googlepay.wena.jp Open in urlscan Pro
18.65.202.120  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response googlepay.wena.jp/	499 B 846 B	110ms 56ms	Document text/html	18.65.202.120 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://googlepay.wena.jp/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.65.202.120 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-65-202-120.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash 1bb4a5a3884f746d2bba10461ea7dcc9db9b36067ebc4b6a1adbe6317e5c709d Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers accept-ranges bytes content-length 499 content-type text/html date Tue, 21 Feb 2023 21:57:19 GMT etag "e51ee5424a0d027515eba6c9e5ebb959" last-modified Mon, 19 Dec 2022 03:17:39 GMT server AmazonS3 via 1.1 9d4586c3d96c296deb0177ba3471c4a4.cloudfront.net (CloudFront) x-amz-cf-id Y9W7c1x6FSBK1_DEZmpk2fpVRk4mgPEBODDiq4ptQCHQP_JsIc7ZOw== x-amz-cf-pop NRT57-P3 x-amz-server-side-encryption AES256 x-cache Miss from cloudfront
GET H2	200	app.css googlepay.wena.jp/resources/styles/	5 KB 5 KB	6ms 3ms	Stylesheet text/css	18.65.202.120 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://googlepay.wena.jp/resources/styles/app.css Requested by Host: googlepay.wena.jp URL: https://googlepay.wena.jp/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.65.202.120 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-65-202-120.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash c16abe7b9dd26a7fa96b39cf7e98d125c071c13aab2fbea77d1523130e351ab8 Request headers accept-language jp-JP,jp;q=0.9 Referer https://googlepay.wena.jp/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 02:18:14 GMT via 1.1 9d4586c3d96c296deb0177ba3471c4a4.cloudfront.net (CloudFront) last-modified Mon, 19 Dec 2022 03:17:39 GMT server AmazonS3 x-amz-cf-pop NRT57-P3 age 70745 etag "5ad1a1aa7a11e856040390d9c0b56251" x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-type text/css accept-ranges bytes content-length 4697 x-amz-cf-id aj-cSQoPD3Ccm4I2pWrwruZObFAJh0L52bw5sh-evgYeygajNt-VfQ==
GET H2	200	pay.js Show response pay.google.com/gp/p/js/	115 KB 35 KB	143ms 53ms	Script application/javascript	2404:6800:4008:c03::5c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pay.google.com/gp/p/js/pay.js Requested by Host: googlepay.wena.jp URL: https://googlepay.wena.jp/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4008:c03::5c Taipei, Taiwan, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash d7b2d6dd1c24b5bd614315b2e80b2ae979a07cf08fecae4139393e420fe48659 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-f5x8iZeTTrQCVmd4-tBaWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://googlepay.wena.jp/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 21:57:19 GMT strict-transport-security max-age=31536000 content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-f5x8iZeTTrQCVmd4-tBaWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport x-content-type-options nosniff p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version cross-origin-opener-policy same-origin; report-to="InstantbuyFrontendHttp" server ESF vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site report-to {"group":"InstantbuyFrontendHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendHttp/external"}]} content-type application/javascript; charset=utf-8 x-frame-options SAMEORIGIN cache-control private, max-age=600 permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=* expires Tue, 21 Feb 2023 21:57:19 GMT
GET H2	200	bundle.js Show response googlepay.wena.jp/	8 KB 8 KB	6ms 5ms	Script application/javascript	18.65.202.120 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://googlepay.wena.jp/bundle.js Requested by Host: googlepay.wena.jp URL: https://googlepay.wena.jp/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.65.202.120 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-65-202-120.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash 4530d82fb0fec094aaf28e246eb244c3750ae21eee20a108dc95e9fb3469b617 Request headers Referer https://googlepay.wena.jp/ Origin https://googlepay.wena.jp accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 09:41:23 GMT via 1.1 9d4586c3d96c296deb0177ba3471c4a4.cloudfront.net (CloudFront) last-modified Mon, 19 Dec 2022 03:17:39 GMT server AmazonS3 x-amz-cf-pop NRT57-P3 age 44155 etag "10ada9ac1e699fa604d32d38412a8a64" x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-type application/javascript accept-ranges bytes content-length 7714 x-amz-cf-id TP8wtBVeG0JBb33YLXUnM3R9l0iq9DJx_mF8vYWNV66_kbIT_pT96w==
GET H2	200	payframe Show response pay.google.com/gp/p/ui/ Frame A75F	18 KB 8 KB	257ms 256ms	Document text/html	2404:6800:4008:c03::5c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fgooglepay.wena.jp&mid= Requested by Host: pay.google.com URL: https://pay.google.com/gp/p/js/pay.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4008:c03::5c Taipei, Taiwan, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 804ce6dabb64999214410940249b8d6e70a71a976954dd1adb67c07e5dc22404 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-6heHIuoUhS1F60SxoCFQOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googlepay.wena.jp/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=3600 content-encoding gzip content-security-policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-6heHIuoUhS1F60SxoCFQOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist content-type text/html; charset=utf-8 cross-origin-opener-policy same-origin; report-to="InstantbuyFrontendBuyflowPayframeUi" cross-origin-resource-policy same-site date Tue, 21 Feb 2023 21:57:19 GMT expires Tue, 21 Feb 2023 21:57:19 GMT permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=* report-to {"group":"InstantbuyFrontendBuyflowPayframeUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayframeUi/external"}]} server ESF strict-transport-security max-age=31536000 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site x-content-type-options nosniff x-ua-compatible IE=edge x-xss-protection 0
POST H3	404	cspreport pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame A75F	2 KB 2 KB	138ms 137ms	Other text/html	2404:6800:4008:c03::5c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport Requested by Host: googlepay.wena.jp URL: https://googlepay.wena.jp/ Protocol H3 Security QUIC, , AES_128_GCM Server 2404:6800:4008:c03::5c Taipei, Taiwan, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101 Request headers Referer https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fgooglepay.wena.jp&mid= accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Content-Type application/csp-report Response headers date Tue, 21 Feb 2023 21:57:19 GMT referrer-policy no-referrer alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1608 content-type text/html; charset=UTF-8
GET H2	200	m=_b,_tp,_r Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/am=mAFA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfr... Frame A75F	155 KB 55 KB	48ms 2ms	Script text/javascript	2404:6800:4004:822::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/am=mAFA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhs1MarIOMnnXZdlmaDmcGEmlX9bg/m=_b,_tp,_r Requested by Host: pay.google.com URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fgooglepay.wena.jp&mid= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:822::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cf72013b2404d37f8a4284d8a44f926e2cecaaf506f690fec5cc17118271944b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 20:03:41 GMT content-encoding gzip x-content-type-options nosniff age 6818 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 55844 x-xss-protection 0 last-modified Sat, 18 Feb 2023 04:23:44 GMT server sffe cross-origin-opener-policy same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes expires Wed, 21 Feb 2024 20:03:41 GMT
GET H2	200	m=IZT63,ZyYHPb,ws9Tlc,vfuNJf,PrPYRd,hc6Ubd,Das5Le Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.G4S... Frame A75F	69 KB 26 KB	3ms 2ms	Script text/javascript	2404:6800:4004:822::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.G4S1w8cg4zM.L.B1.O/am=mAFA/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrjEnLLXLpXzNv5AheMJaUcBDQTTXw/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;JsbNhc:Xd8iUd;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=IZT63,ZyYHPb,ws9Tlc,vfuNJf,PrPYRd,hc6Ubd,Das5Le Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/am=mAFA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhs1MarIOMnnXZdlmaDmcGEmlX9bg/m=_b,_tp,_r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:822::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 2057be74fd1fb2d44799c1132513a3f3a60f3e5cc80fbf5cce5f45446f7b76f0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 20:03:42 GMT content-encoding gzip x-content-type-options nosniff age 6817 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 26133 x-xss-protection 0 last-modified Tue, 14 Feb 2023 13:27:25 GMT server sffe cross-origin-opener-policy same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes expires Wed, 21 Feb 2024 20:03:42 GMT
GET H3	200	pay Show response pay.google.com/gp/p/ui/ Frame A75F	1 MB 378 KB	64ms 64ms	XHR text/html	2404:6800:4008:c03::5c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pay.google.com/gp/p/ui/pay Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/am=mAFA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhs1MarIOMnnXZdlmaDmcGEmlX9bg/m=_b,_tp,_r Protocol H3 Security QUIC, , AES_128_GCM Server 2404:6800:4008:c03::5c Taipei, Taiwan, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 86033ff649187b7388f44dc3bb6f2dfcd6274d204390e71190f6aa2de5c0284a Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-weGTPiioTO8T5DI4hv3Q4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 21:57:19 GMT strict-transport-security max-age=31536000 content-encoding gzip content-security-policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-weGTPiioTO8T5DI4hv3Q4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist x-content-type-options nosniff cross-origin-resource-policy same-site alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 x-ua-compatible IE=edge accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version cross-origin-opener-policy unsafe-none; report-to="InstantbuyFrontendBuyflowPayUi" server ESF x-frame-options DENY vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site content-type text/html; charset=utf-8 report-to {"group":"InstantbuyFrontendBuyflowPayUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayUi/external"}]} cache-control private, max-age=3600 permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=* expires Tue, 21 Feb 2023 21:57:19 GMT
GET H2	200	input.html Show response googlepay.wena.jp/views/pages/	929 B 1 KB	3ms 3ms	Fetch text/html	18.65.202.120 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://googlepay.wena.jp/views/pages/input.html Requested by Host: googlepay.wena.jp URL: https://googlepay.wena.jp/bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.65.202.120 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-65-202-120.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash b553f394ed8f06fe253ac7e0a3471eca7c58714bf7b744d588f746313ff10e7e Request headers accept-language jp-JP,jp;q=0.9 Referer https://googlepay.wena.jp/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 12:25:46 GMT via 1.1 9d4586c3d96c296deb0177ba3471c4a4.cloudfront.net (CloudFront) last-modified Mon, 19 Dec 2022 03:17:39 GMT server AmazonS3 x-amz-cf-pop NRT57-P3 age 34294 etag "809a8dbfe8ae671e5d048c02b8b79857" x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-type text/html accept-ranges bytes content-length 929 x-amz-cf-id zOuqSrSnbTavn07kTS0GYsyzcXIWmppbXFP2Eojjm5R40aNybJUJUQ==
GET H2	200	m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.G4S... Frame A75F	23 KB 9 KB	3ms 2ms	Script text/javascript	2404:6800:4004:822::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.G4S1w8cg4zM.L.B1.O/am=mAFA/d=1/exm=Das5Le,IZT63,PrPYRd,ZyYHPb,_b,_r,_tp,hc6Ubd,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrjEnLLXLpXzNv5AheMJaUcBDQTTXw/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;JsbNhc:Xd8iUd;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/am=mAFA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhs1MarIOMnnXZdlmaDmcGEmlX9bg/m=_b,_tp,_r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:822::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8bf4111c78b25c00e913b687d80fbe2c009e5e8b448b840b3660e4bf8debff52 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 20:03:43 GMT content-encoding gzip x-content-type-options nosniff age 6816 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 9253 x-xss-protection 0 last-modified Tue, 14 Feb 2023 13:27:25 GMT server sffe cross-origin-opener-policy same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes expires Wed, 21 Feb 2024 20:03:43 GMT
GET H2	200	m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.G4S... Frame A75F	35 KB 13 KB	3ms 3ms	Script text/javascript	2404:6800:4004:822::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.G4S1w8cg4zM.L.B1.O/am=mAFA/d=1/exm=Das5Le,FCpbqb,IZT63,PrPYRd,WhJNk,Wt6vjf,ZyYHPb,_b,_r,_tp,hc6Ubd,hhhU8,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrjEnLLXLpXzNv5AheMJaUcBDQTTXw/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;JsbNhc:Xd8iUd;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/am=mAFA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhs1MarIOMnnXZdlmaDmcGEmlX9bg/m=_b,_tp,_r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:822::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 26660eca3449dea0bcf04c3d4a1a278316e600b1c07d0adaf20cfa3ec1fbfec8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 20:03:43 GMT content-encoding gzip x-content-type-options nosniff age 6816 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13393 x-xss-protection 0 last-modified Tue, 14 Feb 2023 13:27:25 GMT server sffe cross-origin-opener-policy same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes expires Wed, 21 Feb 2024 20:03:43 GMT
POST H2	200	log Show response play.google.com/ Frame A75F	131 B 196 B	56ms 52ms	XHR text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/am=mAFA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhs1MarIOMnnXZdlmaDmcGEmlX9bg/m=_b,_tp,_r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://pay.google.com/ X-Goog-AuthUser 0 accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Tue, 21 Feb 2023 21:57:19 GMT content-encoding gzip server Playlog x-frame-options SAMEORIGIN content-type text/plain; charset=UTF-8 access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers X-Playlog-Web content-length 131 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
OPTIONS H2	200	log play.google.com/ Frame	0 0	88ms 38ms	Preflight text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers x-goog-authuser Access-Control-Request-Method POST Origin https://pay.google.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://pay.google.com access-control-max-age 86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 content-type text/plain; charset=UTF-8 date Tue, 21 Feb 2023 21:57:19 GMT server Playlog x-frame-options SAMEORIGIN x-xss-protection 0
POST H2	200	log Show response play.google.com/ Frame A75F	131 B 196 B	57ms 56ms	XHR text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/am=mAFA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhs1MarIOMnnXZdlmaDmcGEmlX9bg/m=_b,_tp,_r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://pay.google.com/ X-Goog-AuthUser 0 accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Tue, 21 Feb 2023 21:57:19 GMT content-encoding gzip server Playlog x-frame-options SAMEORIGIN content-type text/plain; charset=UTF-8 access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers X-Playlog-Web content-length 131 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
OPTIONS H2	200	log play.google.com/ Frame	0 0	88ms 40ms	Preflight text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers x-goog-authuser Access-Control-Request-Method POST Origin https://pay.google.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://pay.google.com access-control-max-age 86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 content-type text/plain; charset=UTF-8 date Tue, 21 Feb 2023 21:57:19 GMT server Playlog x-frame-options SAMEORIGIN x-xss-protection 0
POST H2	200	log Show response play.google.com/ Frame A75F	131 B 196 B	58ms 53ms	XHR text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/am=mAFA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhs1MarIOMnnXZdlmaDmcGEmlX9bg/m=_b,_tp,_r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://pay.google.com/ X-Goog-AuthUser 0 accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Tue, 21 Feb 2023 21:57:19 GMT content-encoding gzip server Playlog x-frame-options SAMEORIGIN content-type text/plain; charset=UTF-8 access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers X-Playlog-Web content-length 131 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
OPTIONS H2	200	log play.google.com/ Frame	0 0	85ms 37ms	Preflight text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers x-goog-authuser Access-Control-Request-Method POST Origin https://pay.google.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://pay.google.com access-control-max-age 86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 content-type text/plain; charset=UTF-8 date Tue, 21 Feb 2023 21:57:19 GMT server Playlog x-frame-options SAMEORIGIN x-xss-protection 0
GET H2	200	suica_card.png googlepay.wena.jp/resources/images/	253 KB 254 KB	3ms 3ms	Image image/png	18.65.202.120 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://googlepay.wena.jp/resources/images/suica_card.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.65.202.120 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-65-202-120.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash 7669067e06974927dc4b4f9074e10e731f9b9894e5f9f88eb06d7796e85e085b Request headers accept-language jp-JP,jp;q=0.9 Referer https://googlepay.wena.jp/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 06:27:47 GMT via 1.1 9d4586c3d96c296deb0177ba3471c4a4.cloudfront.net (CloudFront) last-modified Mon, 19 Dec 2022 03:17:39 GMT server AmazonS3 x-amz-cf-pop NRT57-P3 age 55773 etag "fb9818c0b40f7b0d8a1400b1d6ad913d" x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-type image/png accept-ranges bytes content-length 258952 x-amz-cf-id iWdcdJs6HolnHi6J-D4Q9eXWsZG52gswNzolXUP6dv84U19RYf7qww==
GET H2	200	css fonts.googleapis.com/	4 KB 1 KB	86ms 44ms	Stylesheet text/css	2404:6800:4004:824::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Google+Sans:500 Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200a , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash f21132bac4d028dbb3c0398119b5c1dedcfe1361f8a77b35164cd5f2834f1003 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://googlepay.wena.jp/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 21 Feb 2023 21:57:19 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 21 Feb 2023 21:57:19 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 21 Feb 2023 21:57:19 GMT
GET H3	200	generate_gpay_btn_img Show response pay.google.com/gp/p/ Frame 0B2B	18 KB 7 KB	66ms 65ms	Document text/html	2404:6800:4008:c03::5c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pay.google.com/gp/p/generate_gpay_btn_img?buttonColor=black&browserLocale=en&buttonSizeMode=static&enableGpayNewButtonAsset=true Requested by Host: googlepay.wena.jp URL: https://googlepay.wena.jp/bundle.js Protocol H3 Security QUIC, , AES_128_GCM Server 2404:6800:4008:c03::5c Taipei, Taiwan, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash f14a45863e649cae7b6d4f6cf3547f83f4b5b5de6bd82e2cef539e46388fce1a Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayButtonUi/cspreport script-src 'report-sample' 'nonce-RRVNP6_sTnLIPUpkx899oA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayButtonUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayButtonUi/cspreport/allowlist Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googlepay.wena.jp/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-security-policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayButtonUi/cspreport script-src 'report-sample' 'nonce-RRVNP6_sTnLIPUpkx899oA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayButtonUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayButtonUi/cspreport/allowlist content-type text/html; charset=utf-8 cross-origin-opener-policy same-origin; report-to="InstantbuyFrontendBuyflowPayButtonUi" cross-origin-resource-policy same-site date Tue, 21 Feb 2023 21:57:19 GMT expires Mon, 01 Jan 1990 00:00:00 GMT permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=* pragma no-cache report-to {"group":"InstantbuyFrontendBuyflowPayButtonUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayButtonUi/external"}]} server ESF strict-transport-security max-age=31536000 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site x-content-type-options nosniff x-ua-compatible IE=edge x-xss-protection 0
GET H2	200	payment_white_36dp.png www.gstatic.com/images/icons/material/system/1x/	149 B 465 B	3ms 2ms	Image image/png	2404:6800:4004:822::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/images/icons/material/system/1x/payment_white_36dp.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:822::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 004d7aa90e2889f6291a71c84ac3d3e394e0cade32bd41dc214736418f769181 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://googlepay.wena.jp/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 08:07:53 GMT x-content-type-options nosniff age 481766 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 149 x-xss-protection 0 last-modified Tue, 22 Oct 2019 18:15:00 GMT server sffe vary Origin report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type image/png cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Fri, 16 Feb 2024 08:07:53 GMT
POST H2	200	log Show response play.google.com/ Frame A75F	131 B 196 B	55ms 54ms	XHR text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/am=mAFA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhs1MarIOMnnXZdlmaDmcGEmlX9bg/m=_b,_tp,_r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://pay.google.com/ X-Goog-AuthUser 0 accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Tue, 21 Feb 2023 21:57:19 GMT content-encoding gzip server Playlog x-frame-options SAMEORIGIN content-type text/plain; charset=UTF-8 access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers X-Playlog-Web content-length 131 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
OPTIONS H2	200	log play.google.com/ Frame	0 0	80ms 41ms	Preflight text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers x-goog-authuser Access-Control-Request-Method POST Origin https://pay.google.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://pay.google.com access-control-max-age 86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 content-type text/plain; charset=UTF-8 date Tue, 21 Feb 2023 21:57:19 GMT server Playlog x-frame-options SAMEORIGIN x-xss-protection 0
POST H2	200	log Show response play.google.com/ Frame A75F	131 B 196 B	60ms 57ms	XHR text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/am=mAFA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhs1MarIOMnnXZdlmaDmcGEmlX9bg/m=_b,_tp,_r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://pay.google.com/ X-Goog-AuthUser 0 accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Tue, 21 Feb 2023 21:57:19 GMT content-encoding gzip server Playlog x-frame-options SAMEORIGIN content-type text/plain; charset=UTF-8 access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers X-Playlog-Web content-length 131 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
OPTIONS H2	200	log play.google.com/ Frame	0 0	77ms 38ms	Preflight text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers x-goog-authuser Access-Control-Request-Method POST Origin https://pay.google.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://pay.google.com access-control-max-age 86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 content-type text/plain; charset=UTF-8 date Tue, 21 Feb 2023 21:57:19 GMT server Playlog x-frame-options SAMEORIGIN x-xss-protection 0
POST H2	200	log Show response play.google.com/ Frame A75F	131 B 196 B	61ms 59ms	XHR text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/am=mAFA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhs1MarIOMnnXZdlmaDmcGEmlX9bg/m=_b,_tp,_r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://pay.google.com/ X-Goog-AuthUser 0 accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Tue, 21 Feb 2023 21:57:19 GMT content-encoding gzip server Playlog x-frame-options SAMEORIGIN content-type text/plain; charset=UTF-8 access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers X-Playlog-Web content-length 131 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
OPTIONS H2	200	log play.google.com/ Frame	0 0	77ms 39ms	Preflight text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers x-goog-authuser Access-Control-Request-Method POST Origin https://pay.google.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://pay.google.com access-control-max-age 86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 content-type text/plain; charset=UTF-8 date Tue, 21 Feb 2023 21:57:19 GMT server Playlog x-frame-options SAMEORIGIN x-xss-protection 0
GET H2	200	dark_gpay.svg www.gstatic.com/instantbuy/svg/refreshedgraphicaldesign/	3 KB 1 KB	3ms 3ms	Image image/svg+xml	2404:6800:4004:822::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/instantbuy/svg/refreshedgraphicaldesign/dark_gpay.svg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:822::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 52748bf2a93074e68df196b31d1d8d51bc6b376c33435208425b0e92fb671003 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://googlepay.wena.jp/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Fri, 17 Feb 2023 13:42:22 GMT content-encoding gzip x-content-type-options nosniff age 375297 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1316 x-xss-protection 0 last-modified Mon, 05 Dec 2022 22:28:00 GMT server sffe vary Accept-Encoding report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type image/svg+xml cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Sat, 17 Feb 2024 13:42:22 GMT
POST H2	200	log Show response play.google.com/ Frame A75F	131 B 196 B	59ms 55ms	XHR text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/am=mAFA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhs1MarIOMnnXZdlmaDmcGEmlX9bg/m=_b,_tp,_r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://pay.google.com/ X-Goog-AuthUser 0 accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Tue, 21 Feb 2023 21:57:19 GMT content-encoding gzip server Playlog x-frame-options SAMEORIGIN content-type text/plain; charset=UTF-8 access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers X-Playlog-Web content-length 131 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
OPTIONS H2	200	log play.google.com/ Frame	0 0	63ms 38ms	Preflight text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers x-goog-authuser Access-Control-Request-Method POST Origin https://pay.google.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://pay.google.com access-control-max-age 86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 content-type text/plain; charset=UTF-8 date Tue, 21 Feb 2023 21:57:19 GMT server Playlog x-frame-options SAMEORIGIN x-xss-protection 0
POST H2	200	log Show response play.google.com/ Frame A75F	131 B 426 B	90ms 49ms	XHR text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.BV75oeU2pyU.es5.O/am=mAFA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrhs1MarIOMnnXZdlmaDmcGEmlX9bg/m=_b,_tp,_r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://pay.google.com/ accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Tue, 21 Feb 2023 21:57:19 GMT content-encoding gzip server Playlog x-frame-options SAMEORIGIN content-type text/plain; charset=UTF-8 access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers X-Playlog-Web content-length 131 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST H3	404	cspreport pay.google.com/_/InstantbuyFrontendBuyflowPayButtonUi/ Frame 0B2B	2 KB 2 KB	138ms 138ms	Other text/html	2404:6800:4008:c03::5c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pay.google.com/_/InstantbuyFrontendBuyflowPayButtonUi/cspreport Requested by Host: googlepay.wena.jp URL: https://googlepay.wena.jp/ Protocol H3 Security QUIC, , AES_128_GCM Server 2404:6800:4008:c03::5c Taipei, Taiwan, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash 65ff9ae6d7be23f1b0164644acc1c8af7d7daccc143c976fd133b5b19f0505ff Request headers Referer https://pay.google.com/gp/p/generate_gpay_btn_img?buttonColor=black&browserLocale=en&buttonSizeMode=static&enableGpayNewButtonAsset=true accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Content-Type application/csp-report Response headers date Tue, 21 Feb 2023 21:57:19 GMT referrer-policy no-referrer alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1609 content-type text/html; charset=UTF-8
GET H3	200	m=_b,_tp,_r Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.KXXZ8I6FXHc.es5.O/am=GAOA/d=1/excm=_b,_r,_tp,generategooglepaybuttonimage/ed=1/dg... Frame 0B2B	158 KB 56 KB	3ms 3ms	Script text/javascript	2404:6800:4004:822::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.KXXZ8I6FXHc.es5.O/am=GAOA/d=1/excm=_b,_r,_tp,generategooglepaybuttonimage/ed=1/dg=0/wt=2/rs=AMitfrign9b9jSf0S9kpwv4SIcWLQkzhdA/m=_b,_tp,_r Requested by Host: pay.google.com URL: https://pay.google.com/gp/p/generate_gpay_btn_img?buttonColor=black&browserLocale=en&buttonSizeMode=static&enableGpayNewButtonAsset=true Protocol H3 Security QUIC, , AES_128_GCM Server 2404:6800:4004:822::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ca3b2e5dec00b13c164196f559526bd9d0e96244067d2ae8e9d8dc6990750be9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 20:03:45 GMT content-encoding gzip x-content-type-options nosniff age 6814 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 57084 x-xss-protection 0 last-modified Sat, 18 Feb 2023 04:23:44 GMT server sffe cross-origin-opener-policy same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes expires Wed, 21 Feb 2024 20:03:45 GMT
GET H3	200	en.svg www.gstatic.com/instantbuy/svg/refreshedgraphicaldesign/dark/ Frame 0B2B	7 KB 3 KB	6ms 2ms	Image image/svg+xml	2404:6800:4004:822::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/instantbuy/svg/refreshedgraphicaldesign/dark/en.svg Requested by Host: pay.google.com URL: https://pay.google.com/gp/p/generate_gpay_btn_img?buttonColor=black&browserLocale=en&buttonSizeMode=static&enableGpayNewButtonAsset=true Protocol H3 Security QUIC, , AES_128_GCM Server 2404:6800:4004:822::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9082d76b600f4df01277c08169df9f9dc938fc6ed6487c97ca620de9da6ff346 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 09:38:39 GMT content-encoding gzip x-content-type-options nosniff age 476320 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2890 x-xss-protection 0 last-modified Mon, 05 Dec 2022 22:28:00 GMT server sffe vary Accept-Encoding report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type image/svg+xml cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Fri, 16 Feb 2024 09:38:39 GMT
GET H2	200	4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpyk.woff2 fonts.gstatic.com/s/googlesans/v45/	18 KB 18 KB	60ms 3ms	Font font/woff2	2404:6800:4004:822::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/googlesans/v45/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpyk.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Google+Sans:500 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:822::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash b7808dfe3bc513056303e34980c77d96066f0ebebefc3bbdae43a2be40f5836b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://googlepay.wena.jp accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 13:36:46 GMT x-content-type-options nosniff age 30033 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 18012 x-xss-protection 0 last-modified Wed, 01 Jun 2022 19:04:43 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 21 Feb 2024 13:36:46 GMT
GET H3	200	m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.KXXZ8I6FXHc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.Q... Frame 0B2B	41 KB 16 KB	3ms 2ms	Script text/javascript	2404:6800:4004:822::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.KXXZ8I6FXHc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.QXOLGDiEyMo.L.B1.O/am=GAOA/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,generategooglepaybuttonimage/ed=1/wt=2/rs=AMitfrg9akLabK1SVMB2yMMuFp6nxYNusw/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;JsbNhc:Xd8iUd;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.KXXZ8I6FXHc.es5.O/am=GAOA/d=1/excm=_b,_r,_tp,generategooglepaybuttonimage/ed=1/dg=0/wt=2/rs=AMitfrign9b9jSf0S9kpwv4SIcWLQkzhdA/m=_b,_tp,_r Protocol H3 Security QUIC, , AES_128_GCM Server 2404:6800:4004:822::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9415ff6ae2535d390406163bb31979f49c2cabceee217f11d405d282f09ef787 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 20:03:46 GMT content-encoding gzip x-content-type-options nosniff age 6813 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 16117 x-xss-protection 0 last-modified Wed, 15 Feb 2023 17:25:21 GMT server sffe cross-origin-opener-policy same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes expires Wed, 21 Feb 2024 20:03:46 GMT
GET H3	200	m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.KXXZ8I6FXHc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.Q... Frame 0B2B	34 KB 13 KB	3ms 3ms	Script text/javascript	2404:6800:4004:822::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.KXXZ8I6FXHc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.QXOLGDiEyMo.L.B1.O/am=GAOA/d=1/exm=FCpbqb,WhJNk,Wt6vjf,_b,_r,_tp,hhhU8,ws9Tlc/excm=_b,_r,_tp,generategooglepaybuttonimage/ed=1/wt=2/rs=AMitfrg9akLabK1SVMB2yMMuFp6nxYNusw/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;JsbNhc:Xd8iUd;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.KXXZ8I6FXHc.es5.O/am=GAOA/d=1/excm=_b,_r,_tp,generategooglepaybuttonimage/ed=1/dg=0/wt=2/rs=AMitfrign9b9jSf0S9kpwv4SIcWLQkzhdA/m=_b,_tp,_r Protocol H3 Security QUIC, , AES_128_GCM Server 2404:6800:4004:822::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 77686347e8bb6d83ae47e5b68939874032c7d9576957ac70206e72ff034de32b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Tue, 21 Feb 2023 20:03:46 GMT content-encoding gzip x-content-type-options nosniff age 6813 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13107 x-xss-protection 0 last-modified Wed, 15 Feb 2023 17:25:21 GMT server sffe cross-origin-opener-policy same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes expires Wed, 21 Feb 2024 20:03:46 GMT
POST H2	200	log Show response play.google.com/ Frame 0B2B	131 B 196 B	72ms 71ms	XHR text/plain	2404:6800:4004:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.KXXZ8I6FXHc.es5.O/am=GAOA/d=1/excm=_b,_r,_tp,generategooglepaybuttonimage/ed=1/dg=0/wt=2/rs=AMitfrign9b9jSf0S9kpwv4SIcWLQkzhdA/m=_b,_tp,_r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://pay.google.com/ accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Tue, 21 Feb 2023 21:57:19 GMT content-encoding gzip server Playlog x-frame-options SAMEORIGIN content-type text/plain; charset=UTF-8 access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers X-Playlog-Web content-length 131 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| credentialless object| oncontentvisibilityautostatechange object| denylistedDomainsHashedValueListForGpayButtonWithCardInfo object| whitelistedDomainsHashedValueListForGpayButtonWithCardInfo object| denylistedMerchentIdsHashedValueListForGpayButtonWithCardInfo object| google object| wena_gpw_params

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.google.com/	1970-01-20 14:13:47	Name: NID Value: 511=AWENVUp-WJzEfn6axGCxV1SKrLZMvzwJax2RHwQJ8IrfMIGHGZZMNMH7g41vSdXAxo858DZNWwvmCDl-BiAavM4j6K9M-k3hX0aWpdbcXWjtmw-T82SfhOGzpxb7jXNV9nOLXKcwGFge7EovJuQP2P-ekBb1dIrqM83zQDnTcRo

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport Message: Failed to load resource: the server responded with a status of 404 ()
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayButtonUi/cspreport Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
googlepay.wena.jp
pay.google.com
play.google.com
www.gstatic.com
18.65.202.120
2404:6800:4004:822::2003
2404:6800:4004:824::200a
2404:6800:4004:824::200e
2404:6800:4008:c03::5c
004d7aa90e2889f6291a71c84ac3d3e394e0cade32bd41dc214736418f769181
1bb4a5a3884f746d2bba10461ea7dcc9db9b36067ebc4b6a1adbe6317e5c709d
2057be74fd1fb2d44799c1132513a3f3a60f3e5cc80fbf5cce5f45446f7b76f0
26660eca3449dea0bcf04c3d4a1a278316e600b1c07d0adaf20cfa3ec1fbfec8
4530d82fb0fec094aaf28e246eb244c3750ae21eee20a108dc95e9fb3469b617
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
52748bf2a93074e68df196b31d1d8d51bc6b376c33435208425b0e92fb671003
65ff9ae6d7be23f1b0164644acc1c8af7d7daccc143c976fd133b5b19f0505ff
7669067e06974927dc4b4f9074e10e731f9b9894e5f9f88eb06d7796e85e085b
77686347e8bb6d83ae47e5b68939874032c7d9576957ac70206e72ff034de32b
804ce6dabb64999214410940249b8d6e70a71a976954dd1adb67c07e5dc22404
86033ff649187b7388f44dc3bb6f2dfcd6274d204390e71190f6aa2de5c0284a
8bf4111c78b25c00e913b687d80fbe2c009e5e8b448b840b3660e4bf8debff52
9082d76b600f4df01277c08169df9f9dc938fc6ed6487c97ca620de9da6ff346
9415ff6ae2535d390406163bb31979f49c2cabceee217f11d405d282f09ef787
b553f394ed8f06fe253ac7e0a3471eca7c58714bf7b744d588f746313ff10e7e
b7808dfe3bc513056303e34980c77d96066f0ebebefc3bbdae43a2be40f5836b
c16abe7b9dd26a7fa96b39cf7e98d125c071c13aab2fbea77d1523130e351ab8
ca3b2e5dec00b13c164196f559526bd9d0e96244067d2ae8e9d8dc6990750be9
cf72013b2404d37f8a4284d8a44f926e2cecaaf506f690fec5cc17118271944b
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101
d7b2d6dd1c24b5bd614315b2e80b2ae979a07cf08fecae4139393e420fe48659
f14a45863e649cae7b6d4f6cf3547f83f4b5b5de6bd82e2cef539e46388fce1a
f21132bac4d028dbb3c0398119b5c1dedcfe1361f8a77b35164cd5f2834f1003