static.zdassets.com https://*.xmdmed.com blob: https://*.xmdmed.com/ https://media.smooch.io 'unsafe-inline' https://maps.google.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.cloudflareinsights.com https://maps.googleapis.com https://developers.google.com https://maps.google.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://unpkg.com https://*.grammarly.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self' blob: https://s3.amazonaws.com https://*.xmdmed.com; font-src 'self' https://*.gstatic.com https: data:; connect-src 'self' https://cloudflareinsights.com https://*.grammarly.com https://*.grammarly.io https://xmdpbx002.3cx.us:5001 https://xmdpbx001.3cx.us:5001 https://*.zdassets.com https://*.zendesk.com https://api.smooch.io https://*.xmdmed.com https wss: https://ecs.us1.twilio.com; default-src 'self' https://*.xmdmed.com blob: 'unsafe-inline' https://www.google.com https://s3.amazonaws.com;
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' blob: data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s3.amazonaws.com https://*.xmdmed.com; script-src 'unsafe-inline' 'self' https://xmdpbx002.3cx.us:5001 *.cloudflareinsights.com https://xmdpbx001.3cx.us:5001 https://*.googleapis.com https://www.google.com https://*.gstatic.com; font-src 'self' https://*.gstatic.com
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block