my.castandcrew.com Open in urlscan Pro
2600:9000:223e:a400:4:b29d:8b80:93a1  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Page URL
2. https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

33 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	41e755018ced84d671ba78cf5fa41a79 Show response studioplus.castandcrew.com/file/	3 KB 3 KB	638ms 577ms	Document text/html	2600:9000:2490:9c00:1c:351e:ae40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:9c00:1c:351e:ae40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 7683e0edb7cb76fca8450a59ad85b158f0b251726a78b061c38ecaf13a80e26e Security Headers Name Value Content-Security-Policy style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self'; Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes cache-control public, max-age=0 content-length 2688 content-security-policy style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self'; content-type text/html; charset=UTF-8 date Sat, 09 Mar 2024 04:20:43 GMT etag W/"a80-18e1ca86208" last-modified Fri, 08 Mar 2024 06:03:01 GMT referrer-policy no-referrer strict-transport-security max-age=15552000; includeSubDomains via 1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront) x-amz-cf-id 5lokqD7pQztCcgwA-6nvxbXv-WmFlNP6k0cPN0RyoRFoyhEhSNJD-g== x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront x-content-type-options nosniff x-dns-prefetch-control off x-download-options noopen x-frame-options SAMEORIGIN x-xss-protection 1; mode=block
GET H2	200	icon fonts.googleapis.com/	569 B 775 B	123ms 45ms	Stylesheet text/css	2a00:1450:4001:82b::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/icon?family=Material+Icons Requested by Host: studioplus.castandcrew.com URL: https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 452410fef223a412e5608205fc069ecc35a4d919b413b3422a714a17ebfd0651 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Sat, 09 Mar 2024 04:20:43 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sat, 09 Mar 2024 04:20:43 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sat, 09 Mar 2024 04:20:43 GMT
GET H2	200	custom-events.js Show response studioplus.castandcrew.com/js/	1 KB 1 KB	17ms 16ms	Script application/javascript	2600:9000:2490:9c00:1c:351e:ae40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://studioplus.castandcrew.com/js/custom-events.js Requested by Host: studioplus.castandcrew.com URL: https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:9c00:1c:351e:ae40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash f1116e51857d160bfdc2825a4f7ea77384a48679ebb0d51c3a5aaf973752577c Security Headers Name Value Content-Security-Policy style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self'; Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers strict-transport-security max-age=15552000; includeSubDomains content-security-policy style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self'; x-content-type-options nosniff date Fri, 08 Mar 2024 21:04:47 GMT content-encoding gzip via 1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 age 26156 x-dns-prefetch-control off x-cache Hit from cloudfront x-xss-protection 1; mode=block referrer-policy no-referrer last-modified Fri, 08 Mar 2024 06:03:01 GMT etag W/"5f6-18e1ca86208" x-download-options noopen x-frame-options SAMEORIGIN vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=0 x-amz-cf-id EoJgVynnSsXsRqoTpGpXC4efZHVE5GiNZ2L21js8gO_dE9YdGPbWBQ==
GET H2	200	chunk-vendors.5eb1eba4.js Show response studioplus.castandcrew.com/	2 MB 2 MB	586ms 585ms	Script application/javascript	2600:9000:2490:9c00:1c:351e:ae40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://studioplus.castandcrew.com/chunk-vendors.5eb1eba4.js Requested by Host: studioplus.castandcrew.com URL: https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:9c00:1c:351e:ae40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 338bb53110615ccb33d5ca07026bb566b5fe5e530c7a020d7f2c1312640561ea Security Headers Name Value Content-Security-Policy style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self'; Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Origin https://studioplus.castandcrew.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Sat, 09 Mar 2024 04:20:43 GMT strict-transport-security max-age=15552000; includeSubDomains x-content-type-options nosniff content-security-policy style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self'; via 1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-dns-prefetch-control off x-cache Miss from cloudfront content-length 2235249 x-xss-protection 1; mode=block referrer-policy no-referrer last-modified Fri, 08 Mar 2024 06:03:01 GMT etag W/"221b71-18e1ca86208" x-download-options noopen x-frame-options SAMEORIGIN content-type application/javascript; charset=UTF-8 cache-control public, max-age=0 accept-ranges bytes x-amz-cf-id cF-fm3uWn-BYoU75Qrv46hZq47bGnKmoXtdn6R77W19QHDXYilZSMQ==
GET H2	200	app.5eb1eba4.js Show response studioplus.castandcrew.com/	1 MB 1 MB	716ms 716ms	Script application/javascript	2600:9000:2490:9c00:1c:351e:ae40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://studioplus.castandcrew.com/app.5eb1eba4.js Requested by Host: studioplus.castandcrew.com URL: https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:9c00:1c:351e:ae40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 1cafdfab492acf570eaf22d8fc92257280dbf74c5ea2d6de902604c49b14e77f Security Headers Name Value Content-Security-Policy style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self'; Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Origin https://studioplus.castandcrew.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Sat, 09 Mar 2024 04:20:43 GMT strict-transport-security max-age=15552000; includeSubDomains x-content-type-options nosniff content-security-policy style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self'; via 1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-dns-prefetch-control off x-cache Miss from cloudfront content-length 1085763 x-xss-protection 1; mode=block referrer-policy no-referrer last-modified Fri, 08 Mar 2024 06:03:01 GMT etag W/"109143-18e1ca86208" x-download-options noopen x-frame-options SAMEORIGIN content-type application/javascript; charset=UTF-8 cache-control public, max-age=0 accept-ranges bytes x-amz-cf-id 6iPs53lmzK5_o6qRHF7g41mKHG-bpUNvazRXuMIXg6I0jaXvcN7ptg==
GET H2	200	app.01dabd65.css studioplus.castandcrew.com/css/	281 KB 51 KB	10ms 9ms	Stylesheet text/css	2600:9000:2490:9c00:1c:351e:ae40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://studioplus.castandcrew.com/css/app.01dabd65.css Requested by Host: studioplus.castandcrew.com URL: https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:9c00:1c:351e:ae40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 1c011d68277c44df7b8dd87695f683c51be15d8eb41445ae650fc32ceffc7f1f Security Headers Name Value Content-Security-Policy style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self'; Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers strict-transport-security max-age=15552000; includeSubDomains content-security-policy style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self'; x-content-type-options nosniff date Fri, 08 Mar 2024 21:04:47 GMT content-encoding gzip via 1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 age 26156 x-dns-prefetch-control off x-cache Hit from cloudfront x-xss-protection 1; mode=block referrer-policy no-referrer last-modified Fri, 08 Mar 2024 06:02:20 GMT etag W/"464b2-18e1ca7c1e0" x-download-options noopen x-frame-options SAMEORIGIN vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=0 x-amz-cf-id eGfjs1dsuTSarrAD8IAuqPD3BaAf86t9cWB-unjWvxC-kddceVC3MA==
GET H2	200	Inter-Regular.8c0fe73b.ttf studioplus.castandcrew.com/fonts/	303 KB 144 KB	10ms 10ms	Font font/ttf	2600:9000:2490:9c00:1c:351e:ae40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://studioplus.castandcrew.com/fonts/Inter-Regular.8c0fe73b.ttf Requested by Host: studioplus.castandcrew.com URL: https://studioplus.castandcrew.com/css/app.01dabd65.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:9c00:1c:351e:ae40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 41ab0f707a2bfab8133ccdfcdab52282f5f79e5751f43a264805451c7bb95fb8 Security Headers Name Value Content-Security-Policy style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self'; Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer Origin https://studioplus.castandcrew.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers strict-transport-security max-age=15552000; includeSubDomains content-security-policy style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self'; x-content-type-options nosniff date Fri, 08 Mar 2024 21:04:48 GMT content-encoding gzip via 1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 age 26155 x-dns-prefetch-control off x-cache Hit from cloudfront x-xss-protection 1; mode=block referrer-policy no-referrer last-modified Fri, 08 Mar 2024 06:02:20 GMT etag W/"4ba44-18e1ca7c1e0" x-download-options noopen x-frame-options SAMEORIGIN vary Accept-Encoding content-type font/ttf cache-control public, max-age=0 x-amz-cf-id M5IQhebylYt-gZw4mPChMPDVAH_mDs5opDedaqJdUKq8G46r6sZ_TA==
OPTIONS H/1.1	200 OK	me login.castandcrew.com/api/v1/sessions/ Frame	0 0	568ms 173ms	Preflight	15.197.151.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.castandcrew.com/api/v1/sessions/me Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 15.197.151.86 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a9d4dea8e2661b2ed.awsglobalaccelerator.com Software nginx / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' Strict-Transport-Security max-age=315360000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers content-type,x-okta-user-agent-extended Access-Control-Request-Method GET Origin https://studioplus.castandcrew.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers Connection Keep-Alive Content-Length 0 Date Sat, 09 Mar 2024 04:20:45 GMT Keep-Alive timeout=5, max=100 Server nginx Strict-Transport-Security max-age=315360000; includeSubDomains accept-ch Sec-CH-UA-Platform-Version access-control-allow-credentials true access-control-allow-headers content-type,x-okta-user-agent-extended,Content-Type access-control-allow-methods DELETE, GET, OPTIONS access-control-allow-origin https://studioplus.castandcrew.com access-control-max-age 3600 allow GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH cache-control no-cache, no-store content-security-policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' expires 0 p3p CP="HONK" pragma no-cache vary Origin x-frame-options SAMEORIGIN x-okta-request-id ZevjnYxRqfZcboHITTA8ugAAAaU x-rate-limit-limit 10000 x-rate-limit-remaining 9983 x-rate-limit-reset 1709958074 x-xss-protection 0
GET H2	200	pendo.js Show response content.pendo.castandcrew.com/agent/static/10f85834-bacb-4d5f-511f-397c33f0eaab/	469 KB 153 KB	248ms 133ms	Script application/javascript	2600:9000:2644:f200:1e:cb94:adc0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.pendo.castandcrew.com/agent/static/10f85834-bacb-4d5f-511f-397c33f0eaab/pendo.js Requested by Host: studioplus.castandcrew.com URL: https://studioplus.castandcrew.com/app.5eb1eba4.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2644:f200:1e:cb94:adc0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software UploadServer / Resource Hash d856819b1a3cd94f4f50ccf27edd47d7dbd6edc250907b56e84895e6177546f3 Security Headers Name Value Content-Security-Policy default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none' Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Sat, 09 Mar 2024 04:20:45 GMT content-encoding gzip via 1.1 a2ce61e5ddc66736c9e2bfb6581fa2da.cloudfront.net (CloudFront) content-security-policy default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none' x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload x-amz-cf-pop FRA60-P6 x-guploader-uploadid ABPtcPoi8QbDVYZ4s3EGUHbDxyw5Kw61fSB3iszih6n-LjTADvM_K4ejbexLo8Jix060GqLQ26OYIw6h6A x-cache RefreshHit from cloudfront x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding gzip content-length 156015 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 07 Mar 2024 19:12:09 GMT server UploadServer etag "bdccfdeb434aae8eaa433533ba953d27" vary Accept-Encoding x-goog-generation 1709838729278387 content-type application/javascript access-control-allow-origin * x-goog-hash crc32c=fvAofQ==, md5=vcz960NKro6qQzUzupU9Jw== access-control-expose-headers * cache-control max-age=450 x-goog-stored-content-length 156015 x-frame-options DENY accept-ranges bytes x-amz-cf-id 4ptz36n01cYozQ04DknD95p4c2pZDJkwcVD3OOfoLaoGRN_xmGI2iA== expires Sat, 09 Mar 2024 04:28:15 GMT
GET H/1.1	404 Not Found	me Show response login.castandcrew.com/api/v1/sessions/	168 B 3 KB	461ms 170ms	Fetch application/json	15.197.151.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.castandcrew.com/api/v1/sessions/me Requested by Host: studioplus.castandcrew.com URL: https://studioplus.castandcrew.com/chunk-vendors.5eb1eba4.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 15.197.151.86 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a9d4dea8e2661b2ed.awsglobalaccelerator.com Software nginx / Resource Hash 92f17329dd14801037b7fc621f0d98acf2330974d9249e65592362d694b6b8b2 Security Headers Name Value Content-Security-Policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' Strict-Transport-Security max-age=315360000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept application/json Referer https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 X-Okta-User-Agent-Extended okta-auth-js/7.4.3 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Content-Type application/json Response headers x-okta-request-id ZevjnkMUXwR-axgS_yusOwAACTM Date Sat, 09 Mar 2024 04:20:46 GMT content-security-policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' x-rate-limit-limit 600 x-content-type-options nosniff Content-Encoding gzip x-rate-limit-remaining 599 Strict-Transport-Security max-age=315360000; includeSubDomains Transfer-Encoding chunked p3p CP="HONK" Connection Keep-Alive x-xss-protection 0 pragma no-cache Server nginx accept-ch Sec-CH-UA-Platform-Version Vary Accept-Encoding,Origin Content-Type application/json access-control-allow-origin https://studioplus.castandcrew.com x-rate-limit-reset 1709958106 access-control-allow-credentials true cache-control no-cache, no-store access-control-allow-headers Content-Type Keep-Alive timeout=5, max=100 expires 0
GET H/1.1	200 OK	authorize Show response login.castandcrew.com/oauth2/auske47mzvtRMKP3k356/v1/ Frame 10B4	2 KB 2 KB	225ms 225ms	Document text/html	15.197.151.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.castandcrew.com/oauth2/auske47mzvtRMKP3k356/v1/authorize?client_id=0oa88ttcujD6490qH356&nonce=duJ3M81RFSFL60Q7Zgzwux0RdUGyOirBgxYu3qpsjrMJCenYkN18QfXHTX3n3QS9&prompt=none&redirect_uri=https%3A%2F%2Fstudioplus.castandcrew.com&response_mode=okta_post_message&response_type=token&state=AYATXGYw4BRPEbx2QnrzvXyKunj1LEvfyAi01MqEM7vn5ALTWBevUfeAvBpDUIl8&scope=openid%20profile%20email Requested by Host: studioplus.castandcrew.com URL: https://studioplus.castandcrew.com/chunk-vendors.5eb1eba4.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 15.197.151.86 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a9d4dea8e2661b2ed.awsglobalaccelerator.com Software nginx / Resource Hash a57c52aa91eed3332ae4d7dbe1cd6dfd3c44be268bba6ba6ec5991b1ee8536a3 Security Headers Name Value Strict-Transport-Security max-age=315360000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Type text/html;charset=utf-8 Date Sat, 09 Mar 2024 04:20:46 GMT Keep-Alive timeout=5, max=99 Server nginx Strict-Transport-Security max-age=315360000; includeSubDomains Transfer-Encoding chunked Vary Accept-Encoding X-Robots-Tag noindex,nofollow accept-ch Sec-CH-UA-Platform-Version cache-control no-cache, no-store content-language de expires 0 p3p CP="HONK" pragma no-cache referrer-policy no-referrer x-content-type-options nosniff x-okta-request-id ZevjnkMUXwR-axgS_yusPgAACTM x-rate-limit-limit 1200 x-rate-limit-remaining 1144 x-rate-limit-reset 1709958055 x-xss-protection 0
OPTIONS H/1.1	200 OK	me login.castandcrew.com/api/v1/sessions/ Frame	0 0	175ms 174ms	Preflight	15.197.151.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.castandcrew.com/api/v1/sessions/me Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 15.197.151.86 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a9d4dea8e2661b2ed.awsglobalaccelerator.com Software nginx / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' Strict-Transport-Security max-age=315360000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers content-type,x-okta-user-agent-extended Access-Control-Request-Method DELETE Origin https://studioplus.castandcrew.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers Connection Keep-Alive Content-Length 0 Date Sat, 09 Mar 2024 04:20:46 GMT Keep-Alive timeout=5, max=99 Server nginx Strict-Transport-Security max-age=315360000; includeSubDomains accept-ch Sec-CH-UA-Platform-Version access-control-allow-credentials true access-control-allow-headers content-type,x-okta-user-agent-extended,Content-Type access-control-allow-methods DELETE, GET, OPTIONS access-control-allow-origin https://studioplus.castandcrew.com access-control-max-age 3600 allow GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH cache-control no-cache, no-store content-security-policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' expires 0 p3p CP="HONK" pragma no-cache vary Origin x-frame-options SAMEORIGIN x-okta-request-id ZevjnoxRqfZcboHITTA8vwAAAaU x-rate-limit-limit 10000 x-rate-limit-remaining 9982 x-rate-limit-reset 1709958074 x-xss-protection 0
DELETE H/1.1	404 Not Found	me Show response login.castandcrew.com/api/v1/sessions/	168 B 3 KB	163ms 163ms	Fetch application/json	15.197.151.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.castandcrew.com/api/v1/sessions/me Requested by Host: studioplus.castandcrew.com URL: https://studioplus.castandcrew.com/chunk-vendors.5eb1eba4.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 15.197.151.86 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a9d4dea8e2661b2ed.awsglobalaccelerator.com Software nginx / Resource Hash cde95f195f6008712c43dcacd20d8fada0e2938855e4378d0cf9addf18cf08d1 Security Headers Name Value Content-Security-Policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' Strict-Transport-Security max-age=315360000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept application/json Referer https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 X-Okta-User-Agent-Extended okta-auth-js/7.4.3 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Content-Type application/json Response headers x-okta-request-id ZevjnkMUXwR-axgS_yusQQAACTM Date Sat, 09 Mar 2024 04:20:46 GMT content-security-policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' x-rate-limit-limit 600 x-content-type-options nosniff Content-Encoding gzip x-rate-limit-remaining 598 Strict-Transport-Security max-age=315360000; includeSubDomains Transfer-Encoding chunked p3p CP="HONK" Connection Keep-Alive x-xss-protection 0 pragma no-cache Server nginx accept-ch Sec-CH-UA-Platform-Version Vary Accept-Encoding,Origin Content-Type application/json access-control-allow-origin https://studioplus.castandcrew.com x-rate-limit-reset 1709958106 access-control-allow-credentials true cache-control no-cache, no-store access-control-allow-headers Content-Type Keep-Alive timeout=5, max=98 expires 0
POST H2	401	graphql Show response studioplus.castandcrew.com/api/	136 B 831 B	575ms 575ms	Fetch application/json	2600:9000:2490:9c00:1c:351e:ae40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://studioplus.castandcrew.com/api/graphql Requested by Host: studioplus.castandcrew.com URL: https://studioplus.castandcrew.com/chunk-vendors.5eb1eba4.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:9c00:1c:351e:ae40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 752e59799789e50a211b606e1b6ec3e2a6acc62ca432957251d2e083296991f7 Security Headers Name Value Content-Security-Policy base-uri 'self';connect-src 'self';default-src 'none';frame-ancestors 'self';img-src 'self';script-src 'self' 'sha256-OccAvIoI371rInklVGpEQqnffQ7c6OrfzIjYqlOlVVE=';style-src 'self'; Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept */* Referer https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 content-type application/json Response headers date Sat, 09 Mar 2024 04:20:46 GMT content-security-policy base-uri 'self';connect-src 'self';default-src 'none';frame-ancestors 'self';img-src 'self';script-src 'self' 'sha256-OccAvIoI371rInklVGpEQqnffQ7c6OrfzIjYqlOlVVE=';style-src 'self'; www-authenticate validate-session error="Missing authorization header" strict-transport-security max-age=15768000 via 1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront) x-content-type-options nosniff x-amz-cf-pop FRA56-P6 x-cache Error from cloudfront content-length 136 x-xss-protection 0 x-download-options noopen vary origin x-frame-options DENY content-type application/json; charset=utf-8 access-control-allow-origin https://studioplus.castandcrew.com access-control-expose-headers WWW-Authenticate,Server-Authorization cache-control no-cache x-amz-cf-id 5aYraFEr54UW0Rk21yG8xaNAwAni8fGNpzUEK4ttoG1MXHReEz2SQw==
GET		/ studioplus.castandcrew.com/	0 0
GET		login my.castandcrew.com/	0 0
OPTIONS H/1.1	200 OK	me login.castandcrew.com/api/v1/sessions/ Frame	0 0	173ms 173ms	Preflight	15.197.151.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.castandcrew.com/api/v1/sessions/me Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 15.197.151.86 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a9d4dea8e2661b2ed.awsglobalaccelerator.com Software nginx / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' Strict-Transport-Security max-age=315360000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers content-type,x-okta-user-agent-extended Access-Control-Request-Method DELETE Origin https://studioplus.castandcrew.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers Connection Keep-Alive Content-Length 0 Date Sat, 09 Mar 2024 04:20:47 GMT Keep-Alive timeout=5, max=98 Server nginx Strict-Transport-Security max-age=315360000; includeSubDomains accept-ch Sec-CH-UA-Platform-Version access-control-allow-credentials true access-control-allow-headers content-type,x-okta-user-agent-extended,Content-Type access-control-allow-methods DELETE, GET, OPTIONS access-control-allow-origin https://studioplus.castandcrew.com access-control-max-age 3600 allow GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH cache-control no-cache, no-store content-security-policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' expires 0 p3p CP="HONK" pragma no-cache vary Origin x-frame-options SAMEORIGIN x-okta-request-id Zevjn4xRqfZcboHITTA8xAAAAaU x-rate-limit-limit 10000 x-rate-limit-remaining 9981 x-rate-limit-reset 1709958074 x-xss-protection 0
DELETE H/1.1	404 Not Found	me Show response login.castandcrew.com/api/v1/sessions/	168 B 3 KB	165ms 165ms	Fetch application/json	15.197.151.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.castandcrew.com/api/v1/sessions/me Requested by Host: studioplus.castandcrew.com URL: https://studioplus.castandcrew.com/chunk-vendors.5eb1eba4.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 15.197.151.86 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a9d4dea8e2661b2ed.awsglobalaccelerator.com Software nginx / Resource Hash 156c363feada87e009af716eccb13383a943112aeeb08fb840395e18568c8519 Security Headers Name Value Content-Security-Policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' Strict-Transport-Security max-age=315360000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept application/json Referer https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 X-Okta-User-Agent-Extended okta-auth-js/7.4.3 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Content-Type application/json Response headers x-okta-request-id Zevjn0MUXwR-axgS_yusRgAACTM Date Sat, 09 Mar 2024 04:20:47 GMT content-security-policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' x-rate-limit-limit 600 x-content-type-options nosniff Content-Encoding gzip x-rate-limit-remaining 597 Strict-Transport-Security max-age=315360000; includeSubDomains Transfer-Encoding chunked p3p CP="HONK" Connection Keep-Alive x-xss-protection 0 pragma no-cache Server nginx accept-ch Sec-CH-UA-Platform-Version Vary Accept-Encoding,Origin Content-Type application/json access-control-allow-origin https://studioplus.castandcrew.com x-rate-limit-reset 1709958106 access-control-allow-credentials true cache-control no-cache, no-store access-control-allow-headers Content-Type Keep-Alive timeout=5, max=97 expires 0
GET DATA	200 OK	truncated /	569 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 17039e9f6e6a44fbc4228b0c6762f6c273a5d11d474c8da524da50b35cdfefea Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers Content-Type image/png
GET H2	200	Inter-SemiBold.48eaf57b.ttf studioplus.castandcrew.com/fonts/	308 KB 154 KB	751ms 750ms	Font font/ttf	2600:9000:2490:9c00:1c:351e:ae40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://studioplus.castandcrew.com/fonts/Inter-SemiBold.48eaf57b.ttf Requested by Host: studioplus.castandcrew.com URL: https://studioplus.castandcrew.com/css/app.01dabd65.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:9c00:1c:351e:ae40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash Security Headers Name Value Content-Security-Policy style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self'; Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer Origin https://studioplus.castandcrew.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers strict-transport-security max-age=15552000; includeSubDomains content-security-policy style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self'; x-content-type-options nosniff date Sat, 09 Mar 2024 04:20:47 GMT content-encoding gzip via 1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-dns-prefetch-control off x-cache RefreshHit from cloudfront x-xss-protection 1; mode=block referrer-policy no-referrer last-modified Fri, 08 Mar 2024 06:02:20 GMT etag W/"4d16c-18e1ca7c1e0" x-download-options noopen x-frame-options SAMEORIGIN vary Accept-Encoding content-type font/ttf cache-control public, max-age=0 x-amz-cf-id TapcSSJ2zg48q2Aks5aVz8rdHzKtkc7UwAjmN-35WHnmV5qOyEG8yA==
GET		/ studioplus.castandcrew.com/	0 0
GET H2	200	Primary Request login Show response my.castandcrew.com/	32 KB 12 KB	595ms 595ms	Document text/html	2600:9000:223e:a400:4:b29d:8b80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Requested by Host: studioplus.castandcrew.com URL: https://studioplus.castandcrew.com/app.5eb1eba4.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223e:a400:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 77641abd6a63eed021f8560e0c621d5bfb2246681b40b926586e5f725f3ba50f Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; object-src 'none' Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers age 91 cache-control no-cache, no-store, must-revalidate content-encoding gzip content-security-policy frame-ancestors 'self'; object-src 'none' content-type text/html date Sat, 09 Mar 2024 04:20:47 GMT etag W/"36009d77a7d992fb0d824a0975b30509" last-modified Thu, 07 Mar 2024 03:28:14 GMT referrer-policy same-origin server AmazonS3 strict-transport-security max-age=31536000; includeSubDomains; preload vary Accept-Encoding via 1.1 944dc31277adc1021b0776fe818f07f6.cloudfront.net (CloudFront) x-amz-cf-id BzVGODxWKOQ0IHjFiUeOyqL4CKA821ycJnfOCiTFz330uQp1X6dBMg== x-amz-cf-pop FRA56-P4 x-amz-server-side-encryption AES256 x-amz-version-id Gmc7nn.3.F1OqzzwIf9F5zcFViY69qvO x-cache Error from cloudfront x-content-type-options nosniff x-frame-options DENY x-xss-protection 1; mode=block
GET H2	200	css2 fonts.googleapis.com/	18 KB 1 KB	45ms 44ms	Stylesheet text/css	2a00:1450:4001:82b::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,500;1,700&display=swap Requested by Host: my.castandcrew.com URL: https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash dec36f15ba246cbcc1a584c1753b35ca3ff397859d849a6a7831d091959be3d7 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Sat, 09 Mar 2024 04:20:47 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sat, 09 Mar 2024 02:59:27 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sat, 09 Mar 2024 04:20:47 GMT
GET H2	200	css2 fonts.googleapis.com/	9 KB 821 B	47ms 46ms	Stylesheet text/css	2a00:1450:4001:82b::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,500;1,700&display=swap Requested by Host: my.castandcrew.com URL: https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 79d08edb5b23fcc8da45fcc77210c8e18771fcf3876dda7d2596cb3ed0512333 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Sat, 09 Mar 2024 04:20:47 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sat, 09 Mar 2024 04:20:47 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sat, 09 Mar 2024 04:20:47 GMT
GET H2	200	main.52185e49.js my.castandcrew.com/static/js/	644 KB 0	714ms 714ms	Script text/javascript	2600:9000:223e:a400:4:b29d:8b80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://my.castandcrew.com/static/js/main.52185e49.js Requested by Host: my.castandcrew.com URL: https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223e:a400:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; object-src 'none' Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Sat, 09 Mar 2024 04:20:49 GMT x-amz-version-id skrDEsdS3J3OVFsxdHAEOCjD3NbATjG2 content-encoding br content-security-policy frame-ancestors 'self'; object-src 'none' via 1.1 944dc31277adc1021b0776fe818f07f6.cloudfront.net (CloudFront) x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA56-P4 x-amz-server-side-encryption AES256 x-cache Miss from cloudfront x-xss-protection 1; mode=block referrer-policy same-origin last-modified Thu, 07 Mar 2024 03:28:08 GMT server AmazonS3 etag W/"f2666ad97e77702cd69ac2ac01273e71" vary Accept-Encoding x-frame-options DENY content-type text/javascript cache-control no-cache, no-store, must-revalidate x-amz-cf-id GpGxopnta6poTCYVMh05Vxh2i0onp8o2chSWaz8N8r0O1BQH_u3mJg==
GET H2	200	main.7acefb32.css my.castandcrew.com/static/css/	174 B 811 B	614ms 614ms	Stylesheet text/css	2600:9000:223e:a400:4:b29d:8b80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://my.castandcrew.com/static/css/main.7acefb32.css Requested by Host: my.castandcrew.com URL: https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223e:a400:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 4f80bf5a7d9289d4c1fa5f3e0ebc2d8519ef840f03544cc0429370d454b54e7b Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; object-src 'none' Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers x-amz-version-id NyqM3sN0mO.HYNgLcOkGlccE32.d3F9b date Sat, 09 Mar 2024 04:20:49 GMT via 1.1 944dc31277adc1021b0776fe818f07f6.cloudfront.net (CloudFront) content-security-policy frame-ancestors 'self'; object-src 'none' x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA56-P4 x-amz-server-side-encryption AES256 x-cache RefreshHit from cloudfront content-length 174 x-xss-protection 1; mode=block referrer-policy same-origin last-modified Thu, 07 Mar 2024 03:28:11 GMT server AmazonS3 etag "266721168997d576d0af6f941eb7d2c5" vary Accept-Encoding x-frame-options DENY content-type text/css cache-control no-cache, no-store, must-revalidate accept-ranges bytes x-amz-cf-id EmjEB9paloH8rFaC6aZl5FQ5gKut_bEE_8C2y7QVEVxQieE656nFdQ==
GET H2	200	link-initialize.js Show response cdn.plaid.com/link/v2/stable/	147 KB 41 KB	60ms 30ms	Script text/javascript	13.33.187.112 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.plaid.com/link/v2/stable/link-initialize.js Requested by Host: my.castandcrew.com URL: https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.187.112 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-187-112.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 5741070c37508c4455f704f7f190f8dec4773f62d91e6b83a9907f04381b2d88 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers x-amz-version-id UKXAub3lZBZME5VoY9hzM62OKsjngz6U content-encoding br via 1.1 af1c2193a818b5824fd85ddd651620a8.cloudfront.net (CloudFront) date Sat, 09 Mar 2024 01:46:55 GMT x-amz-request-id 66PCPJQW03EHQ1GM x-amz-cf-pop FRA60-P9 x-amz-server-side-encryption AES256 age 9233 x-cache Hit from cloudfront x-amz-replication-status COMPLETED x-amz-id-2 BQR36OA6NLyK8ilEIsDNoRBcP0mSUDOS8Pfm2/Avs/vAhmIKREjGd6kcfmVm8G2vljxT/fad9gzT0Ce9O2LSug== last-modified Fri, 08 Mar 2024 16:30:48 GMT server AmazonS3 etag W/"2667f0b537c405c80048804a82a6f567" vary Accept-Encoding content-type text/javascript cache-control no-cache,must-revalidate,max-age=0 x-amz-cf-id 9T1b6LQ-39J8OLk1XvHzcSNLApEx0P5hdNbA39-bb5uczy-dWj6yVg==
GET H/1.1	200 OK	esw.min.js Show response service.force.com/embeddedservice/5.0/	30 KB 9 KB	86ms 19ms	Script application/x-javascript	161.71.11.44 SALESFORCE
General Check archive.org Show headers Download Go to Full URL https://service.force.com/embeddedservice/5.0/esw.min.js Requested by Host: my.castandcrew.com URL: https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 161.71.11.44 London, United Kingdom, ASN14340 (SALESFORCE, US), Reverse DNS dcl7-ncg0-lhr4.um2-lo3.force.com Software / Resource Hash ef4dcc4dab4d780f44939c455d4720cab662b2f5fabc36ebc33a21f4cdbecd4e Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers Date Fri, 08 Mar 2024 11:45:03 GMT Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Referrer-Policy origin-when-cross-origin Last-Modified Tue, 04 Jul 2023 00:26:54 GMT Content-Encoding gzip Age 59744 Vary Accept-Encoding Content-Type application/x-javascript Cache-Control public,max-age=86400 Accept-Ranges bytes X-Robots-Tag none Content-Length 8455 Expires Sat, 09 Mar 2024 11:45:03 GMT
GET H2	200	5eaa57bc d21y75miwcfqoq.cloudfront.net/	68 B 478 B	624ms 600ms	Image image/png	2600:9000:235a:fc00:1b:ef38:3680:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d21y75miwcfqoq.cloudfront.net/5eaa57bc Requested by Host: my.castandcrew.com URL: https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:fc00:1b:ef38:3680:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058 Request headers accept-language de-DE,de;q=0.9 Referer https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Sat, 09 Mar 2024 04:20:49 GMT x-amz-version-id tL_CTIHiQw3ribGLlhA7UngCyS3xe0wz via 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront) last-modified Mon, 29 Jan 2024 18:06:57 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 etag "91e42db1c66c0b276abf6234dc50b2eb" x-amz-server-side-encryption AES256 x-cache Miss from cloudfront content-type image/png cache-control no-cache, no-store accept-ranges bytes content-length 68 x-amz-cf-id kRvE62oUuo9zA4xZcN39la8INEMfscO4wly-9u8MdcTglAtpZTv_Ng==
GET H2	200	pendo.js Show response content.pendo.castandcrew.com/agent/static/1e3667f1-3a8a-4706-53f7-380405fcc2ad/	469 KB 153 KB	114ms 114ms	Script application/javascript	2600:9000:2644:f200:1e:cb94:adc0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.pendo.castandcrew.com/agent/static/1e3667f1-3a8a-4706-53f7-380405fcc2ad/pendo.js Requested by Host: my.castandcrew.com URL: https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2644:f200:1e:cb94:adc0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software UploadServer / Resource Hash a749bfeac012f646d2fff2e44120cd1af549ad18f4086b7e6495c752c88680bb Security Headers Name Value Content-Security-Policy default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none' Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Sat, 09 Mar 2024 04:20:47 GMT content-encoding gzip via 1.1 a2ce61e5ddc66736c9e2bfb6581fa2da.cloudfront.net (CloudFront) content-security-policy default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none' x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload x-amz-cf-pop FRA60-P6 x-guploader-uploadid ABPtcPpKQH7wQyEOp1s7Zc0dq5yxnoJYvUkts9VgT2pwBwENWvh0xW3It_Abwki5ruxGm3okcjsUBU061Q x-cache RefreshHit from cloudfront x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding gzip content-length 156016 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 07 Mar 2024 19:12:09 GMT server UploadServer etag "75309a5a9e2d168eea4f08ad2f36bd23" vary Accept-Encoding x-goog-generation 1709838729176420 content-type application/javascript access-control-allow-origin * x-goog-hash crc32c=DeGgXA==, md5=dTCaWp4tFo7qTwitLza9Iw== access-control-expose-headers * cache-control max-age=450 x-goog-stored-content-length 156016 x-frame-options DENY accept-ranges bytes x-amz-cf-id nfkI0BF9WdZOj5DyFAXHKOHAOduruNzQBMr_d22RRe0OZ_Krn-nvMg== expires Sat, 09 Mar 2024 04:28:17 GMT
GET H/1.1	200 OK	common.min.js Show response service.force.com/embeddedservice/5.0/utils/	5 KB 2 KB	19ms 19ms	Script application/x-javascript	161.71.11.44 SALESFORCE
General Check archive.org Show headers Download Go to Full URL https://service.force.com/embeddedservice/5.0/utils/common.min.js Requested by Host: my.castandcrew.com URL: https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 161.71.11.44 London, United Kingdom, ASN14340 (SALESFORCE, US), Reverse DNS dcl7-ncg0-lhr4.um2-lo3.force.com Software / Resource Hash 7c273510050e27ad1e0a533b0a766c6c597575710d578a104e60d4810e173648 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers Date Fri, 08 Mar 2024 20:10:57 GMT Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Referrer-Policy origin-when-cross-origin Last-Modified Thu, 17 Feb 2022 23:57:30 GMT Content-Encoding gzip Age 29391 Vary Accept-Encoding Content-Type application/x-javascript Cache-Control public,max-age=86400 Accept-Ranges bytes X-Robots-Tag none Content-Length 1918 Expires Sat, 09 Mar 2024 20:10:57 GMT
GET H2	200	5eaa57bc d21y75miwcfqoq.cloudfront.net/	68 B 478 B	160ms 160ms	Image image/png	2600:9000:235a:fc00:1b:ef38:3680:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d21y75miwcfqoq.cloudfront.net/5eaa57bc Requested by Host: my.castandcrew.com URL: https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:fc00:1b:ef38:3680:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058 Request headers accept-language de-DE,de;q=0.9 Referer https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Sat, 09 Mar 2024 04:20:49 GMT x-amz-version-id tL_CTIHiQw3ribGLlhA7UngCyS3xe0wz via 1.1 de142d0ad142b3c0e86791d0b145349a.cloudfront.net (CloudFront) last-modified Mon, 29 Jan 2024 18:06:57 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 etag "91e42db1c66c0b276abf6234dc50b2eb" x-amz-server-side-encryption AES256 x-cache Miss from cloudfront content-type image/png cache-control no-cache, no-store accept-ranges bytes content-length 68 x-amz-cf-id 3OcZHDR4o9KGoNVggnFtmhsv6snl-jQTkPbj-_jjgSXRTiTaY_Za9Q==
GET H/1.1	200 OK	esw.min.css service.force.com/embeddedservice/5.0/	9 KB 4 KB	20ms 19ms	Stylesheet text/css	161.71.11.44 SALESFORCE
General Check archive.org Show headers Download Go to Full URL https://service.force.com/embeddedservice/5.0/esw.min.css Requested by Host: my.castandcrew.com URL: https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 161.71.11.44 London, United Kingdom, ASN14340 (SALESFORCE, US), Reverse DNS dcl7-ncg0-lhr4.um2-lo3.force.com Software / Resource Hash 721f2d2fe18f13edc2ae51c1918c1b0a2d7b668318c559310ab35fa22363fdad Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers Date Fri, 08 Mar 2024 22:03:51 GMT Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Referrer-Policy origin-when-cross-origin Last-Modified Fri, 27 Aug 2021 14:11:56 GMT Content-Encoding gzip Age 22617 Vary Accept-Encoding Content-Type text/css Cache-Control public,max-age=86400 Accept-Ranges bytes X-Robots-Tag none Content-Length 4027 Expires Sat, 09 Mar 2024 22:03:51 GMT
GET H/1.1	200 OK	liveagent.esw.min.js Show response service.force.com/embeddedservice/5.0/client/	20 KB 6 KB	40ms 19ms	Script application/x-javascript	161.71.11.44 SALESFORCE
General Check archive.org Show headers Download Go to Full URL https://service.force.com/embeddedservice/5.0/client/liveagent.esw.min.js Requested by Host: my.castandcrew.com URL: https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 161.71.11.44 London, United Kingdom, ASN14340 (SALESFORCE, US), Reverse DNS dcl7-ncg0-lhr4.um2-lo3.force.com Software / Resource Hash 1df96aff7c1a0b4a1f03d51ec741df8d542fcf32eddee1a0295068e4a7f0017b Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers Date Fri, 08 Mar 2024 22:03:51 GMT Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Referrer-Policy origin-when-cross-origin Last-Modified Wed, 17 Aug 2022 20:11:18 GMT Content-Encoding gzip Age 22617 Vary Accept-Encoding Content-Type application/x-javascript Cache-Control public,max-age=86400 Accept-Ranges bytes X-Robots-Tag none Content-Length 5913 Expires Sat, 09 Mar 2024 22:03:51 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

studioplus.castandcrew.com

URL

https://studioplus.castandcrew.com/

Domain

my.castandcrew.com

URL

https://my.castandcrew.com/login?fromURI=https://studioplus.castandcrew.com/file/41e755018ced84d671ba78cf5fa41a79

Domain

studioplus.castandcrew.com

URL

https://studioplus.castandcrew.com/

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| NREUM object| newrelic function| __nr_require object| pendo object| Plaid object| webpackJsonpPlaid object| embedded_svc function| initESW undefined| s function| closeChatbot

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			login.castandcrew.com/	1969-12-31 23:59:59	Name: t Value: default
			login.castandcrew.com/	1970-01-21 04:35:18	Name: DT Value: DI1qPY0oes8Sd2qKCqIbk8x2A
			login.castandcrew.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: C5D5BD8AE90177F1447705CEF7BA7FEA

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://login.castandcrew.com/api/v1/sessions/me Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://login.castandcrew.com/api/v1/sessions/me Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://studioplus.castandcrew.com/api/graphql Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://login.castandcrew.com/api/v1/sessions/me Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' *.pendo.castandcrew.com fonts.googleapis.com amp.azure.net *.cloudfront.net; frame-ancestors 'self';
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.plaid.com
content.pendo.castandcrew.com
d21y75miwcfqoq.cloudfront.net
fonts.googleapis.com
login.castandcrew.com
my.castandcrew.com
service.force.com
studioplus.castandcrew.com
my.castandcrew.com
studioplus.castandcrew.com
13.33.187.112
15.197.151.86
161.71.11.44
2600:9000:223e:a400:4:b29d:8b80:93a1
2600:9000:235a:fc00:1b:ef38:3680:21
2600:9000:2490:9c00:1c:351e:ae40:93a1
2600:9000:2644:f200:1e:cb94:adc0:93a1
2a00:1450:4001:82b::200a
156c363feada87e009af716eccb13383a943112aeeb08fb840395e18568c8519
17039e9f6e6a44fbc4228b0c6762f6c273a5d11d474c8da524da50b35cdfefea
1c011d68277c44df7b8dd87695f683c51be15d8eb41445ae650fc32ceffc7f1f
1cafdfab492acf570eaf22d8fc92257280dbf74c5ea2d6de902604c49b14e77f
1df96aff7c1a0b4a1f03d51ec741df8d542fcf32eddee1a0295068e4a7f0017b
338bb53110615ccb33d5ca07026bb566b5fe5e530c7a020d7f2c1312640561ea
41ab0f707a2bfab8133ccdfcdab52282f5f79e5751f43a264805451c7bb95fb8
452410fef223a412e5608205fc069ecc35a4d919b413b3422a714a17ebfd0651
4f80bf5a7d9289d4c1fa5f3e0ebc2d8519ef840f03544cc0429370d454b54e7b
5741070c37508c4455f704f7f190f8dec4773f62d91e6b83a9907f04381b2d88
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
721f2d2fe18f13edc2ae51c1918c1b0a2d7b668318c559310ab35fa22363fdad
752e59799789e50a211b606e1b6ec3e2a6acc62ca432957251d2e083296991f7
7683e0edb7cb76fca8450a59ad85b158f0b251726a78b061c38ecaf13a80e26e
77641abd6a63eed021f8560e0c621d5bfb2246681b40b926586e5f725f3ba50f
79d08edb5b23fcc8da45fcc77210c8e18771fcf3876dda7d2596cb3ed0512333
7c273510050e27ad1e0a533b0a766c6c597575710d578a104e60d4810e173648
92f17329dd14801037b7fc621f0d98acf2330974d9249e65592362d694b6b8b2
a57c52aa91eed3332ae4d7dbe1cd6dfd3c44be268bba6ba6ec5991b1ee8536a3
a749bfeac012f646d2fff2e44120cd1af549ad18f4086b7e6495c752c88680bb
cde95f195f6008712c43dcacd20d8fada0e2938855e4378d0cf9addf18cf08d1
d856819b1a3cd94f4f50ccf27edd47d7dbd6edc250907b56e84895e6177546f3
dec36f15ba246cbcc1a584c1753b35ca3ff397859d849a6a7831d091959be3d7
ef4dcc4dab4d780f44939c455d4720cab662b2f5fabc36ebc33a21f4cdbecd4e
f1116e51857d160bfdc2825a4f7ea77384a48679ebb0d51c3a5aaf973752577c