Submitted URL: https://blablacar.order6611.info/
Effective URL: https://www.blablacar.com/
Submission: On June 20 via api from US — Scanned from NL

Summary

This website contacted 1 IPs in 1 countries across 3 domains to perform 13 HTTP transactions. The main IP is 34.160.222.75, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.blablacar.com.
TLS certificate: Issued by R11 on June 10th 2024. Valid for: 3 months.
This is the only time www.blablacar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 15 34.160.222.75 396982 (GOOGLE-CL...)
13 1
Apex Domain
Subdomains
Transfer
13 blablacar.com
www.blablacar.com
180 KB
2 blablacar.co.uk
blablacar.co.uk
www.blablacar.co.uk
679 B
1 order6611.info
blablacar.order6611.info
551 B
13 3
Domain Requested by
13 www.blablacar.com 1 redirects www.blablacar.com
1 www.blablacar.co.uk
1 blablacar.co.uk 1 redirects
1 blablacar.order6611.info 1 redirects
13 4
Subject Issuer Validity Valid
blablacar.com
R11
2024-06-10 -
2024-09-08
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.blablacar.com/
Frame ID: 905A0C2ED7465018362AD15EE009F121
Requests: 13 HTTP requests in this frame

Screenshot

Page Title

BlaBlaCar

Page URL History Show full URLs

  1. https://blablacar.order6611.info/ HTTP 302
    https://www.blablacar.com/ Page URL

Page Statistics

13
Requests

92 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

1
IPs

1
Countries

180 kB
Transfer

430 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://blablacar.order6611.info/ HTTP 302
    https://www.blablacar.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://www.blablacar.com/favicon.ico HTTP 302
  • https://blablacar.co.uk/favicon.ico HTTP 301
  • https://www.blablacar.co.uk/favicon.ico

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.blablacar.com/
Redirect Chain
  • https://blablacar.order6611.info/
  • https://www.blablacar.com/
21 KB
5 KB
Document
General
Full URL
https://www.blablacar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.222.75 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
75.222.160.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
27bc948df7a9882d3dbcf21670bfd426502efff95e7e5d716b7db5e0bab47b81
Security Headers
Name Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
age
1880
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600, immutable
content-encoding
gzip
content-length
4243
content-security-policy
frame-ancestors none
content-type
text/html
date
Wed, 19 Jun 2024 23:29:11 GMT
last-modified
Thu, 02 May 2024 07:27:02 GMT
permissions-policy
geolocation=(), microphone=(), camera=()
referrer-policy
no-referrer
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
2
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
89677aa12cf11cce-AMS
content-type
text/html; charset=UTF-8
date
Thu, 20 Jun 2024 00:00:31 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://www.blablacar.com/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ipVcEe7UFIZAiPJlCLsAThVsbzQ3ZteGrvGX7D6e2kjPNeuK5DxHYzvItOOt2vdbnHxi4ULlCLSc7QhOztNhF0oX61j77L2I8CTSVmOn2LMXg56zrVmIr1NP68gRhgKYDsswUPxPy76nMBWiOO%2FjDZbqD9Ul%2F2A%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
f78c879f46593d54-s.p.woff2
www.blablacar.com/_next/static/media/
56 KB
56 KB
Font
General
Full URL
https://www.blablacar.com/_next/static/media/f78c879f46593d54-s.p.woff2
Requested by
Host: www.blablacar.com
URL: https://www.blablacar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.222.75 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
75.222.160.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
60e3e5dbcadfd59d69e7dc88ae0bcca8e419b7f637240a288c94d82ee2567eaf
Security Headers
Name Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://www.blablacar.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors none
x-content-type-options
nosniff
date
Fri, 31 May 2024 17:22:14 GMT
via
1.1 google
age
1665497
x-dns-prefetch-control
off
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57388
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 02 May 2024 07:27:02 GMT
server
istio-envoy
etag
"66334046-e02c"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
public, max-age=31536000, immutable
permissions-policy
geolocation=(), microphone=(), camera=()
accept-ranges
bytes
b55371ca8243f777.css
www.blablacar.com/_next/static/css/
12 KB
3 KB
Stylesheet
General
Full URL
https://www.blablacar.com/_next/static/css/b55371ca8243f777.css
Requested by
Host: www.blablacar.com
URL: https://www.blablacar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.222.75 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
75.222.160.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
6b09f5dcfdf02d28717c7313f7ada0361188721a30675ae8991ec75c12ff683a
Security Headers
Name Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors none
x-content-type-options
nosniff
date
Sat, 01 Jun 2024 04:59:39 GMT
content-encoding
gzip
via
1.1 google
age
1623652
x-dns-prefetch-control
off
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2909
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 02 May 2024 07:27:02 GMT
server
istio-envoy
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000, immutable
permissions-policy
geolocation=(), microphone=(), camera=()
accept-ranges
bytes
webpack-0382f5793ca24c0c.js
www.blablacar.com/_next/static/chunks/
3 KB
2 KB
Script
General
Full URL
https://www.blablacar.com/_next/static/chunks/webpack-0382f5793ca24c0c.js
Requested by
Host: www.blablacar.com
URL: https://www.blablacar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.222.75 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
75.222.160.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
63b11280db9e417b36f1bf25f5cb713286ccfe87c310b67ec4798ddacba0c674
Security Headers
Name Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors none
x-content-type-options
nosniff
date
Tue, 04 Jun 2024 22:17:17 GMT
content-encoding
gzip
via
1.1 google
age
1302194
x-dns-prefetch-control
off
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1669
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 02 May 2024 07:27:02 GMT
server
istio-envoy
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000, immutable
permissions-policy
geolocation=(), microphone=(), camera=()
accept-ranges
bytes
2b56d4bd-8ce43bf14d89c7e1.js
www.blablacar.com/_next/static/chunks/
169 KB
59 KB
Script
General
Full URL
https://www.blablacar.com/_next/static/chunks/2b56d4bd-8ce43bf14d89c7e1.js
Requested by
Host: www.blablacar.com
URL: https://www.blablacar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.222.75 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
75.222.160.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
3f4d9bbf2ba433ab7f799b8bf5865c7a9ad8121e6b9937dd530b427ec9e5cd68
Security Headers
Name Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors none
x-content-type-options
nosniff
date
Sat, 01 Jun 2024 05:33:09 GMT
content-encoding
gzip
via
1.1 google
age
1621642
x-dns-prefetch-control
off
x-envoy-upstream-service-time
79
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
60510
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 02 May 2024 07:27:02 GMT
server
istio-envoy
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000, immutable
permissions-policy
geolocation=(), microphone=(), camera=()
accept-ranges
bytes
132-456245cf3b93e1c9.js
www.blablacar.com/_next/static/chunks/
140 KB
43 KB
Script
General
Full URL
https://www.blablacar.com/_next/static/chunks/132-456245cf3b93e1c9.js
Requested by
Host: www.blablacar.com
URL: https://www.blablacar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.222.75 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
75.222.160.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
4d934f0cdee094e9d77e5f5dee24c842004bb83e57f15ee602eccba2a38ddc74
Security Headers
Name Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors none
x-content-type-options
nosniff
date
Sat, 01 Jun 2024 08:11:38 GMT
content-encoding
gzip
via
1.1 google
age
1612133
x-dns-prefetch-control
off
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44162
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 02 May 2024 07:27:02 GMT
server
istio-envoy
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000, immutable
permissions-policy
geolocation=(), microphone=(), camera=()
accept-ranges
bytes
main-app-3f7f841bd328d096.js
www.blablacar.com/_next/static/chunks/
462 B
298 B
Script
General
Full URL
https://www.blablacar.com/_next/static/chunks/main-app-3f7f841bd328d096.js
Requested by
Host: www.blablacar.com
URL: https://www.blablacar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.222.75 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
75.222.160.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
7235f7e81ff8380e8ca19c8ed205098cd2e59eb97fb078841029ddb881996432
Security Headers
Name Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors none
x-content-type-options
nosniff
date
Sat, 01 Jun 2024 04:52:58 GMT
content-encoding
gzip
via
1.1 google
age
1624053
x-dns-prefetch-control
off
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
224
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 02 May 2024 07:27:02 GMT
server
istio-envoy
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000, immutable
permissions-policy
geolocation=(), microphone=(), camera=()
accept-ranges
bytes
365-3bd9be527811464c.js
www.blablacar.com/_next/static/chunks/
14 KB
6 KB
Script
General
Full URL
https://www.blablacar.com/_next/static/chunks/365-3bd9be527811464c.js
Requested by
Host: www.blablacar.com
URL: https://www.blablacar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.222.75 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
75.222.160.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
b08a134f485089d388d81bc45971b20bb494cc2a566d7fbcab7d887605897eda
Security Headers
Name Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors none
x-content-type-options
nosniff
date
Sat, 01 Jun 2024 05:33:09 GMT
content-encoding
gzip
via
1.1 google
age
1621642
x-dns-prefetch-control
off
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6094
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 02 May 2024 07:27:02 GMT
server
istio-envoy
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000, immutable
permissions-policy
geolocation=(), microphone=(), camera=()
accept-ranges
bytes
page-dfa85922d8bbfd4b.js
www.blablacar.com/_next/static/chunks/app/
780 B
429 B
Script
General
Full URL
https://www.blablacar.com/_next/static/chunks/app/page-dfa85922d8bbfd4b.js
Requested by
Host: www.blablacar.com
URL: https://www.blablacar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.222.75 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
75.222.160.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
3f1d157623aec9db0a141489e0f02060d51bd6451f023b9c2a730bdeddb6a59d
Security Headers
Name Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors none
x-content-type-options
nosniff
date
Tue, 04 Jun 2024 20:44:04 GMT
content-encoding
gzip
via
1.1 google
age
1307787
x-dns-prefetch-control
off
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
354
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 02 May 2024 07:27:02 GMT
server
istio-envoy
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000, immutable
permissions-policy
geolocation=(), microphone=(), camera=()
accept-ranges
bytes
layout-0b1e9a75d4fcdbf5.js
www.blablacar.com/_next/static/chunks/app/
6 KB
2 KB
Script
General
Full URL
https://www.blablacar.com/_next/static/chunks/app/layout-0b1e9a75d4fcdbf5.js
Requested by
Host: www.blablacar.com
URL: https://www.blablacar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.222.75 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
75.222.160.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
559bd01a31f2586c4a978e0918ebc5bd02fc02d57144766c88baecb2c78f8eb5
Security Headers
Name Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors none
x-content-type-options
nosniff
date
Tue, 04 Jun 2024 22:17:17 GMT
content-encoding
gzip
via
1.1 google
age
1302194
x-dns-prefetch-control
off
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2281
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 02 May 2024 07:27:02 GMT
server
istio-envoy
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000, immutable
permissions-policy
geolocation=(), microphone=(), camera=()
accept-ranges
bytes
blablacar.3b8f7698.svg
www.blablacar.com/_next/static/media/
7 KB
3 KB
Image
General
Full URL
https://www.blablacar.com/_next/static/media/blablacar.3b8f7698.svg
Requested by
Host: www.blablacar.com
URL: https://www.blablacar.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.222.75 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
75.222.160.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
7d39427cbd28ffab6ef921f59ae90c20d302a7c2539f6aadfd367f5cd896cdab
Security Headers
Name Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors none
x-content-type-options
nosniff
date
Fri, 14 Jun 2024 17:40:49 GMT
content-encoding
gzip
via
1.1 google
age
454782
x-dns-prefetch-control
off
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2706
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 02 May 2024 07:27:02 GMT
server
istio-envoy
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=31536000, immutable
permissions-policy
geolocation=(), microphone=(), camera=()
accept-ranges
bytes
chevronRight.c2391f66.svg
www.blablacar.com/_next/static/media/
487 B
310 B
Image
General
Full URL
https://www.blablacar.com/_next/static/media/chevronRight.c2391f66.svg
Requested by
Host: www.blablacar.com
URL: https://www.blablacar.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.222.75 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
75.222.160.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
eecdd925c0be91e3d42eb0df18d9526f3566c27c27038620b94c630c4627a968
Security Headers
Name Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors none
x-content-type-options
nosniff
date
Sat, 25 May 2024 21:14:20 GMT
content-encoding
gzip
via
1.1 google
age
2169971
x-dns-prefetch-control
off
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
280
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 02 May 2024 07:27:02 GMT
server
istio-envoy
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=31536000, immutable
permissions-policy
geolocation=(), microphone=(), camera=()
accept-ranges
bytes
favicon.ico
www.blablacar.co.uk/
Redirect Chain
  • https://www.blablacar.com/favicon.ico
  • https://blablacar.co.uk/favicon.ico
  • https://www.blablacar.co.uk/favicon.ico
440 B
543 B
Other
General
Full URL
https://www.blablacar.co.uk/favicon.ico
Protocol
H2
Server
34.160.222.75 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
75.222.160.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
5ec4f5f264c9e36397442b8739bb79b83104df0b75f8e3cc5386d33ce59a7850

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 20 Jun 2024 00:00:31 GMT
via
1.1 google
last-modified
Wed, 19 Jun 2024 15:56:09 GMT
server
istio-envoy
etag
"6672ff99-1b8"
content-type
image/x-icon
x-envoy-upstream-service-time
2
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
440

Redirect headers

content-security-policy
frame-ancestors none
strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer
x-content-type-options
nosniff
via
1.1 google
server
istio-envoy
date
Thu, 20 Jun 2024 00:00:31 GMT
x-download-options
noopen
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
location
https://www.blablacar.co.uk/favicon.ico
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| __next_f object| webpackChunk_N_E undefined| _N_E object| next

1 Cookies

Domain/Path Name / Value
blablacar.order6611.info/ Name: PHPSESSID
Value: 6vno3t687l4gf8rlb18tfu2je3

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block