urlscan.io logo urlscan.io
SecurityTrails logo

app.roh.co Open in urlscan Pro
54.237.133.81  Public Scan

Go To Rescan Add Verdict Report
URL: https://app.roh.co/card_on_file_requests/0TbZbye
Submission: On May 28 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 3 countries across 7 domains to perform 37 HTTP transactions. The main IP is 54.237.133.81, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is app.roh.co.
TLS certificate: Issued by R3 on May 25th 2024. Valid for: 3 months.
This is the only time app.roh.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 6 54.237.133.81 14618 (AMAZON-AES)
15 2600:9000:20a... 16509 (AMAZON-02)
5 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 151.101.192.176 54113 (FASTLY)
2 3.5.29.191 14618 (AMAZON-AES)
1 104.17.25.14 13335 (CLOUDFLAR...)
2 23.23.143.2 14618 (AMAZON-AES)
1 18.66.192.68 16509 (AMAZON-02)
2 18.173.154.44 16509 (AMAZON-02)
3 18.66.192.51 16509 (AMAZON-02)
37 12
6    54.237.133.81 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-237-133-81.compute-1.amazonaws.com
app.roh.co
15    2600:9000:20ae:a800:0:8cd5:a000:93a1 (United States)

ASN16509 (AMAZON-02, US)
app-assets.roh.co
5    2a02:26f0:3500:16::215:148f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
1    2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
p.typekit.net
1    151.101.192.176 (San Francisco, United States)

ASN54113 (FASTLY, US)
js.stripe.com
2    3.5.29.191 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: s3-1-w.amazonaws.com
caratsandcake-payments-production.s3.amazonaws.com
1    104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    23.23.143.2 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-143-2.compute-1.amazonaws.com
vgs-collect-keeper.apps.verygood.systems
1    18.66.192.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-68.muc50.r.cloudfront.net
js.verygoodvault.com
2    18.173.154.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-44.muc50.r.cloudfront.net
js.stripe.com
3    18.66.192.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-51.muc50.r.cloudfront.net
js.verygoodvault.com
Apex Domain
Subdomains		 Transfer
21 roh.co
app.roh.co
app-assets.roh.co
767 KB
6 typekit.net
use.typekit.net — Cisco Umbrella Rank: 448
p.typekit.net — Cisco Umbrella Rank: 565
120 KB
4 verygoodvault.com
js.verygoodvault.com — Cisco Umbrella Rank: 31700
41 KB
3 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1088
167 KB
2 verygood.systems
vgs-collect-keeper.apps.verygood.systems — Cisco Umbrella Rank: 66347
205 B
2 amazonaws.com
caratsandcake-payments-production.s3.amazonaws.com
219 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237
1 KB
37 7
Domain Requested by
15 app-assets.roh.co app.roh.co
6 app.roh.co 2 redirects app.roh.co
app-assets.roh.co
5 use.typekit.net app.roh.co
use.typekit.net
4 js.verygoodvault.com app-assets.roh.co
js.verygoodvault.com
3 js.stripe.com app-assets.roh.co
js.stripe.com
2 vgs-collect-keeper.apps.verygood.systems app-assets.roh.co
2 caratsandcake-payments-production.s3.amazonaws.com app.roh.co
1 cdnjs.cloudflare.com app.roh.co
1 p.typekit.net use.typekit.net
37 9

This site contains no links.

Subject Issuer Validity Valid
app.roh.co
R3		 2024-05-25 -
2024-08-23		 3 months crt.sh
app-assets.roh.co
Amazon RSA 2048 M02		 2024-03-11 -
2025-04-10		 a year crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-02-01 -
2025-03-03		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-05-22 -
2024-08-22		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
*.apps.verygood.systems
Amazon RSA 2048 M03		 2024-05-23 -
2025-06-20		 a year crt.sh
*.verygoodvault.com
Amazon RSA 2048 M02		 2023-12-19 -
2025-01-16		 a year crt.sh

This page contains 6 frames:

Primary Page: https://app.roh.co/card_on_file_requests/0TbZbye
Frame ID: CB1AD9F63DDB5187E80968F33EC3CE53
Requests: 34 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-d8116917e538365624b3d01df72b4701.html
Frame ID: 9ED8907A2F55DF69822AEC2C55C38E12
Requests: 1 HTTP requests in this frame

Frame: https://js.verygoodvault.com/vgs-collect/2.11.0/lib/index.html
Frame ID: 9D049B282A5E204064C84AB016E28067
Requests: 1 HTTP requests in this frame

Frame: https://js.verygoodvault.com/vgs-collect/2.11.0/lib/index.html
Frame ID: 9E2BB7AA450F53DD7B798BB3DBFA4FFB
Requests: 1 HTTP requests in this frame

Frame: https://js.verygoodvault.com/vgs-collect/2.11.0/lib/index.html
Frame ID: 917BE5EA8764FB1CFAC24BD0780B0804
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: F102BB9BC53A448EFC3038187402453C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ROH

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • <link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

37
Requests

95 %
HTTPS

27 %
IPv6

7
Domains

9
Subdomains

12
IPs

3
Countries

1312 kB
Transfer

4395 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19
  • https://app.roh.co/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBanNLIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--ce01980bebaee780b713293343541a3201e63f2d/marriott-dallas-allen-hotel-and-convention-center-logo-235742-1674148367.png HTTP 302
  • https://caratsandcake-payments-production.s3.amazonaws.com/e9pts97g812j2xj9ljjwoomw38w8?response-content-disposition=inline%3B%20filename%3D%22marriott-dallas-allen-hotel-and-convention-center-logo-235742-1674148367.png%22%3B%20filename%2A%3DUTF-8%27%27marriott-dallas-allen-hotel-and-convention-center-logo-235742-1674148367.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA6DPMNVZNLASBPG75%2F20240528%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240528T161413Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=2d54f780b8adbe6e0cb5a5d4e2586b22f26342cb24ff59c3cc8d75dd30566d17
Request Chain 21
  • https://app.roh.co/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBaU1LIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--2ac4bbd66470e1e39d750a05138562b57f853aae/marriott-dallas-allen-hotel-and-convention-center-05.jpg HTTP 302
  • https://caratsandcake-payments-production.s3.amazonaws.com/ps61bquohlbhjgegfzpog9p65evv?response-content-disposition=inline%3B%20filename%3D%22marriott-dallas-allen-hotel-and-convention-center-05.jpg%22%3B%20filename%2A%3DUTF-8%27%27marriott-dallas-allen-hotel-and-convention-center-05.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA6DPMNVZNLASBPG75%2F20240528%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240528T161413Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=25fe23d72cb1a17031d628fc9110f25a7b2a6400e1161a3718d17ed7bb67a671

37 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 0TbZbye
app.roh.co/card_on_file_requests/ 		11 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.roh.co/card_on_file_requests/0TbZbye
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
489606e709663a8f941c753f0c8660d1441051abbf88360f185035603672feef
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
max-age=0, private, must-revalidate
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Tue, 28 May 2024 16:14:12 GMT
Etag
W/"489606e709663a8f941c753f0c8660d1"
Link
<https://app-assets.roh.co/vite/assets/index-Dz7F3GJD.js>; rel=modulepreload; as=script; crossorigin=anonymous; nopush,<https://app-assets.roh.co/vite/assets/index-DzevUeA2.css>; rel=preload; as=style; nopush,<https://app-assets.roh.co/vite/assets/application-Db11ZDI2.css>; rel=preload; as=style; nopush,<https://app-assets.roh.co/vite/assets/core-BxvI8ZZI.css>; rel=preload; as=style; nopush,<https://app-assets.roh.co/vite/assets/filepond-plugin-file-validate-type-L8tNzf_B.css>; rel=preload; as=style; nopush,<https://app-assets.roh.co/vite/assets/ClientFacingCard-Bp_pLI66.css>; rel=preload; as=style; nopush,<https://app-assets.roh.co/vite/assets/card_heading-1KANJ37f.css>; rel=preload; as=style; nopush,<https://app-assets.roh.co/vite/assets/ErrorAlert-BVevRzbu.css>; rel=preload; as=style; nopush
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Referrer-Policy
strict-origin-when-cross-origin
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716912852&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=WDX73Whdc9W8Wc2ukbpFu6hZjkhGapmJlopQyiEH9kc%3D"}]}
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716912852&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=WDX73Whdc9W8Wc2ukbpFu6hZjkhGapmJlopQyiEH9kc%3D
Server
Cowboy
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
none
X-Request-Id
d84c8af7-d42b-4537-9e7d-b939a606e89f
X-Runtime
0.104507
X-Xss-Protection
0
index-Dz7F3GJD.js
app-assets.roh.co/vite/assets/ 		705 KB
166 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/index-Dz7F3GJD.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
762ced306cda8041c096b8d1336eec7e3b61992fd861844d2232f197acb0496f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://app.roh.co
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:52 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 cd703a45a77324fb8797a25a15ba227e.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-amz-cf-pop
MUC50-P5
age
1879
content-encoding
br
x-cache
Hit from cloudfront
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D
last-modified
Thu, 23 May 2024 19:53:04 GMT
server
Cowboy
vary
Accept-Encoding, Origin
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D"}]}
content-type
application/javascript
access-control-allow-origin
https://app.roh.co
x-amz-cf-id
GktTUENHAawPzOQb2nKgbFggbDDilWrXQYn2Fg4kEZRErhLz3uAEdw==
index-DzevUeA2.css
app-assets.roh.co/vite/assets/ 		335 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/index-DzevUeA2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
69686b09bf234c13b63bc8249bc561644d2cbbbd8080f1d9ec4c2acb7dd5ee63
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:52 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 653de2a3596d1ebffe452d8daf65c9ea.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
server
Cowboy
last-modified
Thu, 23 May 2024 19:53:04 GMT
x-amz-cf-pop
MUC50-P5
age
1879
content-encoding
br
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D"}]}
content-type
text/css
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
x-amz-cf-id
ffRkcFkW3ONru5tFYISBtM_8-BjiLHUQnIZQz8irQqV9eYsqS5C-9g==
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D
application-Db11ZDI2.css
app-assets.roh.co/vite/assets/ 		287 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/application-Db11ZDI2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
ee8ee0629c5a76c133120e342252f5fefebdaf3a842e0c5bce1f798cac4f0c62
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:52 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 653de2a3596d1ebffe452d8daf65c9ea.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
server
Cowboy
last-modified
Thu, 23 May 2024 19:53:04 GMT
x-amz-cf-pop
MUC50-P5
age
1879
content-encoding
br
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D"}]}
content-type
text/css
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
x-amz-cf-id
o6Yp4paEEviqhfJr8v-nN01P2hwVpqQbF1RPQ3Lz1KgVmO7dCarjDw==
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D
core-BxvI8ZZI.css
app-assets.roh.co/vite/assets/ 		621 KB
62 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/core-BxvI8ZZI.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
cb5c3e3dc5d4ebfcb2b944c621877d36fc6dbe2855b2bc8a1509749319e47b7a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:52 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 653de2a3596d1ebffe452d8daf65c9ea.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
server
Cowboy
last-modified
Thu, 23 May 2024 19:53:04 GMT
x-amz-cf-pop
MUC50-P5
age
1879
content-encoding
br
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D"}]}
content-type
text/css
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
x-amz-cf-id
4w1kWL9uXu7TIi1vFFXmM2O5DIpTbb6PwVTr_zxOvBti8VKLyF7ZIQ==
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D
filepond-plugin-file-validate-type-L8tNzf_B.css
app-assets.roh.co/vite/assets/ 		17 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/filepond-plugin-file-validate-type-L8tNzf_B.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
b5a190c639e402522c94909c06dcacad42164e0194a647eee20efb6f24dcc69f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:52 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 653de2a3596d1ebffe452d8daf65c9ea.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
server
Cowboy
last-modified
Thu, 23 May 2024 19:53:04 GMT
x-amz-cf-pop
MUC50-P5
age
1879
content-encoding
br
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D"}]}
content-type
text/css
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
x-amz-cf-id
-n-VJ7iXl--TFnIpvb9rEkI7wAqvcD0nF_lNzU1ZlhwS7_Dpo86vMw==
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D
ClientFacingCard-Bp_pLI66.css
app-assets.roh.co/vite/assets/ 		56 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/ClientFacingCard-Bp_pLI66.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2efd28cb67059241c47b80982dcdabd9cc6a80b35da76fa7b30992e19ddcf422
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:52 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 653de2a3596d1ebffe452d8daf65c9ea.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
server
Cowboy
last-modified
Thu, 23 May 2024 19:53:04 GMT
x-amz-cf-pop
MUC50-P5
age
1879
content-encoding
br
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D"}]}
content-type
text/css
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
x-amz-cf-id
EtcSV3LQHYzwRJNo_EwwBzzdDRhN2HNHxm7yW3r-wzHj8VkBkUzzJg==
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D
card_heading-1KANJ37f.css
app-assets.roh.co/vite/assets/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/card_heading-1KANJ37f.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
29443167208f8300e82d1ab114c9228fed0f8edf048aa9afd0d652faa8cfead6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:52 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 653de2a3596d1ebffe452d8daf65c9ea.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
server
Cowboy
last-modified
Thu, 23 May 2024 19:53:04 GMT
x-amz-cf-pop
MUC50-P5
age
1879
content-encoding
br
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D"}]}
content-type
text/css
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
x-amz-cf-id
rxux-qSCnP8g5GW1MAGWW2yc2DpFlSHptKAOA5GNsyvfevhTamRaTQ==
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D
ErrorAlert-BVevRzbu.css
app-assets.roh.co/vite/assets/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/ErrorAlert-BVevRzbu.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
3d6dc145f3d3178bc3c2a6e6fea64d20e6cb83f466ea823d42532cf91c70031f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:52 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 653de2a3596d1ebffe452d8daf65c9ea.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
server
Cowboy
last-modified
Thu, 23 May 2024 19:53:04 GMT
x-amz-cf-pop
MUC50-P5
age
1879
content-encoding
br
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D"}]}
content-type
text/css
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
x-amz-cf-id
arVt2epGpWjTYfJdhmrwPygp3UNoCBu7gBuyFDL13804wSILrV7DRg==
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910973&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=SnaViG1V%2FTctdzBzU8fFpgDcRcIv2L8W0YcK1cUXwvM%3D
bootstrap-icons.min.css
app.roh.co/fonts/ 		80 KB
81 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.roh.co/fonts/bootstrap-icons.min.css
Requested by
Host: app.roh.co
URL: https://app.roh.co/card_on_file_requests/0TbZbye
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
062719b100219061c8a11fff201d9a98f3794ab45bddf1c1f2d16c9ea440c279
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/card_on_file_requests/0TbZbye
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 28 May 2024 16:14:12 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server
Cowboy
Last-Modified
Thu, 23 May 2024 19:49:58 GMT
Vary
Origin
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716912852&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=WDX73Whdc9W8Wc2ukbpFu6hZjkhGapmJlopQyiEH9kc%3D"}]}
Content-Type
text/css
Connection
keep-alive
Content-Length
81936
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716912852&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=WDX73Whdc9W8Wc2ukbpFu6hZjkhGapmJlopQyiEH9kc%3D
ejj7pyc.css
use.typekit.net/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/ejj7pyc.css
Requested by
Host: app.roh.co
URL: https://app.roh.co/card_on_file_requests/0TbZbye
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
cad8ce6c71a359164d6529f5537f5d183a289634c6e0b249cf6dc91f75b6e9cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Tue, 28 May 2024 16:14:12 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
967
core-DGNXH4Cr.js
app-assets.roh.co/vite/assets/ 		486 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/core-DGNXH4Cr.js
Requested by
Host: app.roh.co
URL: https://app.roh.co/card_on_file_requests/0TbZbye
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
a8b5d7ed79544663a6bf99c36ba958369c68c5f8889c0f48fee8a9bf56725dc6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Origin
https://app.roh.co
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:55 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 cd703a45a77324fb8797a25a15ba227e.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-amz-cf-pop
MUC50-P5
age
1877
content-encoding
br
x-cache
Hit from cloudfront
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910975&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=%2BnzwaVJhGFb4IIMXI4hu%2Ffagm1bGl0jeV0vC9Udmn80%3D
last-modified
Thu, 23 May 2024 19:53:04 GMT
server
Cowboy
vary
Accept-Encoding, Origin
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910975&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=%2BnzwaVJhGFb4IIMXI4hu%2Ffagm1bGl0jeV0vC9Udmn80%3D"}]}
content-type
application/javascript
access-control-allow-origin
https://app.roh.co
x-amz-cf-id
S1K4V62n69x_Y3qzO7Zj5XrgDEScwrC_5b-FrGRfSXf0ZwJCAuPgmA==
filepond-plugin-file-validate-type.esm-CygtzXp9.js
app-assets.roh.co/vite/assets/ 		297 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/filepond-plugin-file-validate-type.esm-CygtzXp9.js
Requested by
Host: app.roh.co
URL: https://app.roh.co/card_on_file_requests/0TbZbye
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
241dc6e1a4c6caae0aa3e27e8dc0547247982d28965fd05ec2d719cedf923d5d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Origin
https://app.roh.co
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:55 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 cd703a45a77324fb8797a25a15ba227e.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-amz-cf-pop
MUC50-P5
age
1876
content-encoding
br
x-cache
Hit from cloudfront
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910975&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=%2BnzwaVJhGFb4IIMXI4hu%2Ffagm1bGl0jeV0vC9Udmn80%3D
last-modified
Thu, 23 May 2024 19:53:04 GMT
server
Cowboy
vary
Accept-Encoding, Origin
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910975&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=%2BnzwaVJhGFb4IIMXI4hu%2Ffagm1bGl0jeV0vC9Udmn80%3D"}]}
content-type
application/javascript
access-control-allow-origin
https://app.roh.co
x-amz-cf-id
-djRvTznUGkCKz8QTMm7iz2koZLWAuk9zTYEALwgYK1FeFUgnrbNQw==
ClientFacingCard-06OlmINd.js
app-assets.roh.co/vite/assets/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/ClientFacingCard-06OlmINd.js
Requested by
Host: app.roh.co
URL: https://app.roh.co/card_on_file_requests/0TbZbye
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
3cb8e147b2985077a5ec4d97f07443e72721f23c8ecf542ce987e8e83a22951f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Origin
https://app.roh.co
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:55 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 cd703a45a77324fb8797a25a15ba227e.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-amz-cf-pop
MUC50-P5
age
1876
content-encoding
br
x-cache
Hit from cloudfront
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910976&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=goFZQ0WQKhfLTcjQLlqoV5UvfSprgFt5Ayf%2FRIRNQdE%3D
last-modified
Thu, 23 May 2024 19:53:04 GMT
server
Cowboy
vary
Accept-Encoding, Origin
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910976&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=goFZQ0WQKhfLTcjQLlqoV5UvfSprgFt5Ayf%2FRIRNQdE%3D"}]}
content-type
application/javascript
access-control-allow-origin
https://app.roh.co
x-amz-cf-id
5oy_Ud-QAdfS5NmLQYzv0zlhYzRNihhdAa3Acak2Ebo7nej2tx-TCw==
card_heading-DBT0RxFX.js
app-assets.roh.co/vite/assets/ 		324 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/card_heading-DBT0RxFX.js
Requested by
Host: app.roh.co
URL: https://app.roh.co/card_on_file_requests/0TbZbye
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
fbd3eb7ea415899742a91ac81602b09e437b0e9fb98f03e0c93ffca02f4b502b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Origin
https://app.roh.co
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:56 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 cd703a45a77324fb8797a25a15ba227e.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-amz-cf-pop
MUC50-P5
age
1876
content-encoding
br
x-cache
Hit from cloudfront
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910976&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=goFZQ0WQKhfLTcjQLlqoV5UvfSprgFt5Ayf%2FRIRNQdE%3D
last-modified
Thu, 23 May 2024 19:53:04 GMT
server
Cowboy
vary
Accept-Encoding, Origin
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910976&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=goFZQ0WQKhfLTcjQLlqoV5UvfSprgFt5Ayf%2FRIRNQdE%3D"}]}
content-type
application/javascript
access-control-allow-origin
https://app.roh.co
x-amz-cf-id
SbfcrFfc50htNzLyxWN-su4FilgEzKnLTLBA8dEkl55zmcz0DRTm8g==
Card-J1aymrD3.js
app-assets.roh.co/vite/assets/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/Card-J1aymrD3.js
Requested by
Host: app.roh.co
URL: https://app.roh.co/card_on_file_requests/0TbZbye
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
6ad74417beb778d1b32d1afcb95f6612266dc866f550a850d178a1592fa0d4c6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Origin
https://app.roh.co
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:56 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 cd703a45a77324fb8797a25a15ba227e.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-amz-cf-pop
MUC50-P5
age
1876
content-encoding
br
x-cache
Hit from cloudfront
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910976&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=goFZQ0WQKhfLTcjQLlqoV5UvfSprgFt5Ayf%2FRIRNQdE%3D
last-modified
Thu, 23 May 2024 19:53:04 GMT
server
Cowboy
vary
Accept-Encoding, Origin
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910976&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=goFZQ0WQKhfLTcjQLlqoV5UvfSprgFt5Ayf%2FRIRNQdE%3D"}]}
content-type
application/javascript
access-control-allow-origin
https://app.roh.co
x-amz-cf-id
yp4lDx6tKoMYwkdX1RZnaXsM7_ZOnLEx517t_zaZqbPK5tC-lFCZOA==
ErrorAlert-DUlT74Kj.js
app-assets.roh.co/vite/assets/ 		83 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/ErrorAlert-DUlT74Kj.js
Requested by
Host: app.roh.co
URL: https://app.roh.co/card_on_file_requests/0TbZbye
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
824b5499f47b62bdd4f92c7d2c2846f2f22952e23d075a2e16a34b4f5f9ea70b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Origin
https://app.roh.co
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:56 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 cd703a45a77324fb8797a25a15ba227e.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-amz-cf-pop
MUC50-P5
age
1876
content-encoding
br
x-cache
Hit from cloudfront
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910976&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=goFZQ0WQKhfLTcjQLlqoV5UvfSprgFt5Ayf%2FRIRNQdE%3D
last-modified
Thu, 23 May 2024 19:53:04 GMT
server
Cowboy
vary
Accept-Encoding, Origin
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910976&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=goFZQ0WQKhfLTcjQLlqoV5UvfSprgFt5Ayf%2FRIRNQdE%3D"}]}
content-type
application/javascript
access-control-allow-origin
https://app.roh.co
x-amz-cf-id
ZdLokOjzE_-pFiqqeabrTeCFW75ypzQJqzjuHN-lyKYecaqFEkOqpA==
__vite-browser-external-D7Ct-6yo.js
app-assets.roh.co/vite/assets/ 		191 B
975 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app-assets.roh.co/vite/assets/__vite-browser-external-D7Ct-6yo.js
Requested by
Host: app.roh.co
URL: https://app.roh.co/card_on_file_requests/0TbZbye
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:a800:0:8cd5:a000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
80b82acfeb87bf2cb6a47b0aa48e078951b8a2616fe5059cec7bc46dd650621d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Origin
https://app.roh.co
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 15:42:56 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 vegur, 1.1 cd703a45a77324fb8797a25a15ba227e.cloudfront.net (CloudFront)
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-amz-cf-pop
MUC50-P5
age
1876
x-cache
Hit from cloudfront
content-length
191
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716910976&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=goFZQ0WQKhfLTcjQLlqoV5UvfSprgFt5Ayf%2FRIRNQdE%3D
last-modified
Thu, 23 May 2024 19:53:04 GMT
server
Cowboy
vary
Origin
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716910976&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=goFZQ0WQKhfLTcjQLlqoV5UvfSprgFt5Ayf%2FRIRNQdE%3D"}]}
content-type
application/javascript
access-control-allow-origin
https://app.roh.co
x-amz-cf-id
pktalW3i2sWl-PBU9S14ZIl1vYrRd9_fupjUNedrsYJ_nYp4MM-lsw==
p.css
p.typekit.net/ 		5 B
172 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=ejj7pyc&ht=tk&f=139.173.175.25136.39437.39433.39434.39435.39436&a=994119&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ejj7pyc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://use.typekit.net/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 16:14:12 GMT
last-modified
Fri, 23 Jun 2023 17:09:47 GMT
server
nginx
etag
"6495d1db-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
v3
js.stripe.com/ 		604 KB
167 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: app-assets.roh.co
URL: https://app-assets.roh.co/vite/assets/index-Dz7F3GJD.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
a94e7220fbe1d9eb34b78c73ea3bf0f57cf4cbbdfef62e416ac8d312807d882d
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Tue, 28 May 2024 16:14:13 GMT
via
1.1 varnish
age
14
x-cache
HIT
content-length
170412
x-request-id
44a40e58-8596-4a94-a605-127f5835842d
x-served-by
cache-fra-etou8220158-FRA
last-modified
Sat, 25 May 2024 00:18:02 GMT
server
Fastly
etag
"e1fa3076f35dbe23a9d5b04e8922e0d7"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
2
e9pts97g812j2xj9ljjwoomw38w8
caratsandcake-payments-production.s3.amazonaws.com/
Redirect Chain
  • https://app.roh.co/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBanNLIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--ce01980bebaee780b713293343541a3201e63f2d/marriott-dallas-all...
  • https://caratsandcake-payments-production.s3.amazonaws.com/e9pts97g812j2xj9ljjwoomw38w8?response-content-disposition=inline%3B%20filename%3D%22marriott-dallas-allen-hotel-and-convention-center-logo...
33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://caratsandcake-payments-production.s3.amazonaws.com/e9pts97g812j2xj9ljjwoomw38w8?response-content-disposition=inline%3B%20filename%3D%22marriott-dallas-allen-hotel-and-convention-center-logo-235742-1674148367.png%22%3B%20filename%2A%3DUTF-8%27%27marriott-dallas-allen-hotel-and-convention-center-logo-235742-1674148367.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA6DPMNVZNLASBPG75%2F20240528%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240528T161413Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=2d54f780b8adbe6e0cb5a5d4e2586b22f26342cb24ff59c3cc8d75dd30566d17
Requested by
Host: app.roh.co
URL: https://app.roh.co/card_on_file_requests/0TbZbye
Protocol
HTTP/1.1
Server
3.5.29.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
cdf654bf3c9c2d182fcacaf3a266f1f5911e2533840d83fb9dd20200d8f8f998

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://app.roh.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Date
Tue, 28 May 2024 16:14:14 GMT
Last-Modified
Wed, 25 Jan 2023 19:12:42 GMT
Server
AmazonS3
x-amz-request-id
4RJKYX7M4ZD4A8Q2
ETag
"b712984f39a977532ed4ecf9df3b024d"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Content-Disposition
inline; filename="marriott-dallas-allen-hotel-and-convention-center-logo-235742-1674148367.png"; filename*=UTF-8''marriott-dallas-allen-hotel-and-convention-center-logo-235742-1674148367.png
Accept-Ranges
bytes
Content-Length
33588
x-amz-id-2
9/q/x8/O9hqMcRTN/ZbChblYg/7EdF0ZhNeGsEagI4GNZTOo/YhtIavksjd8pHWK2T/jVfzd7heIAt5SHwBAkcf0Dq+WuD6KUuQfP07fY9k=

Redirect headers

Date
Tue, 28 May 2024 16:14:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Permitted-Cross-Domain-Policies
none
Via
1.1 vegur
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
0
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716912853&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=EOBpbF6CjiGedf3Nbq6PZGZTNGUML46iQ00a0rSXw3U%3D
X-Request-Id
30b4a944-0b90-4e58-bdab-d6533efa3b17
X-Runtime
0.011505
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716912853&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=EOBpbF6CjiGedf3Nbq6PZGZTNGUML46iQ00a0rSXw3U%3D"}]}
Content-Type
text/html; charset=utf-8
Location
https://caratsandcake-payments-production.s3.amazonaws.com/e9pts97g812j2xj9ljjwoomw38w8?response-content-disposition=inline%3B%20filename%3D%22marriott-dallas-allen-hotel-and-convention-center-logo-235742-1674148367.png%22%3B%20filename%2A%3DUTF-8%27%27marriott-dallas-allen-hotel-and-convention-center-logo-235742-1674148367.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA6DPMNVZNLASBPG75%2F20240528%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240528T161413Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=2d54f780b8adbe6e0cb5a5d4e2586b22f26342cb24ff59c3cc8d75dd30566d17
Cache-Control
max-age=300, private
truncated
/ 		868 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
61af8e55e26fb4821bfdb36aa2ac27dda0b5db20d0762a6d5953de0d9de14e9e

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
ps61bquohlbhjgegfzpog9p65evv
caratsandcake-payments-production.s3.amazonaws.com/
Redirect Chain
  • https://app.roh.co/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBaU1LIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--2ac4bbd66470e1e39d750a05138562b57f853aae/marriott-dallas-all...
  • https://caratsandcake-payments-production.s3.amazonaws.com/ps61bquohlbhjgegfzpog9p65evv?response-content-disposition=inline%3B%20filename%3D%22marriott-dallas-allen-hotel-and-convention-center-05.j...
185 KB
185 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://caratsandcake-payments-production.s3.amazonaws.com/ps61bquohlbhjgegfzpog9p65evv?response-content-disposition=inline%3B%20filename%3D%22marriott-dallas-allen-hotel-and-convention-center-05.jpg%22%3B%20filename%2A%3DUTF-8%27%27marriott-dallas-allen-hotel-and-convention-center-05.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA6DPMNVZNLASBPG75%2F20240528%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240528T161413Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=25fe23d72cb1a17031d628fc9110f25a7b2a6400e1161a3718d17ed7bb67a671
Requested by
Host: app.roh.co
URL: https://app.roh.co/card_on_file_requests/0TbZbye
Protocol
HTTP/1.1
Server
3.5.29.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
c6d1c9497029201f14b51c6c836a8252733bd9a6e5e16f6f3ef088d585ec45da

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://app.roh.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Date
Tue, 28 May 2024 16:14:14 GMT
Last-Modified
Wed, 25 Jan 2023 18:07:22 GMT
Server
AmazonS3
x-amz-request-id
4RJZXAWFN6D78018
ETag
"77d3d2b000a73ba98c092a0500f2d7ba"
x-amz-server-side-encryption
AES256
Content-Type
image/jpeg
Content-Disposition
inline; filename="marriott-dallas-allen-hotel-and-convention-center-05.jpg"; filename*=UTF-8''marriott-dallas-allen-hotel-and-convention-center-05.jpg
Accept-Ranges
bytes
Content-Length
189337
x-amz-id-2
9pgPqLqjiQbsvXTb2Z1p/qr4srzBsSonUAK04gRA59mcJ0NoxW9AAqjYobmhLS6QW+GOFmbeqPanAfF6CaI79AJeB7LtuHi7UQA14x57+xM=

Redirect headers

Date
Tue, 28 May 2024 16:14:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Permitted-Cross-Domain-Policies
none
Via
1.1 vegur
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
0
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716912853&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=EOBpbF6CjiGedf3Nbq6PZGZTNGUML46iQ00a0rSXw3U%3D
X-Request-Id
8ace5d87-48df-4a49-9855-a19b43159f72
X-Runtime
0.010612
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716912853&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=EOBpbF6CjiGedf3Nbq6PZGZTNGUML46iQ00a0rSXw3U%3D"}]}
Content-Type
text/html; charset=utf-8
Location
https://caratsandcake-payments-production.s3.amazonaws.com/ps61bquohlbhjgegfzpog9p65evv?response-content-disposition=inline%3B%20filename%3D%22marriott-dallas-allen-hotel-and-convention-center-05.jpg%22%3B%20filename%2A%3DUTF-8%27%27marriott-dallas-allen-hotel-and-convention-center-05.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA6DPMNVZNLASBPG75%2F20240528%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240528T161413Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=25fe23d72cb1a17031d628fc9110f25a7b2a6400e1161a3718d17ed7bb67a671
Cache-Control
max-age=300, private
truncated
/ 		183 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d8c89b0459ec4d6069037002ff5d824395ff37dbf866bc4298fce22d336b182a

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
l
use.typekit.net/af/23e139/00000000000000007735e605/30/ 		30 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/23e139/00000000000000007735e605/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ejj7pyc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
38e9ade7cb9f7a31a4525f2a70c4bdd2529340926202641bbbda8d655df8c0c3

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://use.typekit.net/ejj7pyc.css
Origin
https://app.roh.co
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 16:14:13 GMT
server
nginx
etag
"a21f48c40e7bf9dfada3e63deed3f84d0cf8b79b"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
30440
l
use.typekit.net/af/2555e1/00000000000000007735e603/30/ 		30 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/2555e1/00000000000000007735e603/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ejj7pyc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
a33128c94dd3c425bc3f4a9ba389a1f3d7a75233e8cb788ea80f8f43a3d68423

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://use.typekit.net/ejj7pyc.css
Origin
https://app.roh.co
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 16:14:13 GMT
server
nginx
etag
"09d1a94c81035c62708e0a513ee76d7886d15a25"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
30704
l
use.typekit.net/af/efe4a5/00000000000000007735e609/30/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/efe4a5/00000000000000007735e609/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ejj7pyc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
c4d04d2b6a041dde11c80d8332f983a58c1031c663ab4f42230899cb82adf4a7

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://use.typekit.net/ejj7pyc.css
Origin
https://app.roh.co
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 16:14:13 GMT
server
nginx
etag
"6aeae62b893768150f3460329dc461358e8ab2f5"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
29820
l
use.typekit.net/af/78aca8/00000000000000007735e60d/30/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/78aca8/00000000000000007735e60d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ejj7pyc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
b07871da02311868c31ab6ac5a4e78cc877f118acd854857f6f51519f3ddbbc9

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://use.typekit.net/ejj7pyc.css
Origin
https://app.roh.co
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 16:14:13 GMT
server
nginx
etag
"1d1aed9a298449b26ef6d57c78caa88b6b5de306"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
29764
1f1fa-1f1f8.svg
cdnjs.cloudflare.com/ajax/libs/twemoji/14.0.2/svg/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnjs.cloudflare.com/ajax/libs/twemoji/14.0.2/svg/1f1fa-1f1f8.svg
Requested by
Host: app.roh.co
URL: https://app.roh.co/card_on_file_requests/0TbZbye
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1feca2279a6e78133bf577b99e4f3e82896622c255d29017cec5f5cfa93e4d16
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 16:14:13 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
297324
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
672
last-modified
Sun, 07 Jan 2024 03:51:20 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"659a11a8-2a0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SH847nvJ3xw8VxYMr7GzECxhiJyHnLt4sZQzYlvXFVEvUC%2BZWgTzgL1UHveuVh1E%2BkvGyL3Rs6k0CzFacbBEWkX%2BSSu3ZwWhnLntDOf8rB4furGfLIc95hv65i4AFyAOC126D5c3"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
88af8954387e3654-FRA
expires
Sun, 18 May 2025 16:14:13 GMT
vgs
vgs-collect-keeper.apps.verygood.systems/ 		0
103 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vgs-collect-keeper.apps.verygood.systems/vgs
Requested by
Host: app-assets.roh.co
URL: https://app-assets.roh.co/vite/assets/ErrorAlert-DUlT74Kj.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.23.143.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-23-143-2.compute-1.amazonaws.com
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Accept
application/json, text/plain, */*
Referer
https://app.roh.co/
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
https://app.roh.co
date
Tue, 28 May 2024 16:14:13 GMT
x-powered-by
Express
content-length
0
vary
Origin
vgs-collect.js
js.verygoodvault.com/vgs-collect/2.11.0/ 		126 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.verygoodvault.com/vgs-collect/2.11.0/vgs-collect.js?sessionId=5ba264e5-433d-49ae-a242-b7dfdb6c0eba&tenantId=tntl3bw5ai4&env=live
Requested by
Host: app-assets.roh.co
URL: https://app-assets.roh.co/vite/assets/ErrorAlert-DUlT74Kj.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-68.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
da30234ea9ad1a9befb564ff8469578339fbc2875048a81446cd1949d4b33cb6

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
eqiLnYqnaqZNPhUnWTNM708tqIpEvW.4
Content-Encoding
gzip
Via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
Date
Tue, 28 May 2024 16:14:14 GMT
X-Amz-Cf-Pop
MUC50-P1
Transfer-Encoding
chunked
X-Cache
RefreshHit from cloudfront
Connection
keep-alive
Last-Modified
Tue, 05 Oct 2021 19:30:50 GMT
Server
AmazonS3
ETag
W/"ce73530084200aa4f3ac667ac25f249d"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=60
X-Amz-Cf-Id
brS-I8V-rU3tNDnlnMz49RpzZ3TjF8uk382pVSNhE3WKhU0O0Pahjg==
resource_viewed
app.roh.co/api/ 		0
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://app.roh.co/api/resource_viewed
Requested by
Host: app-assets.roh.co
URL: https://app-assets.roh.co/vite/assets/core-DGNXH4Cr.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
X-CSRF-Token
rytRxyiRZcLJ7rjRC_sGwqjJFHW1Ift3ao5CC3xiO1VhBgfLYtXbvWvm0Tp4oMhEwtnYb6jmVDjUt1wr-AgKvA
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
https://app.roh.co/card_on_file_requests/0TbZbye
X-Requesting-Page
/card_on_file_requests/0TbZbye

Response headers

Date
Tue, 28 May 2024 16:14:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Permitted-Cross-Domain-Policies
none
Via
1.1 vegur
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
0
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716912853&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=EOBpbF6CjiGedf3Nbq6PZGZTNGUML46iQ00a0rSXw3U%3D
X-Request-Id
b2e361ea-b0f6-4d19-9821-be37547f59a0
X-Runtime
0.033567
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716912853&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=EOBpbF6CjiGedf3Nbq6PZGZTNGUML46iQ00a0rSXw3U%3D"}]}
Content-Type
application/json
Cache-Control
no-cache
controller-with-preconnect-d8116917e538365624b3d01df72b4701.html
js.stripe.com/v3/ Frame 9ED8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-with-preconnect-d8116917e538365624b3d01df72b4701.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-44.muc50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://app.roh.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
24
cache-control
max-age=60, stale-while-revalidate=900
content-length
391
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Tue, 28 May 2024 16:13:56 GMT
etag
"d8116917e538365624b3d01df72b4701"
last-modified
Fri, 24 May 2024 23:49:05 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 d45f06116647d4cd21c9ad69cb1b14fc.cloudfront.net (CloudFront)
x-amz-cf-id
-MWLcUkGIRhaljNtpAXH3I5kR7TsOG2I21thq4inQHA73_bn0UYOKQ==
x-amz-cf-pop
MUC50-P3
x-cache
Hit from cloudfront
x-content-type-options
nosniff
vgs
vgs-collect-keeper.apps.verygood.systems/ 		0
102 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vgs-collect-keeper.apps.verygood.systems/vgs
Requested by
Host: app-assets.roh.co
URL: https://app-assets.roh.co/vite/assets/ErrorAlert-DUlT74Kj.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.23.143.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-23-143-2.compute-1.amazonaws.com
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Accept
application/json, text/plain, */*
Referer
https://app.roh.co/
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
https://app.roh.co
date
Tue, 28 May 2024 16:14:13 GMT
x-powered-by
Express
content-length
0
vary
Origin
index.html
js.verygoodvault.com/vgs-collect/2.11.0/lib/ Frame 9D04 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.verygoodvault.com/vgs-collect/2.11.0/lib/index.html
Requested by
Host: js.verygoodvault.com
URL: https://js.verygoodvault.com/vgs-collect/2.11.0/vgs-collect.js?sessionId=5ba264e5-433d-49ae-a242-b7dfdb6c0eba&tenantId=tntl3bw5ai4&env=live
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-51.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://app.roh.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
max-age=60
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 28 May 2024 16:14:14 GMT
ETag
W/"84ace67752e6022a8713a717ae1ddca6"
Last-Modified
Tue, 05 Oct 2021 19:30:52 GMT
Server
AmazonS3
Transfer-Encoding
chunked
Vary
Accept-Encoding
Via
1.1 1bf129b8787cf2e96d3bce725554e4d4.cloudfront.net (CloudFront), 1.1 878a01abbb158ab50d28bd4e882dc33a.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Ksz3UzdDJoeF_3vo9cpqcT2r04_K0rXhOQj1XGARkPyYV38v36iEeg==
X-Amz-Cf-Pop
FRA2-C2 MUC50-P1
X-Cache
RefreshHit from cloudfront
x-amz-version-id
Du.23U8WZIlJglDImW2AxPzxGY2VbO2i
index.html
js.verygoodvault.com/vgs-collect/2.11.0/lib/ Frame 9E2B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.verygoodvault.com/vgs-collect/2.11.0/lib/index.html
Requested by
Host: js.verygoodvault.com
URL: https://js.verygoodvault.com/vgs-collect/2.11.0/vgs-collect.js?sessionId=5ba264e5-433d-49ae-a242-b7dfdb6c0eba&tenantId=tntl3bw5ai4&env=live
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-51.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://app.roh.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
max-age=60
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 28 May 2024 16:14:14 GMT
ETag
W/"84ace67752e6022a8713a717ae1ddca6"
Last-Modified
Tue, 05 Oct 2021 19:30:52 GMT
Server
AmazonS3
Vary
Accept-Encoding
Via
1.1 1bf129b8787cf2e96d3bce725554e4d4.cloudfront.net (CloudFront), 1.1 878a01abbb158ab50d28bd4e882dc33a.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Ksz3UzdDJoeF_3vo9cpqcT2r04_K0rXhOQj1XGARkPyYV38v36iEeg==
X-Amz-Cf-Pop
FRA2-C2 MUC50-P1
X-Cache
RefreshHit from cloudfront
x-amz-version-id
Du.23U8WZIlJglDImW2AxPzxGY2VbO2i
index.html
js.verygoodvault.com/vgs-collect/2.11.0/lib/ Frame 917B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.verygoodvault.com/vgs-collect/2.11.0/lib/index.html
Requested by
Host: js.verygoodvault.com
URL: https://js.verygoodvault.com/vgs-collect/2.11.0/vgs-collect.js?sessionId=5ba264e5-433d-49ae-a242-b7dfdb6c0eba&tenantId=tntl3bw5ai4&env=live
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-51.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://app.roh.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
max-age=60
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 28 May 2024 16:14:14 GMT
ETag
W/"84ace67752e6022a8713a717ae1ddca6"
Last-Modified
Tue, 05 Oct 2021 19:30:52 GMT
Server
AmazonS3
Vary
Accept-Encoding
Via
1.1 1bf129b8787cf2e96d3bce725554e4d4.cloudfront.net (CloudFront), 1.1 878a01abbb158ab50d28bd4e882dc33a.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Ksz3UzdDJoeF_3vo9cpqcT2r04_K0rXhOQj1XGARkPyYV38v36iEeg==
X-Amz-Cf-Pop
FRA2-C2 MUC50-P1
X-Cache
RefreshHit from cloudfront
x-amz-version-id
Du.23U8WZIlJglDImW2AxPzxGY2VbO2i
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame F102 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-44.muc50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://app.roh.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
2151
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Tue, 28 May 2024 15:38:23 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Fri, 24 May 2024 23:49:19 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 d45f06116647d4cd21c9ad69cb1b14fc.cloudfront.net (CloudFront)
x-amz-cf-id
L3PA4pawIOqHj2qJsLugbXE_S_gBagkEB20_WB4nZOkPG1tA_1Bc7g==
x-amz-cf-pop
MUC50-P3
x-cache
Hit from cloudfront
x-content-type-options
nosniff
favicon-32x32.png
app.roh.co/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://app.roh.co/favicon-32x32.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
c62839dac6b189d307c4a6f3c7f7a42a6b48aeb563b499e3742dcbb4ff010672
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://app.roh.co/card_on_file_requests/0TbZbye
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 28 May 2024 16:14:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server
Cowboy
Last-Modified
Thu, 23 May 2024 19:49:58 GMT
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1716912854&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=Ro1J%2F9fMm7sULacCIWlEGPMBplviO1n9NwtKT1oDbVI%3D"}]}
Content-Type
image/png
Connection
keep-alive
Content-Length
1317
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1716912854&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=Ro1J%2F9fMm7sULacCIWlEGPMBplviO1n9NwtKT1oDbVI%3D

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 string| revision string| environment string| appsignalKey string| sPublishableKey string| roh string| env string| publishableKey object| vgs object| installmentEligibility object| __framePainter object| webpackChunkStripeJSouter function| noop function| Stripe object| VgForm object| SecureForm object| VGSCollect

4 Cookies

Domain/Path Name / Value
app.roh.co/ Name: _carats_and_cake_payments_session
Value: %2F8StRlAvgnMczkgyet6g2WQ7u%2BoX3dsFS9K44XX0PIx9hMrPIEnfCmsPCfu%2FdkiHri9o32kQRvFREs8M9wqPZwvMC3kyugX4b5QKOCHoPJySgU3msSx1wxzuJGwF3lQc7f5MlkJ7Ywh7SghLeNGURrHx3Ohgd1qZakKd4vLpjFyE7Z%2B6lBtiKT9ZTdWiaHC3PKwrVnh9OD4LrS06uqjfvBjI4aaQhuhtCBejGYd5j1O91K8qsHHZwiF3ns1SieSiRI3gL1mVDZ4Ro6uSLHibqbhJVkCLzNzgPdLYr3JRqsm5b8jP8hxb3FM%3D--SmJtNwmEwc1Or9WS--UbZf%2FvbW1x6eVlv7dKgjtw%3D%3D
m.stripe.com/ Name: m
Value: 8e83b247-cf7d-4d15-abb4-7bd3e90b6fcb68ce18
.app.roh.co/ Name: __stripe_mid
Value: 3f469a20-8918-4347-8f1c-28cc54fe793c7a7a5d
.app.roh.co/ Name: __stripe_sid
Value: 37a578f3-8824-4ac5-ac3c-e59173d451d36ec946

1 Console Messages

Source Level URL
Text
other warning URL: https://app.roh.co/card_on_file_requests/0TbZbye
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app-assets.roh.co
app.roh.co
caratsandcake-payments-production.s3.amazonaws.com
cdnjs.cloudflare.com
js.stripe.com
js.verygoodvault.com
p.typekit.net
use.typekit.net
vgs-collect-keeper.apps.verygood.systems
104.17.25.14
151.101.192.176
18.173.154.44
18.66.192.51
18.66.192.68
23.23.143.2
2600:9000:20ae:a800:0:8cd5:a000:93a1
2a02:26f0:3500:16::215:148f
2a02:26f0:3500:16::215:1495
3.5.29.191
54.237.133.81
062719b100219061c8a11fff201d9a98f3794ab45bddf1c1f2d16c9ea440c279
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1feca2279a6e78133bf577b99e4f3e82896622c255d29017cec5f5cfa93e4d16
241dc6e1a4c6caae0aa3e27e8dc0547247982d28965fd05ec2d719cedf923d5d
29443167208f8300e82d1ab114c9228fed0f8edf048aa9afd0d652faa8cfead6
2efd28cb67059241c47b80982dcdabd9cc6a80b35da76fa7b30992e19ddcf422
38e9ade7cb9f7a31a4525f2a70c4bdd2529340926202641bbbda8d655df8c0c3
3cb8e147b2985077a5ec4d97f07443e72721f23c8ecf542ce987e8e83a22951f
3d6dc145f3d3178bc3c2a6e6fea64d20e6cb83f466ea823d42532cf91c70031f
489606e709663a8f941c753f0c8660d1441051abbf88360f185035603672feef
61af8e55e26fb4821bfdb36aa2ac27dda0b5db20d0762a6d5953de0d9de14e9e
69686b09bf234c13b63bc8249bc561644d2cbbbd8080f1d9ec4c2acb7dd5ee63
6ad74417beb778d1b32d1afcb95f6612266dc866f550a850d178a1592fa0d4c6
762ced306cda8041c096b8d1336eec7e3b61992fd861844d2232f197acb0496f
80b82acfeb87bf2cb6a47b0aa48e078951b8a2616fe5059cec7bc46dd650621d
824b5499f47b62bdd4f92c7d2c2846f2f22952e23d075a2e16a34b4f5f9ea70b
a33128c94dd3c425bc3f4a9ba389a1f3d7a75233e8cb788ea80f8f43a3d68423
a8b5d7ed79544663a6bf99c36ba958369c68c5f8889c0f48fee8a9bf56725dc6
a94e7220fbe1d9eb34b78c73ea3bf0f57cf4cbbdfef62e416ac8d312807d882d
b07871da02311868c31ab6ac5a4e78cc877f118acd854857f6f51519f3ddbbc9
b5a190c639e402522c94909c06dcacad42164e0194a647eee20efb6f24dcc69f
c4d04d2b6a041dde11c80d8332f983a58c1031c663ab4f42230899cb82adf4a7
c62839dac6b189d307c4a6f3c7f7a42a6b48aeb563b499e3742dcbb4ff010672
c6d1c9497029201f14b51c6c836a8252733bd9a6e5e16f6f3ef088d585ec45da
cad8ce6c71a359164d6529f5537f5d183a289634c6e0b249cf6dc91f75b6e9cc
cb5c3e3dc5d4ebfcb2b944c621877d36fc6dbe2855b2bc8a1509749319e47b7a
cdf654bf3c9c2d182fcacaf3a266f1f5911e2533840d83fb9dd20200d8f8f998
d8c89b0459ec4d6069037002ff5d824395ff37dbf866bc4298fce22d336b182a
da30234ea9ad1a9befb564ff8469578339fbc2875048a81446cd1949d4b33cb6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee8ee0629c5a76c133120e342252f5fefebdaf3a842e0c5bce1f798cac4f0c62
fbd3eb7ea415899742a91ac81602b09e437b0e9fb98f03e0c93ffca02f4b502b